Mandrakesoft : Security Vulnerabilities, CVEs, CVSS score between 5 and 5.99
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.
Max CVSS
5.0
EPSS Score
1.16%
Published
1994-12-19
Updated
2017-10-10
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
Max CVSS
5.0
EPSS Score
13.68%
Published
2000-07-04
Updated
2017-10-10
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
Max CVSS
5.0
EPSS Score
0.80%
Published
2000-11-14
Updated
2017-10-10
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
Max CVSS
5.0
EPSS Score
0.18%
Published
2001-03-12
Updated
2017-10-10
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
Max CVSS
5.0
EPSS Score
4.24%
Published
2001-03-12
Updated
2024-01-26
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
Max CVSS
5.0
EPSS Score
2.42%
Published
2001-07-16
Updated
2017-10-10
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
Max CVSS
5.0
EPSS Score
0.33%
Published
2001-01-12
Updated
2016-10-18
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
Max CVSS
5.5
EPSS Score
0.06%
Published
2002-12-31
Updated
2024-02-08
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
Max CVSS
5.0
EPSS Score
0.33%
Published
2004-01-05
Updated
2017-07-11
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
Max CVSS
5.0
EPSS Score
2.56%
Published
2004-12-06
Updated
2017-10-11
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
Max CVSS
5.0
EPSS Score
2.27%
Published
2004-12-06
Updated
2017-10-11
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
Max CVSS
5.0
EPSS Score
2.21%
Published
2004-12-06
Updated
2017-10-11
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
Max CVSS
5.1
EPSS Score
5.78%
Published
2004-12-31
Updated
2017-07-11
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
Max CVSS
5.0
EPSS Score
3.56%
Published
2004-09-13
Updated
2017-10-11
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Max CVSS
5.0
EPSS Score
0.88%
Published
2004-09-16
Updated
2022-09-23
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Max CVSS
5.0
EPSS Score
5.28%
Published
2005-01-27
Updated
2017-10-11
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
Max CVSS
5.0
EPSS Score
2.42%
Published
2005-03-01
Updated
2018-10-03
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Max CVSS
5.0
EPSS Score
11.02%
Published
2005-01-10
Updated
2018-10-19
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
Max CVSS
5.0
EPSS Score
1.78%
Published
2004-02-16
Updated
2018-10-30
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
Max CVSS
5.0
EPSS Score
0.48%
Published
2004-12-31
Updated
2017-07-11
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
Max CVSS
5.0
EPSS Score
5.53%
Published
2005-03-14
Updated
2018-10-19
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
Max CVSS
5.0
EPSS Score
7.91%
Published
2005-03-14
Updated
2018-10-19
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
Max CVSS
5.0
EPSS Score
7.98%
Published
2005-06-10
Updated
2018-10-19
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.
Max CVSS
5.0
EPSS Score
1.22%
Published
2005-07-26
Updated
2017-07-11
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Max CVSS
5.0
EPSS Score
1.28%
Published
2005-12-31
Updated
2018-10-19