Mageia

Mageia

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-9116

Exploit
  • EPSS 2.62%
  • Published 02.12.2014 16:59:08
  • Last modified 12.04.2025 10:46:40

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buf...

7.5

CVE-2014-9087

  • EPSS 7.75%
  • Published 01.12.2014 15:59:11
  • Last modified 12.04.2025 10:46:40

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer...

5

CVE-2014-1829

  • EPSS 0.5%
  • Published 15.10.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

4.3

CVE-2014-3566

  • EPSS 94.02%
  • Published 15.10.2014 00:55:02
  • Last modified 12.04.2025 10:46:40

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

5

CVE-2014-7204

Exploit
  • EPSS 2.82%
  • Published 07.10.2014 14:55:08
  • Last modified 12.04.2025 10:46:40

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

10

CVE-2014-7169

Warning Exploit
  • EPSS 90.11%
  • Published 25.09.2014 01:55:04
  • Last modified 12.04.2025 10:46:40

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro...

10

CVE-2014-6271

Warning Exploit
  • EPSS 94.22%
  • Published 24.09.2014 18:48:04
  • Last modified 12.04.2025 10:46:40

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman...

5

CVE-2014-5461

Exploit
  • EPSS 18.47%
  • Published 04.09.2014 17:55:07
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

3.3

CVE-2014-2524

  • EPSS 0.16%
  • Published 20.08.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

6.8

CVE-2014-3429

Media report
  • EPSS 2.09%
  • Published 07.08.2014 11:13:34
  • Last modified 12.04.2025 10:46:40

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.