Summary
| Detail | |||
|---|---|---|---|
| Vendor | Mandrakesoft | First view | 2004-12-21 |
| Product | Mandrake Linux Corporate Server | Last view | 2008-01-11 |
| Version | 3.0 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2008-01-11 | CVE-2007-6284 | The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. |
| 7.5 | 2007-02-05 | CVE-2007-0454 | Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. |
| 5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| 10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| 5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
| 7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
| 6.8 | 2005-04-27 | CVE-2005-0085 | Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. |
| 7.2 | 2005-04-14 | CVE-2005-0020 | Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. |
| 2.1 | 2005-04-14 | CVE-2005-0003 | The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. |
| 6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
| 5 | 2005-03-14 | CVE-2005-0473 | The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. |
| 5 | 2005-03-14 | CVE-2005-0472 | Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. |
| 7.5 | 2005-03-02 | CVE-2005-0605 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
| 7.5 | 2004-12-21 | CVE-2004-1307 | Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 60% (3) | CWE-399 | Resource Management Errors |
| 20% (1) | CWE-189 | Numeric Errors |
| 20% (1) | CWE-134 | Uncontrolled Format String |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 40194 | libxml2 xmlCurrentChar Function UTF-8 Parsing DoS |
| 33101 | Samba VFS Plugin afsacl.so Format String |
| 22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
| 22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
| 22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
| 16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
| 14373 | libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow |
| 13924 | Gaim Malformed HTML Parsing DoS |
| 13923 | Gaim Malformed SNAC Packet Parsing DoS |
| 13520 | ht://Dig (htdig) config Parameter XSS |
| 13049 | Playmidi playmidi.c File Name Overflow |
| 12917 | Linux Kernel Elf Binary Overlapping VMA Local Privilege Escalation |
| 12791 | Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation |
| 12556 | LibTIFF STRIPOFFSETS Flag TIFFFetchStripThing() Function Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-02-03 | Name : Solaris Update for Runtime library for Solaris 10 119281-22 File : nvt/gb_solaris_119281_22.nasl |
| 2010-02-03 | Name : Solaris Update for CDE 1.6 119280-22 File : nvt/gb_solaris_119280_22.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5020669.nasl |
| 2009-10-10 | Name : SLES9: Security update for htdig File : nvt/sles9p5018082.nasl |
| 2009-10-10 | Name : SLES9: Security update for XFree86-libs File : nvt/sles9p5016773.nasl |
| 2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
| 2009-06-03 | Name : Solaris Update for sdtimage 109932-10 File : nvt/gb_solaris_109932_10.nasl |
| 2009-06-03 | Name : Solaris Update for CDE 1.4 109931-10 File : nvt/gb_solaris_109931_10.nasl |
| 2009-06-03 | Name : Solaris Update for CDE 1.5 114219-11 File : nvt/gb_solaris_114219_11.nasl |
| 2009-06-03 | Name : Solaris Update for sdtimage 114220-11 File : nvt/gb_solaris_114220_11.nasl |
| 2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:010 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_010.nasl |
| 2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:034 (samba) File : nvt/gb_mandriva_MDKSA_2007_034.nasl |
| 2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-419-1 File : nvt/gb_ubuntu_USN_419_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for libxml2 vulnerability USN-569-1 File : nvt/gb_ubuntu_USN_569_1.nasl |
| 2009-03-06 | Name : RedHat Update for cups RHSA-2008:0206-01 File : nvt/gb_RHSA-2008_0206-01_cups.nasl |
| 2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0032-01 File : nvt/gb_RHSA-2008_0032-01_libxml2.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 i386 File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 i386 File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64 File : nvt/gb_CESA-2008_0032_libxml2_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos4 i386 File : nvt/gb_CESA-2008_0032_libxml2_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64 File : nvt/gb_CESA-2008_0032_libxml2_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0032 centos3 i386 File : nvt/gb_CESA-2008_0032_libxml2_centos3_i386.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2009-0018.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0032.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080111_libxml2_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
| 2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO |
| 2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12032.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9833.nasl - Type: ACT_GATHER_INFO |
| 2009-07-27 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2008-0006.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-010.nasl - Type: ACT_GATHER_INFO |
| 2008-06-30 | Name: The remote Windows host contains a media player that is affected by several v... File: vlc_0_8_6h.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
| 2008-02-01 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200801-20.nasl - Type: ACT_GATHER_INFO |
| 2008-01-27 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_libxml2-4840.nasl - Type: ACT_GATHER_INFO |
| 2008-01-27 | Name: The remote openSUSE host is missing a security update. File: suse_libxml2-4841.nasl - Type: ACT_GATHER_INFO |
| 2008-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-569-1.nasl - Type: ACT_GATHER_INFO |
| 2008-01-14 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0032.nasl - Type: ACT_GATHER_INFO |
