Aggregates CVE and security vulnerability intelligence across all mageia-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling, vendor risk buffer overflow, vendor risk cross-site scripting, and vendor risk input validation and related problems; some flaws may lead to vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-9637 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | [email protected] | 5.5 | 0.32% | 2017-08-25 | 2026-05-13 |
| CVE-2015-2191 | Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | [email protected] | 5.0 | 3.57% | 2015-03-08 | 2026-05-06 |
| CVE-2015-2189 | Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. | [email protected] | 5.0 | 0.41% | 2015-03-08 | 2026-05-06 |
| CVE-2015-2188 | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. | [email protected] | 5.0 | 0.46% | 2015-03-08 | 2026-05-06 |
| CVE-2015-0236 | libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | [email protected] | 3.5 | 0.49% | 2015-01-29 | 2026-05-06 |
| CVE-2014-8136 | The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. | [email protected] | 2.1 | 0.13% | 2014-12-19 | 2026-05-06 |
| CVE-2014-8117 | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | [email protected] | 5.0 | 16.45% | 2014-12-17 | 2026-05-06 |
| CVE-2014-8116 | The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. | [email protected] | 5.0 | 15.88% | 2014-12-17 | 2026-05-06 |
| CVE-2014-9253 | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. | [email protected] | 4.3 | 0.59% | 2014-12-17 | 2026-05-06 |
| CVE-2014-8104 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | [email protected] | 6.8 | 2.00% | 2014-12-03 | 2026-05-06 |
| CVE-2014-9116 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | [email protected] | 5.0 | 3.52% | 2014-12-02 | 2026-05-06 |
| CVE-2014-9087 | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | [email protected] | 7.5 | 4.48% | 2014-12-01 | 2026-05-06 |
| CVE-2014-1829 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | [email protected] | 5.0 | 0.50% | 2014-10-15 | 2026-05-06 |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | [email protected] | 3.4 | 93.54% | 2014-10-15 | 2026-05-28 |
| CVE-2014-7204 | jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | [email protected] | 5.0 | 2.73% | 2014-10-07 | 2026-05-06 |
| CVE-2014-7169 KEV | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occu | [email protected] | 9.8 | 89.06% | 2014-09-25 | 2026-04-22 |
| CVE-2014-6271 KEV | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "Sh | [email protected] | 9.8 | 94.22% | 2014-09-24 | 2026-04-22 |
| CVE-2014-5461 | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. | [email protected] | 5.0 | 10.63% | 2014-09-04 | 2026-05-06 |
| CVE-2014-2524 | The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | [email protected] | 3.3 | 0.14% | 2014-08-20 | 2026-05-06 |
| CVE-2014-3429 | IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. | [email protected] | 6.8 | 2.09% | 2014-08-07 | 2026-05-06 |