Mageia Project

Mageia

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-2296

  • EPSS 0.82%
  • Published 18.03.2015 16:59:03
  • Last modified 12.04.2025 10:46:40

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

4.3

CVE-2014-9039

  • EPSS 1.68%
  • Published 25.11.2014 23:59:10
  • Last modified 12.04.2025 10:46:40

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

6.8

CVE-2014-9037

  • EPSS 2.62%
  • Published 25.11.2014 23:59:08
  • Last modified 12.04.2025 10:46:40

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

2.1

CVE-2014-7824

Exploit
  • EPSS 0.1%
  • Published 18.11.2014 15:59:04
  • Last modified 12.04.2025 10:46:40

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vu...

5

CVE-2014-8763

  • EPSS 1.05%
  • Published 22.10.2014 14:55:08
  • Last modified 12.04.2025 10:46:40

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.

5

CVE-2014-8764

  • EPSS 1.22%
  • Published 22.10.2014 14:55:08
  • Last modified 12.04.2025 10:46:40

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.

2.1

CVE-2014-3533

  • EPSS 0.08%
  • Published 19.07.2014 19:55:08
  • Last modified 12.04.2025 10:46:40

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

6.8

CVE-2014-4668

  • EPSS 0.6%
  • Published 02.07.2014 04:14:17
  • Last modified 12.04.2025 10:46:40

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password...

3.3

CVE-2014-3421

  • EPSS 0.15%
  • Published 08.05.2014 10:55:05
  • Last modified 12.04.2025 10:46:40

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

3.3

CVE-2014-3422

  • EPSS 0.15%
  • Published 08.05.2014 10:55:05
  • Last modified 12.04.2025 10:46:40

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.