Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Mandrake

Mandrake Security Advisories

Here you'll find the latest security advisories from Mandrake. Our database currently contains 486 Mandrake security advisories.
Page: 123456 out of 20

playmidi buffer overflow | MDKSA-2005:010 | January 19, 2005
Erik Sjolund discovered a buffer overflow in playmidi that could be exploited by a local attacker if installed setuid root. Note that by default Mandrakelinux does not ship playmidi installed setuid r

Xine-lib multiple overflows | MDKSA-2005:011 | January 19, 2005
iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size. As well, they discovered that in this same function, a negative v

mpg123 buffer overflow | MDKSA-2005:009 | January 19, 2005
A vulnerability in mpg123's ability to parse frame headers in input streams could allow a malicious file to exploit a buffer overflow and execute arbitray code with the permissions of the user running

CUPS buffer overflow | MDKSA-2005:008 | January 17, 2005
A buffer overflow was discovered in the ParseCommand function in the hpgltops utility. An attacker with the ability to send malicious HPGL files to a printer could possibly execute arbitrary code as t

Imlib heap overflow | MDKSA-2005:007 | January 12, 2005
Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with i

Hylafax unauthorized access | MDKSA-2005:006 | January 12, 2005
Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the f

NFS-utils buffer overflow | MDKSA-2005:005 | January 12, 2005
Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a sp

Nasm buffer overflow | MDKSA-2005:004 | January 06, 2005
A buffer overflow in nasm was discovered by Jonathan Rockway. This vulnerability could lead to the execution of arbitrary code when compiling a malicious assembler source file.

Vim multiple vulnerabilities | MDKSA-2005:003 | January 06, 2005
Several modeline-related vulnerabilities were discovered in Vim by Ciaran McCreesh. The updated package

wxGTK2 multiple vulnerabilities | MDKSA-2005:002 | January 06, 2005
Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities.

Libtiff multiple vulnerabilities | MDKSA-2005:001 | January 06, 2005
Several vulnerabilities have been discovered in the libtiff package.

Tetex multiple vulnerabilities | MDKSA-2004:166 | December 29, 2004
Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like tetex which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled

Xpdf multiple vulnerabilities | MDKSA-2004:165 | December 29, 2004
Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like koffice which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controll

CUPS buffer overflow vulnerability | MDKSA-2004:164 | December 29, 2004
iDefense reported a buffer overflow vulnerability, which affects versions of xpdf

Kdegraphics buffer overflow vulnerability | MDKSA-2004:163 | December 29, 2004
iDefense reported a buffer overflow vulnerability, which affects versions of xpdf

Gpdf buffer overflow vulnerability | MDKSA-2004:162 | December 29, 2004
iDefense reported a buffer overflow vulnerability, which affects versions of xpdf

Xpdf buffer overflow vulnerability | MDKSA-2004:161 | December 29, 2004
iDefense reported a buffer overflow vulnerability, which affects versions of xpdf

Kdelibs kio_ftp vulnerability | MDKSA-2004:160 | December 29, 2004
A vulnerability in the Konqueror web browser was discovered that would allow a malicious web site to take advantage of a flaw in kio_ftp to send email messages without user interaction.

Glibc insecure temp file creation | MDKSA-2004:159 | December 29, 2004
The Trustix developers discovered that the catchsegv and glibcbug utilities, part of the glibc package, created temporary files in an insecure manner. This could allow for a symlink attack to create o

Samba integer overflow vulnerability | MDKSA-2004:158 | December 27, 2004
Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controll

Mplayer multiple vulnerabilities | MDKSA-2004:157 | December 22, 2004
A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and

Krb5 heap buffer overflow | MDKSA-2004:156 | December 22, 2004
Michael Tautschnig discovered a heap buffer overflow in the history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Cente

Logcheck local root privileges | MDKSA-2004:155 | December 22, 2004
A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges.

Konqueror privilege escalation | MDKSA-2004:154 | December 22, 2004
A vulnerability in the Konqueror webbrowser was discovered where an untrusted java applet could escalate privileges (through JavaScript calling into Java code). This includes the reading and writing o

Aspell arbitrary code execution | MDKSA-2004:153 | December 20, 2004
A vulnerability was discovered in the aspell word-list-compress utility that can allow an attacker to execute arbitrary code.

Page: 123456 out of 20

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »