MidnightBSD

Advisories for mageia

CVE-2013-4159 HIGH

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
mageia mageia 3.0
mageia mageia 4.0
ctdb_project ctdb 2.1
opensuse opensuse 12.3
ctdb_project ctdb 2.0
ctdb_project ctdb *
opensuse opensuse 13.1
CVE-2014-1829 MEDIUM

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
python requests *
canonical ubuntu_linux 14.04
mageia mageia 4.0
debian debian_linux 7.0
CVE-2014-2524 LOW

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
mageia mageia 3.0
gnu readline 4.2
gnu readline 4.3
gnu readline 5.1
gnu readline 6.2
gnu readline 4.1
opensuse opensuse 13.1
gnu readline *
gnu readline 5.2
gnu readline 2.1
gnu readline 6.1
mageia mageia 4.0
opensuse opensuse 12.3
gnu readline 2.2
gnu readline 4.0
fedoraproject fedora 20
gnu readline 5.0
gnu readline 6.0
CVE-2014-3429 MEDIUM

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
mageia mageia 3.0
opensuse opensuse 13.2
ipython ipython_notebook 0.12.1
ipython ipython_notebook 1.0.0
mageia mageia 4.0
ipython ipython_notebook 0.13.2
ipython ipython_notebook 1.1.0
ipython ipython_notebook 0.13
ipython ipython_notebook 0.13.1
opensuse opensuse 13.1
ipython ipython_notebook 0.12
CVE-2014-3532 LOW

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mageia mageia 3.0
mageia mageia 4.0
oracle solaris 11.3
debian debian_linux 7.0
opensuse opensuse 12.3
freedesktop dbus *
CVE-2014-3566 MEDIUM

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.4 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
netbsd netbsd 5.1.1
novell suse_linux_enterprise_server 12.0
ibm vios 2.2.2.5
netbsd netbsd 6.0.4
openssl openssl 0.9.8g
ibm vios 2.2.2.4
apple mac_os_x *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation_supplementary 7.0
openssl openssl 1.0.1b
opensuse opensuse 13.1
openssl openssl 1.0.0c
redhat enterprise_linux_desktop 6.0
opensuse opensuse 12.3
netbsd netbsd 5.2.2
netbsd netbsd 6.1.3
debian debian_linux 8.0
ibm vios 2.2.0.13
ibm vios 2.2.3.1
openssl openssl 1.0.1h
openssl openssl 0.9.8
openssl openssl 1.0.0k
novell suse_linux_enterprise_software_development_kit 12.0
netbsd netbsd 5.1
openssl openssl 1.0.0a
openssl openssl 0.9.8i
netbsd netbsd 5.2
ibm vios 2.2.1.5
netbsd netbsd 6.0.3
openssl openssl 0.9.8z
ibm vios 2.2.0.11
openssl openssl 0.9.8l
mageia mageia 4.0
fedoraproject fedora 21
redhat enterprise_linux_server_supplementary 5.0
ibm vios 2.2.1.0
ibm vios 2.2.2.3
netbsd netbsd 6.0
openssl openssl 1.0.0i
novell suse_linux_enterprise_desktop 11.0
openssl openssl 0.9.8c
openssl openssl 0.9.8f
ibm vios 2.2.2.2
openssl openssl 0.9.8d
redhat enterprise_linux_server_supplementary 7.0
ibm aix 7.1
ibm aix 6.1
netbsd netbsd 6.0.1
netbsd netbsd 6.1.4
netbsd netbsd 6.0.6
netbsd netbsd 6.1.1
openssl openssl 0.9.8s
openssl openssl 1.0.1e
openssl openssl 0.9.8x
ibm aix 5.3
netbsd netbsd 6.1.2
openssl openssl 1.0.0d
oracle database 11.2.0.4
redhat enterprise_linux_server_supplementary 6.0
oracle database 12.1.0.2
redhat enterprise_linux_server 6.0
openssl openssl 1.0.1f
netbsd netbsd 5.1.2
netbsd netbsd 6.0.5
ibm vios 2.2.1.7
netbsd netbsd 5.1.3
redhat enterprise_linux_server 7.0
openssl openssl 0.9.8r
netbsd netbsd 5.2.1
ibm vios 2.2.1.1
novell suse_linux_enterprise_software_development_kit 11.0
fedoraproject fedora 20
ibm vios 2.2.1.4
openssl openssl 0.9.8n
openssl openssl 0.9.8q
mageia mageia 3.0
openssl openssl 0.9.8o
openssl openssl 0.9.8y
openssl openssl 0.9.8v
openssl openssl 1.0.1g
openssl openssl 0.9.8j
novell suse_linux_enterprise_desktop 9.0
openssl openssl 0.9.8a
openssl openssl 1.0.0
novell suse_linux_enterprise_server 11.0
netbsd netbsd 6.1
ibm vios 2.2.0.10
ibm vios 2.2.3.3
openssl openssl 1.0.1a
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop_supplementary 6.0
ibm vios 2.2.1.9
openssl openssl 1.0.0b
novell suse_linux_enterprise_desktop 10.0
openssl openssl 1.0.0m
openssl openssl 1.0.1c
openssl openssl 0.9.8m
ibm vios 2.2.1.3
debian debian_linux 7.0
redhat enterprise_linux_desktop_supplementary 5.0
fedoraproject fedora 19
openssl openssl 1.0.0h
redhat enterprise_linux_desktop 7.0
ibm vios 2.2.3.4
openssl openssl 0.9.8p
ibm vios 2.2.3.0
openssl openssl 1.0.0e
openssl openssl 1.0.0g
openssl openssl 0.9.8zb
netbsd netbsd 5.1.4
openssl openssl 0.9.8k
openssl openssl 0.9.8e
redhat enterprise_linux_workstation_supplementary 6.0
openssl openssl 0.9.8h
redhat enterprise_linux 5
openssl openssl 0.9.8za
openssl openssl 0.9.8b
ibm vios 2.2.2.1
ibm vios 2.2.0.12
ibm vios 2.2.1.8
openssl openssl 1.0.1
novell suse_linux_enterprise_desktop 12.0
openssl openssl 0.9.8w
openssl openssl 1.0.0l
openssl openssl 0.9.8u
ibm vios 2.2.2.0
openssl openssl 1.0.0j
openssl openssl 1.0.1i
ibm vios 2.2.3.2
openssl openssl 1.0.0f
netbsd netbsd 6.0.2
ibm vios 2.2.1.6
openssl openssl 1.0.0n
openssl openssl 1.0.1d
openssl openssl 0.9.8t
netbsd netbsd 6.1.5
CVE-2014-5461 MEDIUM

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mageia mageia 3.0
lua lua 5.1.3
lua lua 5.2.1
lua lua 5.1.5
lua lua 5.1.1
opensuse opensuse 13.1
lua lua 5.1.4
lua lua 5.2.0
lua lua 5.1.2
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
debian debian_linux 7.0
opensuse opensuse 12.3
lua lua 5.2.2
lua lua 5.1
CVE-2014-6271 HIGH

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_server_tus 7.7
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
apple mac_os_x *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 5.9
redhat enterprise_linux_server_aus 6.2
novell open_enterprise_server 11.0
opensuse opensuse 13.1
ibm qradar_vulnerability_manager 7.2.6
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
canonical ubuntu_linux 14.04
ibm pureapplication_system 2.0.0.0
gnu bash *
redhat enterprise_linux_desktop 6.0
novell zenworks_configuration_management 10.3
opensuse opensuse 12.3
f5 big-ip_edge_gateway *
ibm stn6500_firmware *
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
citrix netscaler_sdx_firmware *
novell zenworks_configuration_management 11.1
f5 big-ip_analytics 11.6.0
redhat enterprise_linux_server_tus 6.5
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
ibm qradar_security_information_and_event_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.2
redhat enterprise_linux_for_scientific_computing 7.0
f5 traffix_signaling_delivery_controller 3.3.2
f5 big-ip_wan_optimization_manager *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
f5 traffix_signaling_delivery_controller *
mageia mageia 4.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm qradar_security_information_and_event_manager 7.2.7
ibm qradar_vulnerability_manager 7.2.2
ibm infosphere_guardium_database_activity_monitoring 8.2
ibm qradar_risk_manager 7.1.0
f5 big-ip_webaccelerator *
qnap qts 4.1.1
f5 big-ip_link_controller *
redhat enterprise_linux_server_aus 5.6
redhat virtualization 3.4
ibm software_defined_network_for_virtual_environments *
ibm storwize_v3500_firmware *
redhat enterprise_linux_desktop 5.0
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm storwize_v5000_firmware *
f5 arx_firmware *
redhat enterprise_linux 6.0
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm qradar_security_information_and_event_manager 7.1.1
opensuse opensuse 13.2
ibm qradar_security_information_and_event_manager 7.2.4
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux 5.0
novell open_enterprise_server 2.0
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm qradar_vulnerability_manager 7.2.4
oracle linux 4
novell zenworks_configuration_management 11.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_server_tus 7.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
checkpoint security_gateway *
ibm stn6800_firmware *
redhat enterprise_linux_eus 7.4
ibm qradar_security_information_and_event_manager 7.1.0
ibm qradar_vulnerability_manager 7.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux 7.0
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_for_power_big_endian 5.0_ppc
redhat enterprise_linux_server 6.0
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
ibm pureapplication_system *
redhat gluster_storage_server_for_on-premise 2.1
oracle linux 6
redhat enterprise_linux_server_from_rhui 5.0
f5 big-ip_advanced_firewall_manager *
ibm smartcloud_provisioning 2.1.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
f5 big-ip_application_acceleration_manager 11.6.0
mageia mageia 3.0
suse linux_enterprise_server 12
f5 big-ip_protocol_security_module *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 6.5
suse linux_enterprise_server 10
suse studio_onsite 1.3
redhat enterprise_linux_eus 7.7
oracle linux 5
novell zenworks_configuration_management 11.3.0
ibm qradar_security_information_and_event_manager 7.1.2
f5 big-ip_application_security_manager 11.6.0
f5 big-iq_device *
ibm workload_deployer *
suse linux_enterprise_desktop 11
redhat enterprise_linux 4.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
redhat enterprise_linux_eus 7.5
ibm qradar_vulnerability_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.2.8
f5 big-ip_policy_enforcement_manager 11.6.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
f5 big-ip_local_traffic_manager 11.6.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
f5 big-iq_security *
ibm qradar_vulnerability_manager 7.2.8
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 10.04
suse linux_enterprise_desktop 12
redhat enterprise_linux_server_aus 6.4
ibm san_volume_controller_firmware *
f5 big-ip_application_security_manager *
ibm smartcloud_entry_appliance 3.2.0
f5 traffix_signaling_delivery_controller 3.4.1
ibm qradar_security_information_and_event_manager 7.2.9
arista eos *
debian debian_linux 7.0
ibm qradar_security_information_and_event_manager 7.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
f5 big-iq_cloud *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
ibm qradar_security_information_and_event_manager 7.2.6
ibm smartcloud_entry_appliance 2.3.0
vmware vcenter_server_appliance 5.1
f5 big-ip_link_controller 11.6.0
ibm qradar_security_information_and_event_manager 7.2.1
vmware esx 4.1
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_server_from_rhui 7.0
vmware vcenter_server_appliance 5.5
suse linux_enterprise_server 11
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 5.0
vmware esx 4.0
ibm qradar_security_information_and_event_manager 7.2.2
ibm starter_kit_for_cloud 2.2.0
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager 11.6.0
redhat enterprise_linux_eus 6.4
f5 big-ip_global_traffic_manager 11.6.0
novell zenworks_configuration_management 11
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_global_traffic_manager *
ibm qradar_vulnerability_manager 7.2.1
vmware vcenter_server_appliance 5.0
redhat enterprise_linux_server_aus 7.4
ibm flex_system_v7000_firmware *
f5 traffix_signaling_delivery_controller 4.1.0
redhat enterprise_linux_eus 7.3
ibm storwize_v7000_firmware *
ibm qradar_security_information_and_event_manager 7.2.8.15
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
ibm stn7800_firmware *
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
ibm smartcloud_entry_appliance 3.1.0
qnap qts *
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
f5 big-ip_access_policy_manager 11.6.0
canonical ubuntu_linux 12.04
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm smartcloud_entry_appliance 2.4.0
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_workstation 5.0
ibm storwize_v3700_firmware *
f5 big-ip_local_traffic_manager *
ibm qradar_security_information_and_event_manager 7.2.5
f5 enterprise_manager *
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_eus 7.6
CVE-2014-7169 HIGH

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_server_tus 7.7
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
apple mac_os_x *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 5.9
redhat enterprise_linux_server_aus 6.2
novell open_enterprise_server 11.0
opensuse opensuse 13.1
ibm qradar_vulnerability_manager 7.2.6
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
canonical ubuntu_linux 14.04
ibm pureapplication_system 2.0.0.0
gnu bash *
redhat enterprise_linux_desktop 6.0
novell zenworks_configuration_management 10.3
opensuse opensuse 12.3
f5 big-ip_edge_gateway *
ibm stn6500_firmware *
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
citrix netscaler_sdx_firmware *
novell zenworks_configuration_management 11.1
f5 big-ip_analytics 11.6.0
redhat enterprise_linux_server_tus 6.5
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
ibm qradar_security_information_and_event_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.2
redhat enterprise_linux_for_scientific_computing 7.0
f5 traffix_signaling_delivery_controller 3.3.2
f5 big-ip_wan_optimization_manager *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
f5 traffix_signaling_delivery_controller *
mageia mageia 4.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm qradar_security_information_and_event_manager 7.2.7
ibm qradar_vulnerability_manager 7.2.2
ibm infosphere_guardium_database_activity_monitoring 8.2
ibm qradar_risk_manager 7.1.0
f5 big-ip_webaccelerator *
qnap qts 4.1.1
f5 big-ip_link_controller *
redhat enterprise_linux_server_aus 5.6
redhat virtualization 3.4
ibm software_defined_network_for_virtual_environments *
ibm storwize_v3500_firmware *
redhat enterprise_linux_desktop 5.0
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm storwize_v5000_firmware *
f5 arx_firmware *
redhat enterprise_linux 6.0
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm qradar_security_information_and_event_manager 7.1.1
opensuse opensuse 13.2
ibm qradar_security_information_and_event_manager 7.2.4
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux 5.0
novell open_enterprise_server 2.0
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm qradar_vulnerability_manager 7.2.4
oracle linux 4
novell zenworks_configuration_management 11.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_server_tus 7.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
checkpoint security_gateway *
ibm stn6800_firmware *
redhat enterprise_linux_eus 7.4
ibm qradar_security_information_and_event_manager 7.1.0
ibm qradar_vulnerability_manager 7.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux 7.0
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_for_power_big_endian 5.0_ppc
redhat enterprise_linux_server 6.0
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
ibm pureapplication_system *
redhat gluster_storage_server_for_on-premise 2.1
oracle linux 6
redhat enterprise_linux_server_from_rhui 5.0
f5 big-ip_advanced_firewall_manager *
ibm smartcloud_provisioning 2.1.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
f5 big-ip_application_acceleration_manager 11.6.0
mageia mageia 3.0
suse linux_enterprise_server 12
f5 big-ip_protocol_security_module *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 6.5
suse linux_enterprise_server 10
suse studio_onsite 1.3
redhat enterprise_linux_eus 7.7
oracle linux 5
novell zenworks_configuration_management 11.3.0
ibm qradar_security_information_and_event_manager 7.1.2
f5 big-ip_application_security_manager 11.6.0
f5 big-iq_device *
ibm workload_deployer *
suse linux_enterprise_desktop 11
redhat enterprise_linux 4.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
redhat enterprise_linux_eus 7.5
ibm qradar_vulnerability_manager 7.2.3
ibm qradar_security_information_and_event_manager 7.2.8
f5 big-ip_policy_enforcement_manager 11.6.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
f5 big-ip_local_traffic_manager 11.6.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
f5 big-iq_security *
ibm qradar_vulnerability_manager 7.2.8
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 10.04
suse linux_enterprise_desktop 12
redhat enterprise_linux_server_aus 6.4
ibm san_volume_controller_firmware *
f5 big-ip_application_security_manager *
ibm smartcloud_entry_appliance 3.2.0
f5 traffix_signaling_delivery_controller 3.4.1
ibm qradar_security_information_and_event_manager 7.2.9
arista eos *
debian debian_linux 7.0
ibm qradar_security_information_and_event_manager 7.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
f5 big-iq_cloud *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
ibm qradar_security_information_and_event_manager 7.2.6
ibm smartcloud_entry_appliance 2.3.0
vmware vcenter_server_appliance 5.1
f5 big-ip_link_controller 11.6.0
ibm qradar_security_information_and_event_manager 7.2.1
vmware esx 4.1
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_server_from_rhui 7.0
vmware vcenter_server_appliance 5.5
suse linux_enterprise_server 11
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 5.0
vmware esx 4.0
ibm qradar_security_information_and_event_manager 7.2.2
ibm starter_kit_for_cloud 2.2.0
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager 11.6.0
redhat enterprise_linux_eus 6.4
f5 big-ip_global_traffic_manager 11.6.0
novell zenworks_configuration_management 11
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_global_traffic_manager *
ibm qradar_vulnerability_manager 7.2.1
vmware vcenter_server_appliance 5.0
redhat enterprise_linux_server_aus 7.4
ibm flex_system_v7000_firmware *
f5 traffix_signaling_delivery_controller 4.1.0
redhat enterprise_linux_eus 7.3
ibm storwize_v7000_firmware *
ibm qradar_security_information_and_event_manager 7.2.8.15
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
ibm stn7800_firmware *
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
ibm smartcloud_entry_appliance 3.1.0
qnap qts *
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
f5 big-ip_access_policy_manager 11.6.0
canonical ubuntu_linux 12.04
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm smartcloud_entry_appliance 2.4.0
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_workstation 5.0
ibm storwize_v3700_firmware *
f5 big-ip_local_traffic_manager *
ibm qradar_security_information_and_event_manager 7.2.5
f5 enterprise_manager *
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_eus 7.6
CVE-2014-7204 MEDIUM

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
mageia mageia 3.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
debian exuberant_ctags 5.8
debian debian_linux 7.0
CVE-2014-8104 MEDIUM

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openvpn openvpn 2.0_test26
openvpn openvpn 2.0_test2
opensuse opensuse 13.1
canonical ubuntu_linux 14.04
openvpn openvpn 2.0.1_rc4
openvpn openvpn 2.0_test18
opensuse opensuse 12.3
openvpn openvpn 2.0_test22
debian debian_linux 8.0
openvpn openvpn 2.0_test5
openvpn openvpn 2.0_rc18
openvpn openvpn 2.0_rc20
openvpn openvpn 2.1
openvpn openvpn 2.1.3
openvpn openvpn 2.0_rc10
openvpn openvpn 2.0_test10
canonical ubuntu_linux 14.10
mageia mageia 4.0
openvpn openvpn 2.0_rc3
openvpn openvpn 2.0_test4
openvpn openvpn 2.3.2
openvpn openvpn 2.0_test21
openvpn openvpn 2.0_rc1
openvpn openvpn 2.0_rc2
openvpn openvpn 2.0_rc6
openvpn openvpn 2.0_rc16
openvpn openvpn_access_server 2.0.5
openvpn openvpn_access_server 2.0.7
openvpn openvpn 2.0_test8
openvpn openvpn 2.0.1_rc5
openvpn openvpn 2.0_test1
opensuse opensuse 13.2
openvpn openvpn 2.0.1_rc1
openvpn openvpn_access_server 2.0.3
openvpn openvpn 2.1.1
openvpn openvpn 2.0.3_rc1
openvpn openvpn 2.2
openvpn openvpn 2.0_rc4
openvpn openvpn 2.0_rc9
openvpn openvpn 2.0_test29
openvpn openvpn_access_server 2.0.10
openvpn openvpn 2.0_test24
openvpn openvpn_access_server 2.0.6
openvpn openvpn 2.0_rc19
openvpn openvpn 2.1.0
openvpn openvpn 2.3
openvpn openvpn 2.2.2
openvpn openvpn 2.0_rc8
openvpn openvpn 2.3.1
openvpn openvpn 2.0_test20
openvpn openvpn 2.0.1_rc2
openvpn openvpn 2.0_rc15
openvpn openvpn 2.0_rc17
openvpn openvpn 2.0_test9
openvpn openvpn 2.3.5
openvpn openvpn 2.0.1_rc3
openvpn openvpn 2.0_test17
openvpn openvpn 2.3.3
openvpn openvpn 2.0.2_rc1
openvpn openvpn 2.2.1
openvpn openvpn 2.0_test14
openvpn openvpn 2.0_rc7
openvpn openvpn 2.0_test11
openvpn openvpn 2.0_test23
openvpn openvpn_access_server 2.0.2
openvpn openvpn 2.0_test6
openvpn openvpn 2.0_test7
openvpn openvpn 2.0_test15
openvpn openvpn 2.0_rc12
debian debian_linux 7.0
openvpn openvpn 2.3.4
openvpn openvpn 2.0.6_rc1
openvpn openvpn 2.0_test19
openvpn openvpn 2.0_test27
openvpn openvpn 2.1.2
openvpn openvpn 2.0_test12
openvpn openvpn 2.0_test25
openvpn openvpn_access_server 2.0.1
openvpn openvpn_access_server 2.0.8
openvpn openvpn 2.0_rc5
openvpn openvpn 2.0_rc13
openvpn openvpn 2.1.4
openvpn openvpn 2.0_rc21
openvpn openvpn 2.0.1_rc7
openvpn openvpn 2.0_test28
openvpn openvpn_access_server 2.0.0
openvpn openvpn 2.2.0
openvpn openvpn 2.0_rc14
openvpn openvpn 2.0.9
openvpn openvpn 2.0_rc11
openvpn openvpn 2.0.1_rc6
canonical ubuntu_linux 12.04
openvpn openvpn 2.0.4
openvpn openvpn 2.0_test3
openvpn openvpn 2.3.0
openvpn openvpn 2.0_test16
CVE-2014-8116 MEDIUM

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
freebsd freebsd *
file_project file 5.20
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.10
CVE-2014-8117 MEDIUM

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
freebsd freebsd *
canonical ubuntu_linux 10.04
file_project file *
canonical ubuntu_linux 14.10
CVE-2014-8136 LOW

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
opensuse opensuse 13.1
opensuse opensuse 13.2
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
redhat enterprise_linux_server 7.0
redhat libvirt -
redhat enterprise_linux_hpc_node 7.0
canonical ubuntu_linux 15.04
CVE-2014-9087 HIGH

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
mageia mageia 3.0
gnupg libksba *
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
debian debian_linux 7.0
gnupg gnupg 2.1.0
debian debian_linux 8.0
canonical ubuntu_linux 14.10
CVE-2014-9116 MEDIUM

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mageia mageia 4.0
debian debian_linux 7.0
mutt mutt 1.5.23
suse linux_enterprise_desktop 12
suse suse_linux_enterprise_server 12
CVE-2014-9253 MEDIUM

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mageia mageia 4.0
dokuwiki dokuwiki *
CVE-2014-9637 HIGH

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
fedoraproject fedora 21
gnu patch *
fedoraproject fedora 20
canonical ubuntu_linux 14.10
CVE-2015-0236 LOW

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
redhat libvirt 1.2.8
canonical ubuntu_linux 15.10
redhat enterprise_linux_desktop 7.0
redhat libvirt 1.2.5
redhat enterprise_linux_workstation 7.0
redhat libvirt 1.2.7
redhat libvirt 1.2.10
redhat libvirt 1.2.6
redhat libvirt *
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
mageia mageia 4.0
redhat libvirt 1.2.9
redhat enterprise_linux_server 7.0
redhat enterprise_linux_hpc_node 7.0
redhat libvirt 1.2.4
redhat libvirt 1.2.0
redhat libvirt 1.2.1
redhat libvirt 1.2.3
redhat libvirt 1.2.2
canonical ubuntu_linux 15.04
CVE-2015-2188 MEDIUM

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
wireshark wireshark 1.10.8
wireshark wireshark 1.10.11
oracle solaris 11.2
opensuse opensuse 13.1
opensuse opensuse 13.2
wireshark wireshark 1.10.1
wireshark wireshark 1.10.12
wireshark wireshark 1.12.2
debian debian_linux 8.0
wireshark wireshark 1.10.7
wireshark wireshark 1.12.3
oracle linux 7
wireshark wireshark 1.10.4
wireshark wireshark 1.10.10
wireshark wireshark 1.12.0
wireshark wireshark 1.10.9
wireshark wireshark 1.10.0
wireshark wireshark 1.10.6
wireshark wireshark 1.10.5
mageia mageia 4.0
debian debian_linux 7.0
wireshark wireshark 1.10.3
wireshark wireshark 1.12.1
wireshark wireshark 1.10.2
CVE-2015-2189 MEDIUM

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
wireshark wireshark 1.10.8
wireshark wireshark 1.10.11
oracle solaris 11.2
opensuse opensuse 13.1
opensuse opensuse 13.2
wireshark wireshark 1.10.1
wireshark wireshark 1.10.12
wireshark wireshark 1.12.2
debian debian_linux 8.0
wireshark wireshark 1.10.7
wireshark wireshark 1.12.3
oracle linux 7
wireshark wireshark 1.10.4
wireshark wireshark 1.10.10
wireshark wireshark 1.12.0
wireshark wireshark 1.10.9
wireshark wireshark 1.10.0
wireshark wireshark 1.10.6
wireshark wireshark 1.10.5
mageia mageia 4.0
debian debian_linux 7.0
wireshark wireshark 1.10.3
wireshark wireshark 1.12.1
wireshark wireshark 1.10.2
CVE-2015-2191 MEDIUM

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
wireshark wireshark 1.10.8
wireshark wireshark 1.10.4
wireshark wireshark 1.10.10
wireshark wireshark 1.12.0
wireshark wireshark 1.10.9
wireshark wireshark 1.10.0
wireshark wireshark 1.10.11
opensuse opensuse 13.1
wireshark wireshark 1.10.6
opensuse opensuse 13.2
wireshark wireshark 1.10.5
wireshark wireshark 1.10.1
mageia mageia 4.0
debian debian_linux 7.0
wireshark wireshark 1.10.12
wireshark wireshark 1.12.2
debian debian_linux 8.0
wireshark wireshark 1.10.7
wireshark wireshark 1.12.3
wireshark wireshark 1.10.3
wireshark wireshark 1.12.1
wireshark wireshark 1.10.2