Skip to main content

Mageia

32 CVEs product

Monthly

CVE-2014-9637 MEDIUM PATCH This Month

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Fedora Mageia Ubuntu Linux Patch
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-2296 PyPI MEDIUM PATCH This Month

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Mageia Requests Ubuntu Linux
NVD GitHub
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-2191 MEDIUM This Month

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Mageia Wireshark Opensuse
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2015-2189 MEDIUM This Month

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Linux Solaris +3
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2188 MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Mageia Opensuse +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0236 LOW PATCH Monitor

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mageia Libvirt Ubuntu Linux Enterprise Linux Desktop +3
NVD
CVSS 2.0
3.5
EPSS
0.7%
CVE-2014-8136 LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia Libvirt Ubuntu Linux +5
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8117 MEDIUM PATCH This Month

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.5%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
16.5%
CVE-2014-8116 MEDIUM PATCH This Month

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
15.9%
CVE-2014-9253 MEDIUM PATCH This Month

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Dokuwiki Mageia
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9274 HIGH POC This Week

{\cb-999999999". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Unrtf Fedora +2
NVD
CVSS 2.0
7.5
EPSS
5.9%
CVE-2014-8104 MEDIUM This Month

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mageia Debian Linux Opensuse Openvpn +2
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-9116 MEDIUM POC This Month

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Linux Enterprise Desktop Suse Linux Enterprise Server Mutt +2
NVD
CVSS 2.0
5.0
EPSS
3.5%
CVE-2014-9087 HIGH PATCH This Week

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Mageia Debian Linux +3
NVD
CVSS 2.0
7.5
EPSS
6.9%
CVE-2014-9039 MEDIUM PATCH This Month

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure Debian Linux Mageia
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2014-9037 MEDIUM PATCH This Month

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure Mageia Debian Linux
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2014-7824 LOW POC Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbus Debian Linux Mageia Ubuntu Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8764 MEDIUM This Month

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mageia Dokuwiki
NVD GitHub
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-8763 MEDIUM This Month

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dokuwiki Mageia
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-1829 PyPI MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Debian Linux Requests Ubuntu Linux +1
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-7204 MEDIUM POC PATCH This Month

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Ubuntu Linux Debian Linux Exuberant Ctags Mageia
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2014-5461 MEDIUM POC PATCH THREAT This Month

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Denial Of Service Buffer Overflow Opensuse Ubuntu Linux Debian Linux +2
NVD
CVSS 2.0
5.0
EPSS
10.6%
CVE-2014-2524 LOW PATCH Monitor

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. Rated low severity (CVSS 3.3).

Information Disclosure Mageia Readline Opensuse Fedora
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3429 PyPI MEDIUM PATCH This Month

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Opensuse Ipython Notebook Mageia
NVD GitHub
CVSS 2.0
6.8
EPSS
2.1%
CVE-2013-4159 HIGH This Week

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ctdb Opensuse Mageia
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-3533 LOW Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Dbus Mageia Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3532 LOW PATCH Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse Debian Linux Mageia +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4668 MEDIUM This Month

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Fedora Mageia Cherokee
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-3424 LOW Monitor

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3423 LOW Monitor

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3422 LOW Monitor

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Emacs Mageia
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3421 LOW Monitor

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Fedora Mageia +2
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Mageia Requests +1
NVD GitHub
EPSS 4% CVSS 5.0
MEDIUM This Month

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Mageia +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +5
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mageia Libvirt +5
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia +7
NVD
EPSS 16% CVSS 5.0
MEDIUM PATCH This Month

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.5%.

Denial Of Service File Freebsd +2
NVD GitHub
EPSS 16% CVSS 5.0
MEDIUM PATCH This Month

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Denial Of Service File Freebsd +2
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Dokuwiki +1
NVD GitHub
EPSS 6% CVSS 7.5
HIGH POC This Week

{\cb-999999999". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mageia Debian Linux +4
NVD
EPSS 4% CVSS 5.0
MEDIUM POC This Month

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Linux Enterprise Desktop +4
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow +5
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure +2
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure +2
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbus Debian Linux +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mageia Dokuwiki
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dokuwiki Mageia
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Debian Linux +3
NVD GitHub
EPSS 3% CVSS 5.0
MEDIUM POC PATCH This Month

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Ubuntu Linux Debian Linux +2
NVD
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Denial Of Service Buffer Overflow Opensuse +4
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. Rated low severity (CVSS 3.3).

Information Disclosure Mageia Readline +2
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Opensuse +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ctdb Opensuse +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Dbus +2
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Fedora Mageia +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
EPSS 0% CVSS 3.3
LOW Monitor

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
EPSS 0% CVSS 3.3
LOW Monitor

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Emacs Mageia
NVD
EPSS 0% CVSS 3.3
LOW Monitor

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy