Vulnerabilities > Mageia

DATE CVE VULNERABILITY TITLE RISK
2017-08-25 CVE-2014-9637 Resource Management Errors vulnerability in multiple products
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
7.1
2014-12-17 CVE-2014-8117 Resource Management Errors vulnerability in multiple products
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
network
low complexity
file-project freebsd mageia canonical CWE-399
5.0
2014-12-17 CVE-2014-8116 Resource Management Errors vulnerability in multiple products
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
network
low complexity
file-project freebsd mageia canonical CWE-399
5.0
2014-12-17 CVE-2014-9253 Cross-Site Scripting vulnerability in multiple products
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
4.3
2014-12-03 CVE-2014-8104 Resource Management Errors vulnerability in multiple products
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
network
low complexity
mageia debian opensuse openvpn canonical CWE-399
6.8
2014-12-02 CVE-2014-9116 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
network
low complexity
suse mutt debian mageia CWE-119
5.0
2014-10-15 CVE-2014-1829 Information Exposure vulnerability in multiple products
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
network
low complexity
debian python canonical mageia CWE-200
5.0
2014-10-15 CVE-2014-3566 Cryptographic Issues vulnerability in multiple products
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
3.4
2014-10-07 CVE-2014-7204 Resource Management Errors vulnerability in multiple products
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
network
low complexity
canonical debian mageia CWE-399
5.0
2014-08-20 CVE-2014-2524 Link Following vulnerability in multiple products
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
3.3