Mageia Security Vulnerabilities and Issues — Mageia CVE List

Lucene search

Mageia ProjectMageia

3 matches found

CVE•added 2015/03/18 4:59 p.m.•148 views

CVE-2015-2296

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

6.8CVSS5.7AI score0.00816EPSS

CVE•added 2014/07/02 4:14 a.m.•70 views

CVE-2014-4668

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

6.8CVSS6.7AI score0.00703EPSS

CVE•added 2014/11/25 11:59 p.m.•67 views

CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

6.8CVSS6.5AI score0.02609EPSS