Summary
| Detail | |||
|---|---|---|---|
| Vendor | Mageia | First view | 2014-08-06 |
| Product | Mageia | Last view | 2017-08-25 |
| Version | 4.0 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:mageia:mageia | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2017-08-25 | CVE-2014-9637 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. |
| 5 | 2015-03-07 | CVE-2015-2191 | Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. |
| 5 | 2015-03-07 | CVE-2015-2189 | Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. |
| 5 | 2015-03-07 | CVE-2015-2188 | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. |
| 3.5 | 2015-01-29 | CVE-2015-0236 | libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. |
| 2.1 | 2014-12-19 | CVE-2014-8136 | The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. |
| 4.3 | 2014-12-17 | CVE-2014-9253 | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. |
| 5 | 2014-12-17 | CVE-2014-8117 | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. |
| 5 | 2014-12-17 | CVE-2014-8116 | The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. |
| 6.8 | 2014-12-03 | CVE-2014-8104 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. |
| 5 | 2014-12-02 | CVE-2014-9116 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. |
| 7.5 | 2014-12-01 | CVE-2014-9087 | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. |
| 5 | 2014-10-15 | CVE-2014-1829 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. |
| 3.4 | 2014-10-14 | CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. |
| 5 | 2014-10-07 | CVE-2014-7204 | jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. |
| 5 | 2014-09-04 | CVE-2014-5461 | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. |
| 3.3 | 2014-08-20 | CVE-2014-2524 | The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. |
| 6.8 | 2014-08-07 | CVE-2014-3429 | IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. |
| 7.5 | 2014-08-06 | CVE-2013-4159 | ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 26% (5) | CWE-399 | Resource Management Errors |
| 10% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 10% (2) | CWE-200 | Information Exposure |
| 10% (2) | CWE-189 | Numeric Errors |
| 10% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 5% (1) | CWE-310 | Cryptographic Issues |
| 5% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 5% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 5% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 5% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 5% (1) | CWE-19 | Data Handling |
OpenVAS Exploits
| id | Description |
|---|---|
| 2014-10-16 | Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0154 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0061081 |
| 2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
| 2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
| 2015-B-0012 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0058517 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-12-18 | SSLv3 CBC client connection attempt RuleID : 32566 - Type : POLICY-OTHER - Revision : 2 |
| 2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32205 - Type : SERVER-OTHER - Revision : 5 |
| 2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32204 - Type : SERVER-OTHER - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-12-07 | Name: The remote host is potentially affected by an SSL/TLS vulnerability. File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO |
| 2017-11-27 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1298.nasl - Type: ACT_GATHER_INFO |
| 2017-11-27 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-3048-1.nasl - Type: ACT_GATHER_INFO |
| 2017-07-20 | Name: The remote database server is affected by multiple vulnerabilities. File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-459.nasl - Type: ACT_GATHER_INFO |
| 2017-02-28 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL16347.nasl - Type: ACT_GATHER_INFO |
| 2017-01-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-53.nasl - Type: ACT_GATHER_INFO |
| 2017-01-10 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type: ACT_GATHER_INFO |
| 2017-01-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-04.nasl - Type: ACT_GATHER_INFO |
| 2016-11-23 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1339.nasl - Type: ACT_GATHER_INFO |
| 2016-09-28 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2396-1.nasl - Type: ACT_GATHER_INFO |
| 2016-09-19 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2329-1.nasl - Type: ACT_GATHER_INFO |
| 2016-09-13 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2285-1.nasl - Type: ACT_GATHER_INFO |
| 2016-09-02 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2097-1.nasl - Type: ACT_GATHER_INFO |
| 2016-06-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201606-11.nasl - Type: ACT_GATHER_INFO |
| 2016-06-17 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1457-1.nasl - Type: ACT_GATHER_INFO |
| 2016-06-09 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20160510_file_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2016-05-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO |
| 2016-05-16 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-0760.nasl - Type: ACT_GATHER_INFO |
| 2016-05-16 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2016-0050.nasl - Type: ACT_GATHER_INFO |
| 2016-05-13 | Name: A web application running on the remote host is affected by multiple vulnerab... File: solarwinds_srm_profiler_6_2_3.nasl - Type: ACT_GATHER_INFO |
| 2016-05-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO |
| 2016-04-14 | Name: The application installed on the remote host is affected by an information di... File: ibm_domino_swg21693142.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-294.nasl - Type: ACT_GATHER_INFO |
| 2016-02-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3489.nasl - Type: ACT_GATHER_INFO |
