) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2004-2394 |
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2004-2395 |
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2004-2396 |
passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
| CVE-2004-0834 |
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. Published: December 23, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
| CVE-2003-0462 |
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 1.2 LOW |
| CVE-2003-0041 |
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. Published: February 19, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2002-1713 |
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2002-2185 |
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
| CVE-2002-0836 |
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. Published: October 28, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2002-0638 |
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. Published: August 12, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |