Vulnerabilities > Mandrakesoft > Mandrake Multi Network Firewall > 8.2

DATE	CVE	VULNERABILITY TITLE	RISK
2005-04-14	CVE-2004-1235	Local Privilege Escalation vulnerability in Linux kernel Uselib() Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. local high complexity avaya linux mandrakesoft redhat suse ubuntu conectiva	6.2
2005-03-01	CVE-2004-1051	sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. local low complexity mandrakesoft todd-miller debian trustix ubuntu	7.2
2005-02-09	CVE-2004-0975	The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. local low complexity mandrakesoft openssl gentoo	2.1
2004-12-31	CVE-2004-2396	passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM. local low complexity mandrakesoft	7.2
2004-12-31	CVE-2004-2395	Unspecified vulnerability in Mandrakesoft products Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. local low complexity mandrakesoft	2.1
2004-12-31	CVE-2004-2394	Unspecified vulnerability in Mandrakesoft products Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. local low complexity mandrakesoft	2.1
2004-12-06	CVE-2004-0565	Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. local low complexity mandrakesoft gentoo linux trustix	2.1
2004-12-06	CVE-2004-0497	Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. local low complexity mandrakesoft conectiva gentoo linux redhat suse trustix	2.1
2004-12-06	CVE-2004-0496	Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. local low complexity mandrakesoft suse gentoo linux sun	7.2
2004-08-06	CVE-2004-0535	The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. local low complexity mandrakesoft suse conectiva engardelinux gentoo linux	2.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.