CVSS: 6.8EPSS: 1%CPEs: 14EXPL: 0CVE-2015-2296 – Mandriva Linux Security Advisory 2015-133
https://notcve.org/view.php?id=CVE-2015-2296
16 Mar 2015 — The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. La función resolve_redirects en sessions.py en requests 2.1.0 hasta 2.5.3 permite a atacantes remotos realizar ataques de fijación de sesión a través de una cookie sin valor de anfitrión en una redirección. Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file th... • http://advisories.mageia.org/MGASA-2015-0120.html •
CVSS: 7.5EPSS: 7%CPEs: 7EXPL: 0CVE-2014-8117 – file: denial of service issue (resource consumption)
https://notcve.org/view.php?id=CVE-2014-8117
10 Dec 2014 — softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. softmagic.c en archivo anterior a 5.21 no limita adecuadamente el límite de recursividad, esto permite a atacantes remotos, provocar una denegación de servicio (consumo de CPU o rotura) mediante vectores no especificados. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2014-8116 – file: multiple denial of service issues (resource consumption)
https://notcve.org/view.php?id=CVE-2014-8116
10 Dec 2014 — The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. El intérprete ELF (readelf.c) en versiones anteriores a 5.21, permite a atacantes remotos, provocar una denegaci?o de servicio (consumo de CPU o rotura) mediante un número largo de (1) programa o (2) cabeceras de sección o (3) capacidades no válidas. Multiple flaws were found in the way the File In... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 1CVE-2014-9274 – Mandriva Linux Security Advisory 2015-007
https://notcve.org/view.php?id=CVE-2014-9274
09 Dec 2014 — UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". UnRTF permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario tal y como fue demostrado por un fichero que contenía la cadena '{\cb-999999999'. Michal Zalewski reported an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while ... • http://advisories.mageia.org/MGASA-2014-0533.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2014-9037 – Wordpress Core < 4.0.1 - Hash Collision
https://notcve.org/view.php?id=CVE-2014-9037
20 Nov 2014 — WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 podría permitir a atacantes remotos obtener el acceso a una cuenta ociosa desde el 2008 mediante el aprovechamiento de una comparación indebida del tipo dinámico de PHP para un hash... • http://advisories.mageia.org/MGASA-2014-0493.html • CWE-310: Cryptographic Issues CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2014-9039 – WordPress Core < 4.0.1 Cross-Site Request Forgery to Password Reset
https://notcve.org/view.php?id=CVE-2014-9039
20 Nov 2014 — wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-login.php en WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 podría permitir a atacantes remotos reconfigurar las contraseñas mediante el aprovechamiento del acceso a una cuenta de email que recibió un mensaje de reconfiguració... • http://advisories.mageia.org/MGASA-2014-0493.html • CWE-254: 7PK - Security Features CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 2CVE-2014-7824 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-7824
18 Nov 2014 — D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. D-Bus hasta 1.3.0 y 1.6.x antes de 1.6.26, 1.8.x antes de 1.8.10, y 1.9.x antes de 1.9.2 permite a usuarios locales provocar una denegación de servicio (la prevención de nuevas conexiones y caíd... • http://advisories.mageia.org/MGASA-2014-0457.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8764 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8764
22 Oct 2014 — DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. DokuWiki 2014-05-05a y anteriores, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de un nombre de usuario y una contraseña que empiece por un caracter nulo (\0), lo que provoca un bind anónimo. Two vuln... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8763 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8763
22 Oct 2014 — DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\0) y un nombre de usuario válido, lo que provoca un bind no ... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4159 – Mandriva Linux Security Advisory 2015-177
https://notcve.org/view.php?id=CVE-2013-4159
06 Aug 2014 — ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h. ctdb anterior a 2.3 en OpenSUSE 12.3 y 13.1 no crea ficheros temporales con seguridad, lo que tiene un impacto no especificado relacionado con 'varias vulnerabilidades de ficheros temporales' en (1) tcp/tcp_connect... • http://advisories.mageia.org/MGASA-2014-0274.html • CWE-264: Permissions, Privileges, and Access Controls •