This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mandrakesoft First view 2004-12-21
Product Mandrake Linux Corporate Server Last view 2008-01-11
Version 3.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server

Activity : Overall

Related : CVE

  Date Alert Description
5 2008-01-11 CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

7.5 2007-02-05 CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

7.5 2005-04-27 CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

6.8 2005-04-27 CVE-2005-0085

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

7.2 2005-04-14 CVE-2005-0020

Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.

2.1 2005-04-14 CVE-2005-0003

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

6.2 2005-04-14 CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

5 2005-03-14 CVE-2005-0473

The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

5 2005-03-14 CVE-2005-0472

Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

7.5 2005-03-02 CVE-2005-0605

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

7.5 2004-12-21 CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-399 Resource Management Errors
20% (1) CWE-189 Numeric Errors
20% (1) CWE-134 Uncontrolled Format String

Open Source Vulnerability Database (OSVDB)

id Description
40194 libxml2 xmlCurrentChar Function UTF-8 Parsing DoS
33101 Samba VFS Plugin afsacl.so Format String
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
16894 Xpdf Integer Overflow Patch 64 Bit Architecture Failure
14373 libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow
13924 Gaim Malformed HTML Parsing DoS
13923 Gaim Malformed SNAC Packet Parsing DoS
13520 ht://Dig (htdig) config Parameter XSS
13049 Playmidi playmidi.c File Name Overflow
12917 Linux Kernel Elf Binary Overlapping VMA Local Privilege Escalation
12791 Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation
12556 LibTIFF STRIPOFFSETS Flag TIFFFetchStripThing() Function Overflow

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2010-02-03 Name : Solaris Update for Runtime library for Solaris 10 119281-22
File : nvt/gb_solaris_119281_22.nasl
2010-02-03 Name : Solaris Update for CDE 1.6 119280-22
File : nvt/gb_solaris_119280_22.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for libxml2
File : nvt/sles9p5020669.nasl
2009-10-10 Name : SLES9: Security update for htdig
File : nvt/sles9p5018082.nasl
2009-10-10 Name : SLES9: Security update for XFree86-libs
File : nvt/sles9p5016773.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel core
File : nvt/sles9p5014380.nasl
2009-06-03 Name : Solaris Update for sdtimage 109932-10
File : nvt/gb_solaris_109932_10.nasl
2009-06-03 Name : Solaris Update for CDE 1.4 109931-10
File : nvt/gb_solaris_109931_10.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 114219-11
File : nvt/gb_solaris_114219_11.nasl
2009-06-03 Name : Solaris Update for sdtimage 114220-11
File : nvt/gb_solaris_114220_11.nasl
2009-04-09 Name : Mandriva Update for libxml2 MDVSA-2008:010 (libxml2)
File : nvt/gb_mandriva_MDVSA_2008_010.nasl
2009-04-09 Name : Mandriva Update for samba MDKSA-2007:034 (samba)
File : nvt/gb_mandriva_MDKSA_2007_034.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-419-1
File : nvt/gb_ubuntu_USN_419_1.nasl
2009-03-23 Name : Ubuntu Update for libxml2 vulnerability USN-569-1
File : nvt/gb_ubuntu_USN_569_1.nasl
2009-03-06 Name : RedHat Update for cups RHSA-2008:0206-01
File : nvt/gb_RHSA-2008_0206-01_cups.nasl
2009-03-06 Name : RedHat Update for libxml2 RHSA-2008:0032-01
File : nvt/gb_RHSA-2008_0032-01_libxml2.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64
File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos4 i386
File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0206 centos3 i386
File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64
File : nvt/gb_CESA-2008_0032_libxml2_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos4 i386
File : nvt/gb_CESA-2008_0032_libxml2_centos4_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64
File : nvt/gb_CESA-2008_0032_libxml2_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos3 i386
File : nvt/gb_CESA-2008_0032_libxml2_centos3_i386.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2009-0018.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0032.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080111_libxml2_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12032.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9833.nasl - Type: ACT_GATHER_INFO
2009-07-27 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2008-0006.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-010.nasl - Type: ACT_GATHER_INFO
2008-06-30 Name: The remote Windows host contains a media player that is affected by several v...
File: vlc_0_8_6h.nasl - Type: ACT_GATHER_INFO
2008-04-04 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2008-04-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2008-02-01 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200801-20.nasl - Type: ACT_GATHER_INFO
2008-01-27 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_libxml2-4840.nasl - Type: ACT_GATHER_INFO
2008-01-27 Name: The remote openSUSE host is missing a security update.
File: suse_libxml2-4841.nasl - Type: ACT_GATHER_INFO
2008-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-569-1.nasl - Type: ACT_GATHER_INFO
2008-01-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0032.nasl - Type: ACT_GATHER_INFO