Vulnerabilities > Mageia Project

DATE CVE VULNERABILITY TITLE RISK
2015-03-18 CVE-2015-2296 The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. 6.8
2014-12-09 CVE-2014-9274 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
7.5
2014-11-25 CVE-2014-9039 7PK - Security Features vulnerability in multiple products
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
4.3
2014-11-25 CVE-2014-9037 Cryptographic Issues vulnerability in multiple products
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
6.8
2014-10-22 CVE-2014-8764 Improper Authentication vulnerability in multiple products
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
network
low complexity
mageia-project dokuwiki CWE-287
5.0
2014-10-22 CVE-2014-8763 Improper Authentication vulnerability in multiple products
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
network
low complexity
dokuwiki mageia-project CWE-287
5.0
2014-07-02 CVE-2014-4668 Improper Authentication vulnerability in multiple products
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
6.8
2014-05-08 CVE-2014-3424 Link Following vulnerability in multiple products
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
3.3
2014-05-08 CVE-2014-3423 Link Following vulnerability in multiple products
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
3.3
2014-05-08 CVE-2014-3422 Link Following vulnerability in multiple products
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
3.3