Mageia Security Vulnerabilities and Issues — Mageia CVE List

Lucene search

Mageia ProjectMageia

13 matches found

CVE•added 2015/03/18 4:59 p.m.•148 views

CVE-2015-2296

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

6.8CVSS5.7AI score0.01915EPSS

CVE•added 2014/11/18 3:59 p.m.•92 views

CVE-2014-7824

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...

2.1CVSS7.9AI score0.00097EPSS

CVE•added 2014/07/19 7:55 p.m.•81 views

CVE-2014-3533

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

2.1CVSS5.8AI score0.00081EPSS

CVE•added 2014/05/08 10:55 a.m.•70 views

CVE-2014-3422

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

3.3CVSS6AI score0.00145EPSS

CVE•added 2014/07/02 4:14 a.m.•70 views

CVE-2014-4668

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

6.8CVSS6.7AI score0.00703EPSS

CVE•added 2014/11/25 11:59 p.m.•67 views

CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

6.8CVSS6.5AI score0.02617EPSS

CVE•added 2014/05/08 10:55 a.m.•66 views

CVE-2014-3421

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

3.3CVSS6AI score0.00145EPSS

CVE•added 2014/11/25 11:59 p.m.•66 views

CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

4.3CVSS6.4AI score0.01681EPSS

CVE•added 2014/05/08 10:55 a.m.•62 views

CVE-2014-3423

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

3.3CVSS6AI score0.00138EPSS

CVE•added 2014/10/22 2:55 p.m.•55 views

CVE-2014-8763

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.

5CVSS7.1AI score0.0105EPSS

CVE•added 2014/10/22 2:55 p.m.•55 views

CVE-2014-8764

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.

5CVSS6.9AI score0.01224EPSS

CVE•added 2014/12/09 11:59 p.m.•53 views

CVE-2014-9274

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

7.5CVSS7.6AI score0.05942EPSS

CVE•added 2014/05/08 10:55 a.m.•50 views

CVE-2014-3424

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

3.3CVSS6AI score0.00145EPSS