Mandrakesoft : Security Vulnerabilities, CVEs,
xsoldier program allows local users to gain root access via a long argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-05-17
Updated
2016-10-18
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-09-23
Updated
2017-12-19
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Max CVSS
2.1
EPSS Score
0.05%
Published
1996-07-16
Updated
2017-10-19
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-01-04
Updated
2008-09-10
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-03-09
Updated
2008-09-10
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-02-28
Updated
2008-09-10
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-04-21
Updated
2008-09-10
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-05-29
Updated
2008-09-10
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.
Max CVSS
5.0
EPSS Score
1.16%
Published
1994-12-19
Updated
2017-10-10
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-07-03
Updated
2018-05-03
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
Max CVSS
5.0
EPSS Score
13.68%
Published
2000-07-04
Updated
2017-10-10
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-06-21
Updated
2008-09-10
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-06-21
Updated
2008-09-10
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-07-18
Updated
2017-10-10
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
Max CVSS
1.2
EPSS Score
0.04%
Published
2000-10-20
Updated
2008-09-05
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
Max CVSS
10.0
EPSS Score
0.48%
Published
2000-11-14
Updated
2018-10-30
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
Max CVSS
7.2
EPSS Score
0.16%
Published
2000-11-14
Updated
2018-05-03
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
Max CVSS
5.0
EPSS Score
0.80%
Published
2000-11-14
Updated
2017-10-10
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
Max CVSS
10.0
EPSS Score
1.98%
Published
2000-12-11
Updated
2017-10-10
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
Max CVSS
10.0
EPSS Score
3.88%
Published
2000-12-11
Updated
2017-10-10
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-12-11
Updated
2017-10-10
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-01-09
Updated
2017-10-10
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-01-09
Updated
2017-10-19
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
Max CVSS
5.0
EPSS Score
0.18%
Published
2001-03-12
Updated
2017-10-10
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.04%
Published
2001-03-12
Updated
2017-10-10