The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-12-11
Updated
2017-10-10
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
Max CVSS
10.0
EPSS Score
3.88%
Published
2000-12-11
Updated
2017-10-10
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
Max CVSS
10.0
EPSS Score
1.98%
Published
2000-12-11
Updated
2017-10-10
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
Max CVSS
5.0
EPSS Score
0.80%
Published
2000-11-14
Updated
2017-10-10
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
Max CVSS
7.2
EPSS Score
0.16%
Published
2000-11-14
Updated
2018-05-03
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
Max CVSS
10.0
EPSS Score
0.48%
Published
2000-11-14
Updated
2018-10-30
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
Max CVSS
1.2
EPSS Score
0.04%
Published
2000-10-20
Updated
2008-09-05
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-07-18
Updated
2017-10-10
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-06-21
Updated
2008-09-10
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-06-21
Updated
2008-09-10
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
Max CVSS
5.0
EPSS Score
13.68%
Published
2000-07-04
Updated
2017-10-10
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-07-03
Updated
2018-05-03
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-05-29
Updated
2008-09-10
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-04-21
Updated
2008-09-10
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-02-28
Updated
2008-09-10
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-03-09
Updated
2008-09-10
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-01-04
Updated
2008-09-10
xsoldier program allows local users to gain root access via a long argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-05-17
Updated
2016-10-18
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!