mageia 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、バッファオーバーフロー、vendor risk cross-site scripting, and vendor risk input validation があり、vendor surface production workloads の利用場面で ファイル上書き、vendor impact unexpected behavior, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2014-9637 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | [email protected] | 5.5 | 0.36% | 2017-08-25 | 2026-05-13 |
| CVE-2015-2191 | Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | [email protected] | 5.0 | 3.57% | 2015-03-08 | 2026-05-06 |
| CVE-2015-2189 | Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. | [email protected] | 5.0 | 0.41% | 2015-03-08 | 2026-05-06 |
| CVE-2015-2188 | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. | [email protected] | 5.0 | 0.46% | 2015-03-08 | 2026-05-06 |
| CVE-2015-0236 | libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | [email protected] | 3.5 | 0.49% | 2015-01-29 | 2026-05-06 |
| CVE-2014-8136 | The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. | [email protected] | 2.1 | 0.13% | 2014-12-19 | 2026-05-06 |
| CVE-2014-8117 | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | [email protected] | 5.0 | 16.45% | 2014-12-17 | 2026-05-06 |
| CVE-2014-8116 | The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. | [email protected] | 5.0 | 15.88% | 2014-12-17 | 2026-05-06 |
| CVE-2014-9253 | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. | [email protected] | 4.3 | 0.59% | 2014-12-17 | 2026-05-06 |
| CVE-2014-8104 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | [email protected] | 6.8 | 2.00% | 2014-12-03 | 2026-05-06 |
| CVE-2014-9116 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | [email protected] | 5.0 | 3.52% | 2014-12-02 | 2026-05-06 |
| CVE-2014-9087 | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | [email protected] | 7.5 | 4.48% | 2014-12-01 | 2026-05-06 |
| CVE-2014-1829 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | [email protected] | 5.0 | 0.50% | 2014-10-15 | 2026-05-06 |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | [email protected] | 3.4 | 93.54% | 2014-10-15 | 2026-05-28 |
| CVE-2014-7204 | jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | [email protected] | 5.0 | 2.73% | 2014-10-07 | 2026-05-06 |
| CVE-2014-7169 KEV | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occu | [email protected] | 9.8 | 89.06% | 2014-09-25 | 2026-04-22 |
| CVE-2014-6271 KEV | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "Sh | [email protected] | 9.8 | 94.22% | 2014-09-24 | 2026-04-22 |
| CVE-2014-5461 | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. | [email protected] | 5.0 | 10.63% | 2014-09-04 | 2026-05-06 |
| CVE-2014-2524 | The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | [email protected] | 3.3 | 0.14% | 2014-08-20 | 2026-05-06 |
| CVE-2014-3429 | IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. | [email protected] | 6.8 | 2.09% | 2014-08-07 | 2026-05-06 |