Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2016/05/12 8:0 p.m.•48 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.621 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-1105,...

10CVSS2.6AI score0.94354EPSS
Exploits14References2
Mageia
Mageia
•added 2016/03/07 6:3 p.m.•48 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image CVE-2016-2089. Jacob Baines discovered that a double free...

7.6CVSS5.6AI score0.03269EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary...

10CVSS8.7AI score0.06058EPSS
Exploits1References10
Mageia
Mageia
•added 2015/10/30 8:11 p.m.•48 views

Updated ntp package fixes security vulnerabilities

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...

9.8CVSS9AI score0.31068EPSS
Exploits4References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•48 views

Updated util-linux packages fix CVE-2015-5224

Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...

9.8CVSS9.1AI score0.04526EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/11 8:10 p.m.•48 views

Updated pnp4nagios packages fix security vulnerabilities

Updated pnp4nagios package fixes security vulnerabilities: Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error...

4.3CVSS5.5AI score0.02214EPSS
Exploits2References2
Mageia
Mageia
•added 2015/04/09 10:54 p.m.•48 views

Updated openldap packages fix CVE-2015-1545

Updated openldap packages fix security vulnerability: The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL pointer when a search request includes the Deref control with an empty list of attributes to return missing input validation. This allows a remote unauthenticated client to...

5CVSS7.6AI score0.11091EPSS
Exploits1References2
Mageia
Mageia
•added 2015/04/09 10:44 p.m.•48 views

Updated jakarta-taglibs-standard packages fix CVE-2015-0254

Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

7.5CVSS9.1AI score0.1326EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/05 4:30 p.m.•48 views

Updated libvirt packages fix CVE-2014-8136

Updated libvirt packages fix security vulnerability: The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemudriver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors CVE-2014-8136...

2.1CVSS6.1AI score0.00394EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/19 3:17 p.m.•48 views

Updated docuwiki package fixes CVE-2014-9253

Updated dokuwiki package fix a security vulnerability: Our current dokuwiki-20140929-1.1.mga4 package uses dokuwiki-2014-09-29a source which allows swf application/x-shockwave-flash uploads by default. This may be used for Cross-site scripting XSS attack which enables attackers to inject...

4.3CVSS5.8AI score0.02365EPSS
Exploits0References5
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•48 views

Updated iceape package fixes security vulnerabilities

When the oxygen-gtk was active and iceape tried to draw a menu for example after a mouse down event on the menu bar, a segmentation fault was triggered causing iceape to crash. The oxygen-gtk theme engine contains a solution for this problem, this is now enabled for iceape. MGA 12978 Mozilla...

6.8CVSS8.1AI score0.04052EPSS
Exploits0References10
Mageia
Mageia
•added 2014/11/25 9:21 a.m.•48 views

Updated graphicsmagick packages fix security vulnerability

GraphicsMagick is vulnerable to an out of bounds read / heap Overflow in the function ReadPCXImage in the file pcx.c. This can be exploited by a crafted image file to cause a denial of service CVE-2014-8355...

5.5CVSS6.2AI score0.02082EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/25 9:21 a.m.•48 views

Updated chromium-browser-stable fixes multiple security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors CVE-2014-7904. Use-after-free...

7.5CVSS7.3AI score0.07653EPSS
Exploits0References4
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•48 views

Updated php-smarty packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the SmartyException class in Smarty aka smarty-php before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception CVE-2012-4437. Smarty before 3.1.21 allows remote attackers to bypass t...

7.5CVSS6.2AI score0.03127EPSS
Exploits1References2
Mageia
Mageia
•added 2014/10/09 2:6 p.m.•48 views

Updated perl packages fix CVE-2014-4330

Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which trigge...

2.1CVSS7.4AI score0.00554EPSS
Exploits3References4
Mageia
Mageia
•added 2014/09/28 12:17 p.m.•48 views

Updated kernel & related packages provide 3.10 longterm support branch

This kernel update provides an update based on upstream 3.10.54 from the 3.10 -longterm branch. It also fixes the following security issue: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping...

4.3CVSS7.1AI score0.01168EPSS
Exploits1References5
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•48 views

Updated moodle packages fix security vulnerbilities

Updated moodle packages fix security vulnerabilities: In Moodle before 2.6.5, users who had not yet posted the required answer in a Q forum in order to access past posts were able to see the name of the last person who had posted, as other authors are visible in /mod/forum/view.php before the...

4CVSS9.5AI score0.01143EPSS
Exploits0References5
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•48 views

Updated bugzilla packages fix a CSRF vulnerability

Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...

4.3CVSS6.3AI score0.00542EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•48 views

Updated subversion packages fix CVE-2014-3528

Updated subversion packages fix security vulnerability: Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server CVE-2014-3528. The subversion package has been patched t...

4CVSS8.9AI score0.07495EPSS
Exploits0References3
Mageia
Mageia
•added 2014/07/26 12:52 p.m.•48 views

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-4046. Asterisk Open...

6.5CVSS7AI score0.05679EPSS
Exploits0References5
Mageia
Mageia
•added 2014/05/29 7:1 a.m.•48 views

Updated libvirt packages fix multiple vulnerabilities

Updated libvirt packages fix security vulnerabilities: The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...

5.8CVSS7.2AI score0.00573EPSS
Exploits0References6
Mageia
Mageia
•added 2014/05/08 9:51 p.m.•48 views

Updated kernel-linus packages fixes multiple bugs and vulnerabilities

Updated kernel-linus provides upstream 3.12.18 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that...

7.4CVSS8.6AI score0.00816EPSS
Exploits3References9
Mageia
Mageia
•added 2014/05/02 6:3 p.m.•48 views

Updated firefox & thunderbird packages fix multiple vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

9.8CVSS8.6AI score0.07543EPSS
Exploits5References12
Mageia
Mageia
•added 2014/04/24 7:4 p.m.•48 views

Updated squid package fixes CVE-2014-0128

Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128...

5CVSS6.3AI score0.32862EPSS
Exploits1References5
Mageia
Mageia
•added 2014/04/17 8:33 p.m.•48 views

Updated openjpeg packages fix security vulnerability

Updated openjpeg packages fix security vulnerability: A heap-based buffer overflow was found in the way openjpeg parsed certain image files from a JPEG2000 image. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash or,...

8.8CVSS9.2AI score0.01828EPSS
Exploits0References2
Mageia
Mageia
•added 2014/04/03 12:16 a.m.•48 views

Updated tomcat package fixes security vulnerabilities

Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via 1 multiple...

5.8CVSS3.3AI score0.16833EPSS
Exploits5References2
Mageia
Mageia
•added 2014/03/07 8:12 p.m.•48 views

Updated mediawiki packages fix multiple vulnerabilities

Updated mediawiki packages fix security vulnerabilities: MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files...

5.8CVSS7.7AI score0.0245EPSS
Exploits3References3
Mageia
Mageia
•added 2014/03/07 2:18 p.m.•48 views

Updated file packages fix CVE-2014-2270

Updated file packages fix security vulnerability: A flaw was found in the way the file utility determined the type of Portable Executable PE format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code...

4.3CVSS8AI score0.04318EPSS
Exploits1References4
Mageia
Mageia
•added 2014/03/03 8:1 p.m.•48 views

Updated egroupware package fixes security vulnerability

eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027...

7.5CVSS7.4AI score0.04079EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/02 8:53 p.m.•48 views

Updated mediawiki packages fix security vulnerabilities

MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS CVE-2013-6451. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lea...

7.5CVSS7.7AI score0.42777EPSS
Exploits12References6
Mageia
Mageia
•added 2014/02/27 10:7 p.m.•48 views

Updated chromium-browser-stable packages address multiple vulnerabilities

Use-after-free related to web contents CVE-2013-6653. Bad cast in SVG CVE-2013-6654. Use-after-free in layout CVE-2013-6655. Information leaks in XSS auditor CVE-2013-6656, CVE-2013-6657. Use-after-free in layout CVE-2013-6658. Issue with certificates validation in TLS handshake CVE-2013-6659...

7.5CVSS2.2AI score0.02057EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/25 9:49 p.m.•48 views

Updated phpseclib and phpmyadmin packages fix security vulnerability

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provides the latest phpmyadmin version 4.1.8 to address this vulnerabilit...

3.5CVSS5.3AI score0.00967EPSS
Exploits1References3
Mageia
Mageia
•added 2014/01/31 4:44 p.m.•48 views

Updated ntp packages work around security vulnerability

The "monlist" command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is...

5CVSS2AI score0.97549EPSS
Exploits23References4
Mageia
Mageia
•added 2014/01/06 1:17 a.m.•48 views

Updated firefox and thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird CVE-2013-5609,...

10CVSS4.4AI score0.11076EPSS
Exploits7References12
Mageia
Mageia
•added 2013/12/17 11:27 p.m.•48 views

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresse...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
•added 2013/11/20 8:54 p.m.•48 views

Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities

Updated nspr and nss packages fix security vulnerabilities: Potentially exploitable buffer overflow in NSS before 3.15.3 that allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets CVE-2013-5605. The CERTVerifyCert function in...

7.5CVSS4.8AI score0.84424EPSS
Exploits0References6
Mageia
Mageia
•added 2013/10/05 5:53 p.m.•48 views

Updated polkit package and the packages that call polkit fixes security vulnerability

A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges CVE-2013-4288...

7.2CVSS0.7AI score0.00419EPSS
Exploits0References6
Mageia
Mageia
•added 2013/07/21 8:16 p.m.•48 views

Updated squid packages fix security vulnerability

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

7.5CVSS1AI score0.43261EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/01 7:12 p.m.•48 views

Updated chromium-browser-stable packages fixes security vulnerabilities

Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors CVE-2013-2837. Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service...

10CVSS6.6AI score0.11999EPSS
Exploits1References6
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•47 views

Updated calibre packages fix security vulnerabilities

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root. CVE-2023-46303 Path traversal in Calibre = 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. CVE-2024-6781 Improper access control i...

9.8CVSS8.4AI score0.83393EPSS
Exploits11References2
Mageia
Mageia
•added 2024/07/04 4:48 p.m.•47 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Dawn. CVE-2024-6290, CVE-2024-6292, CVE-2024-6293 Use after free in Swiftshader. CVE-2024-6291...

8.8CVSS7.8AI score0.00546EPSS
Exploits4References2
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•47 views

Updated python-requests packages fix security vulnerability

CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify bsc1224788...

5.6CVSS6.3AI score0.0034EPSS
Exploits0References6
Mageia
Mageia
•added 2024/05/25 11:39 p.m.•47 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.76 release. It includes 6 security fixes Please, do note, that since some versions ago, only x8664 is supported. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for th...

8.8CVSS8.3AI score0.00772EPSS
Exploits4References1
Mageia
Mageia
•added 2024/04/19 1:16 a.m.•47 views

Updated libreswan packages fix security vulnerability

CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affect...

6.5CVSS7AI score0.008EPSS
Exploits0References1
Mageia
Mageia
•added 2024/04/10 4:3 a.m.•47 views

Updated libreoffice packages fix security vulnerabilities

Improper input validation enabling arbitrary Gstreamer pipeline injection. CVE-2023-6185 Link targets allow arbitrary script execution. CVE-2023-6186...

8.8CVSS8AI score0.01017EPSS
Exploits0References4
Mageia
Mageia
•added 2024/03/26 8:0 a.m.•47 views

Updated gnutls packages fix security vulnerabilities

The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits,...

5.3CVSS6.6AI score0.00718EPSS
Exploits0References2
Mageia
Mageia
•added 2024/03/24 4:57 a.m.•47 views

Updated freeimage packages fix security vulnerabilities

Buffer Overflow vulnerability in FreeImageAllocateBitmap. CVE-2023-47995 Infinite loop exits in Load in PluginTIFF.cpp. CVE-2023-47997...

6.5CVSS6.9AI score0.00883EPSS
Exploits1References2
Mageia
Mageia
•added 2024/03/22 12:19 a.m.•47 views

Updated apache-mod_auth_openidc packages fix security vulnerability

Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...

7.5CVSS6.9AI score0.01261EPSS
Exploits1References3
Mageia
Mageia
•added 2024/03/22 12:19 a.m.•47 views

Updated libuv packages fix security vulnerability

It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...

7.3CVSS7AI score0.02003EPSS
Exploits1References4
Mageia
Mageia
•added 2024/03/20 9:19 p.m.•47 views

Updated libtiff packages fix security vulnerabilities

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service application crash or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVE-2023-40745 A vulnerability was found in libtiff due to...

6.5CVSS8AI score0.01131EPSS
Exploits0References2
Total number of security vulnerabilities5000