U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:mandrakesoft:mandrake_linux:10.1
There are 34 matching records.
Displaying matches 21 through 34.
Vuln ID Summary CVSS Severity
CVE-2004-0934

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: January 27, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-0935

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: January 27, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-0936

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: January 27, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-1096

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-1098

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-1158

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-1171

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2004-1187

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2004-1188

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Published: January 10, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2004-0834

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

Published: December 23, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Published: December 21, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-1180

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

Published: February 16, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-1572

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Published: July 16, 1996; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW