Vulnerabilities > Mandrakesoft > Mandrake Multi Network Firewall > Low

DATE CVE VULNERABILITY TITLE RISK
2007-04-06 CVE-2007-1352 Local Integer Overflow vulnerability in X.Org LibXFont
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. 		3.8
3.8
2005-02-09 CVE-2004-0975 The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
local
low complexity
mandrakesoft openssl gentoo
2.1
2.1
2004-12-31 CVE-2004-2394 Unspecified vulnerability in Mandrakesoft products
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
local
low complexity
mandrakesoft
2.1
2.1
2004-12-31 CVE-2004-2395 Unspecified vulnerability in Mandrakesoft products
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
local
low complexity
mandrakesoft
2.1
2.1
2004-12-06 CVE-2004-0497 Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. 2.1
2.1
2004-12-06 CVE-2004-0565 Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
local
low complexity
mandrakesoft gentoo linux trustix
2.1
2.1
2004-08-06 CVE-2004-0535 The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. 2.1
2.1
2003-08-27 CVE-2003-0462 A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
local
high complexity
mandrakesoft linux
1.2
1.2