This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mageia First view 2014-08-06
Product Mageia Last view 2017-08-25
Version 4.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:mageia:mageia

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2017-08-25 CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

5 2015-03-07 CVE-2015-2191

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

5 2015-03-07 CVE-2015-2189

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

5 2015-03-07 CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

3.5 2015-01-29 CVE-2015-0236

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

2.1 2014-12-19 CVE-2014-8136

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

4.3 2014-12-17 CVE-2014-9253

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

5 2014-12-17 CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

5 2014-12-17 CVE-2014-8116

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

6.8 2014-12-03 CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

5 2014-12-02 CVE-2014-9116

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

7.5 2014-12-01 CVE-2014-9087

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

5 2014-10-15 CVE-2014-1829

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

3.4 2014-10-14 CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

5 2014-10-07 CVE-2014-7204

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

5 2014-09-04 CVE-2014-5461

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

3.3 2014-08-20 CVE-2014-2524

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

6.8 2014-08-07 CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

7.5 2014-08-06 CVE-2013-4159

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h.

CWE : Common Weakness Enumeration

%idName
26% (5) CWE-399 Resource Management Errors
10% (2) CWE-264 Permissions, Privileges, and Access Controls
10% (2) CWE-200 Information Exposure
10% (2) CWE-189 Numeric Errors
10% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (1) CWE-310 Cryptographic Issues
5% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
5% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
5% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
5% (1) CWE-19 Data Handling

OpenVAS Exploits

id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517

Snort® IPS/IDS

Date Description
2014-12-18 SSLv3 CBC client connection attempt
RuleID : 32566 - Type : POLICY-OTHER - Revision : 2
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Type : SERVER-OTHER - Revision : 5
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Type : SERVER-OTHER - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-07 Name: The remote host is potentially affected by an SSL/TLS vulnerability.
File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1298.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3048-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: The remote database server is affected by multiple vulnerabilities.
File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-459.nasl - Type: ACT_GATHER_INFO
2017-02-28 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16347.nasl - Type: ACT_GATHER_INFO
2017-01-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-53.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type: ACT_GATHER_INFO
2017-01-03 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-04.nasl - Type: ACT_GATHER_INFO
2016-11-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1339.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2396-1.nasl - Type: ACT_GATHER_INFO
2016-09-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2329-1.nasl - Type: ACT_GATHER_INFO
2016-09-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2285-1.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2097-1.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-11.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1457-1.nasl - Type: ACT_GATHER_INFO
2016-06-09 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160510_file_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-05-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2016-0050.nasl - Type: ACT_GATHER_INFO
2016-05-13 Name: A web application running on the remote host is affected by multiple vulnerab...
File: solarwinds_srm_profiler_6_2_3.nasl - Type: ACT_GATHER_INFO
2016-05-12 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0760.nasl - Type: ACT_GATHER_INFO
2016-04-14 Name: The application installed on the remote host is affected by an information di...
File: ibm_domino_swg21693142.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-294.nasl - Type: ACT_GATHER_INFO
2016-02-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3489.nasl - Type: ACT_GATHER_INFO