Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/11/21 12:21 p.m.•54 views

Updated tcpdump package fixes a security vulnerability

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037...

7.5CVSS7.2AI score0.03071EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/24 5:51 p.m.•54 views

Updated nss and firefox packages fix security vulnerabilities

Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

9.8CVSS1.2AI score0.03854EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/06 8:33 p.m.•54 views

Updated postgresql packages fix security vulnerabilities

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

7.3CVSS8.8AI score0.02235EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 8:43 p.m.•54 views

Updated jasper packages fix security vulnerabilities

The jasmatrixbindsub function in jasseq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service invalid read via a crafted image CVE-2017-6851. Heap-based buffer overflow in the jpcdecdecodepkt function in jpct2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified...

7.8CVSS4.6AI score0.04676EPSS
Exploits11References3
Mageia
Mageia
•added 2020/07/05 11:26 a.m.•54 views

Updated tomcat packages fix security vulnerability

Updated tomcat packages fix security vulnerability: When using Apache Tomcat versions 9.0.0.M1 to 9.0.34, if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the PersistenceManager ...

7CVSS4.5AI score0.56636EPSS
Exploits15References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•54 views

Updated sleuthkit packages fix security vulnerability

Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table CVE-2019-14532. In version 4.8.0 and earlier of The Sleuth Kit TSK, there ...

9.8CVSS2.3AI score0.02352EPSS
Exploits2References1
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to...

10CVSS0.1AI score0.05803EPSS
Exploits0References3
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•54 views

Updated http-parser packages fix security vulnerability

http-parser has been updated to fix a security issue. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed VE-2019-15605...

9.8CVSS9.3AI score0.57132EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•54 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS8.2AI score0.78808EPSS
Exploits29References7
Mageia
Mageia
•added 2020/02/21 11:6 p.m.•54 views

Updated postgresql packages fix security vulnerability

Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. Thi...

6.5CVSS7.5AI score0.01183EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•54 views

Updated kernel-linus packages fix security vulnerabilities

This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...

10CVSS9AI score0.08667EPSS
Exploits2References22
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•54 views

Updated samba packages fix security vulnerabilities

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...

6.5CVSS1.7AI score0.03151EPSS
Exploits0References6
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•54 views

Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

7.5CVSS7.7AI score0.04409EPSS
Exploits1References2
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•54 views

Updated firefox packages fix security vulnerability

The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. CVE-2019-11707...

8.8CVSS1.8AI score0.37951EPSS
Exploits7References3
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•54 views

Updated netty & jctools packages fix security vulnerability

handler/ssl/OpenSslEngine.java in Netty before 4.0.37.Final allows remote attackers to cause a denial of service infinite loop CVE-2016-4970...

7.8CVSS5.3AI score0.11259EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/15 10:4 p.m.•54 views

Updated postgresql9.4|6 packages fix security vulnerabilities

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database CVE-2018-1058. Postgresql 9.6.x before 9.6.9 is vulnerable in the adminpac...

9.1CVSS2.1AI score0.14142EPSS
Exploits1References11
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•54 views

Updated firefox packages fix security vulnerability

Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 CVE-2018-5188. Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12359. Mozilla: Use-after-free using focus CVE-2018-12360. Mozilla: Media recorder segmentation fault when track type is changed during capture CVE-2018-515...

9.8CVSS1.2AI score0.04647EPSS
Exploits0References4
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•54 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of data from JCEKS key stores Security, 8189997 CVE-2018-2794 OpenJDK: insufficient consistency checks in deserialization of multiple classes Security,...

8.3CVSS0.7AI score0.15141EPSS
Exploits0References3
Mageia
Mageia
•added 2018/04/13 8:8 p.m.•54 views

Updated samba packages fix security vulnerabilities

It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon CVE-2018-1050. Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDA...

8.8CVSS3.9AI score0.10308EPSS
Exploits1References4
Mageia
Mageia
•added 2018/01/01 1:17 a.m.•54 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.4, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.024EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2017-7779, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753,...

10CVSS4.1AI score0.04187EPSS
Exploits13References4
Mageia
Mageia
•added 2017/08/20 9:10 a.m.•54 views

Updated ruby packages fix security vulnerabilities

It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. CVE-2015-9096 Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this...

9.8CVSS8.6AI score0.06204EPSS
Exploits5References2
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•54 views

Updated php-phpmailer packages fix security vulnerability

It was discovered that php-phpmailer has a XSS vulnerability in the "From Email Address" and "To Email Address" fields of codegenerator.php CVE-2017-11503...

6.1CVSS1.6AI score0.024EPSS
Exploits1References2
Mageia
Mageia
•added 2017/07/28 6:12 p.m.•54 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.2.8, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.8CVSS3AI score0.03024EPSS
Exploits0References8
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•54 views

Updated graphite2 packages fix security vulnerabilities

An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution CVE-2017-5436. Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if...

9.8CVSS2.8AI score0.05216EPSS
Exploits6References3
Mageia
Mageia
•added 2017/06/26 9:37 p.m.•54 views

Updated kernel packages fixes critical security vulnerabilities

This kernel update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...

7.8CVSS3.9AI score0.05186EPSS
Exploits10References11
Mageia
Mageia
•added 2017/06/26 9:37 p.m.•54 views

Updated kernel-tmb packages fixes critical security vulnerabilities

This kernel-tmb update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...

7.8CVSS4AI score0.05186EPSS
Exploits10References11
Mageia
Mageia
•added 2017/05/10 8:47 p.m.•54 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434,...

9.8CVSS3.9AI score0.18756EPSS
Exploits21References4
Mageia
Mageia
•added 2017/03/31 8:28 p.m.•54 views

Updated kernel packages fixes security vulnerability

This kernel update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root...

7.8CVSS4AI score0.01902EPSS
Exploits4References5
Mageia
Mageia
•added 2017/03/23 9:21 p.m.•54 views

Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,...

10CVSS3.9AI score0.17484EPSS
Exploits8References9
Mageia
Mageia
•added 2017/02/18 9:5 p.m.•54 views

Updated tomcat packages fix security vulnerability

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure CVE-2016-8745...

7.5CVSS0.2AI score0.16038EPSS
Exploits0References3
Mageia
Mageia
•added 2016/11/10 2:7 p.m.•54 views

Updated kernel packages fix security vulnerabilities

This update is based on the upstream 4.4.30 kernel and fixes at least these security issues: The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid...

7.8CVSS4.2AI score0.07613EPSS
Exploits0References7
Mageia
Mageia
•added 2016/10/25 11:11 p.m.•54 views

Updated java-1.8.0-openjdk packages fix security vulnerability

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions CVE-2016-5582...

9.6CVSS0.6AI score0.05437EPSS
Exploits0References3
Mageia
Mageia
•added 2016/09/16 9:27 a.m.•54 views

Updated openvpn packages fix security vulnerability

Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. Blowfish cipher as used in OpenVPN by default is vulnerable to this attack, that allows remote attacker to recove...

5.9CVSS4.1AI score0.0594EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•54 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs...

9.3CVSS7.5AI score0.10946EPSS
Exploits4References18
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,...

9.3CVSS4.2AI score0.31046EPSS
Exploits9References12
Mageia
Mageia
•added 2016/01/17 12:26 a.m.•54 views

Updated qemu packages fix security vulnerabilities

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...

9CVSS8.4AI score0.0773EPSS
Exploits3References1
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•54 views

Updated apache-commons-collections packages fix security vulnerability

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS9.8AI score0.83274EPSS
Exploits8References3
Mageia
Mageia
•added 2015/11/04 6:3 p.m.•54 views

Updated firefox, nspr, nss packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196,...

9.8CVSS9.7AI score0.10238EPSS
Exploits0References13
Mageia
Mageia
•added 2015/10/14 8:28 p.m.•54 views

Updated roundcubemail package fixes security vulnerabilities

Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...

9CVSS8.5AI score0.04714EPSS
Exploits2References6
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•54 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...

9.3CVSS6.6AI score0.13288EPSS
Exploits1References5
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,...

10CVSS8.6AI score0.084EPSS
Exploits0References6
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•54 views

Updated chromium-browser package fixes security vulnerability

A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...

5CVSS9.2AI score0.02306EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/13 3:54 p.m.•54 views

Updated qemu packages fix CVE-2015-3456

Updated qemu packages fix security vulnerability: An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller FDC handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially,...

7.7CVSS7.8AI score0.15275EPSS
Exploits1References2
Mageia
Mageia
•added 2015/04/09 10:44 p.m.•55 views

Updated batik packages fix security vulnerabilities

Updated batik packages fix security vulnerability: Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary fil...

6.4CVSS8.8AI score0.16564EPSS
Exploits1References3
Mageia
Mageia
•added 2015/04/03 1:11 p.m.•54 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.8AI score0.67135EPSS
Exploits3References8
Mageia
Mageia
•added 2014/12/13 8:16 p.m.•54 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server...

5.4CVSS6.4AI score0.13451EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•54 views

Updated qemu packages fix security vulnerabilities

The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileg...

7.2CVSS8.3AI score0.03742EPSS
Exploits0References5
Mageia
Mageia
•added 2014/10/31 3:53 p.m.•54 views

Updated [package] package fix CVE-2014-3710

Updated file packages fix security vulnerability: An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash CVE-2014-3710...

5CVSS7.3AI score0.14013EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/18 5:55 p.m.•54 views

Updated musl package fixes CVE-2014-3484

Updated musl package fixes security vulnerability: A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo,...

9.8CVSS9.4AI score0.0215EPSS
Exploits0References2
Total number of security vulnerabilities5000