MandrivaCVEs & Vulnerabilities

8 CVEs affecting Mandriva products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

linux 14corporate server 3enterprise server 2linux corporate server 2multi network firewall 2business server 1mondo 1
CVE-2007-3915CRITICAL

Mondo 2.24 has insecure handling of temporary files.

8 Nov 2019
9.1
CVSS
CVE-2013-4854HIGH

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

29 Jul 2013
7.8
CVSS
CVE-2011-2162CRITICAL

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."

21 May 2011
10.0
CVSS
CVE-2010-2529MEDIUM

Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.

28 Jul 2010
5.0
CVSS
CVE-2009-0912HIGH

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.

16 Mar 2009
7.2
CVSS
CVE-2009-0032MEDIUM

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

27 Jan 2009
6.9
CVSS
CVE-2007-3741MEDIUM

The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

27 Aug 2007
4.3
CVSS
CVE-2005-3181LOW

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).

12 Oct 2005
2.1
CVSS
← PrevPage 1 / 1Next →