Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

Published: December 01, 2014; 10:59:11 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published: October 14, 2014; 8:55:02 PM -0400
V3.1: 3.4 LOW
V2.0: 4.3 MEDIUM

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

Published: October 07, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Published: September 04, 2014; 1:55:07 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Published: August 20, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

Published: August 07, 2014; 7:13:34 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h.

Published: August 06, 2014; 2:55:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Published: July 19, 2014; 3:55:07 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW