Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2015/10/30 8:11 p.m.•47 views

Updated ntp package fixes security vulnerabilities

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...

9.8CVSS9AI score0.31068EPSS
Exploits4References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•47 views

Updated util-linux packages fix CVE-2015-5224

Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...

9.8CVSS9.1AI score0.04526EPSS
Exploits0References2
Mageia
Mageia
•added 2015/08/11 8:22 p.m.•47 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.508 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2015-5128,...

10CVSS7.9AI score0.65956EPSS
Exploits5References2
Mageia
Mageia
•added 2015/06/24 5:58 a.m.•47 views

Updated flash-player-plugin package fixes security vulnerability

Adobe Flash Player 11.2.202.468 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via...

10CVSS7.9AI score0.9994EPSS
Exploits9References3
Mageia
Mageia
•added 2015/05/03 12:19 a.m.•47 views

Updated directfb packages fix security vulnerabilities

Updated directfb packages fix security vulnerabilities: Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo...

10CVSS7.8AI score0.06776EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/23 9:14 p.m.•47 views

Updated lftp packages fix CVE-2014-0139

Updated lftp packages fix security vulnerability: lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or ju...

5.8CVSS6.4AI score0.04888EPSS
Exploits0References3
Mageia
Mageia
•added 2015/04/04 10:45 a.m.•47 views

Updated cups-filters packages fix CVE-2015-2265

Updated cups-filters package fixes security vulnerability: cups-browsed in cups-filters before 1.0.66 contained a bug in the removebadchars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary...

7.5CVSS6.8AI score0.02958EPSS
Exploits1References3
Mageia
Mageia
•added 2015/03/19 4:47 p.m.•47 views

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: The function ASN1TYPEcmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1TYPEcmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verificati...

6.8CVSS7.6AI score0.21247EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/06 6:8 p.m.•47 views

Updated putty and filezilla packages fix CVE-2015-2157

Updated putty and filezilla packages fix security vulnerability: PuTTY suite versions 0.51 to 0.63 fail to clear SSH-2 private key information from memory when loading and saving key files to disk, leading to potential disclosure. The issue affects keys stored on disk in encrypted and unencrypted...

2.1CVSS6AI score0.00585EPSS
Exploits0References5
Mageia
Mageia
•added 2015/01/14 9:55 p.m.•47 views

Updated python-pip packages fix CVE-2014-8991

Updated python-pip packages fix security vulnerability: pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user CVE-2014-8991...

2.1CVSS5.7AI score0.00393EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/14 2:10 p.m.•47 views

Updated rpm packages fix security vulnerabilities

It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and...

10CVSS7.7AI score0.07669EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/14 2:10 p.m.•47 views

Updated cpio package fixes security vulnerability

Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive CVE-2014-9112. Additionally, a null pointer dereference in the copyinlink function which could cause a denial of service has als...

5CVSS6.6AI score0.07093EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•47 views

Updated openafs packages fix security vulnerabilies

Updated openafs packages fix security vulnerabilities: Buffer overflow in the GetStatistics64 remote procedure call RPC in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service crash via a crafted statsVersion argument CVE-2014-0159. OpenAFS before 1.6.7 delays the listen thre...

5CVSS6.4AI score0.02179EPSS
Exploits1References14
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•47 views

Updated mediawiki packages fix security vulnerabilies

In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML CVE-2014-9276. MediaWiki's mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from th...

7.5CVSS9.1AI score0.01965EPSS
Exploits1References3
Mageia
Mageia
•added 2014/11/25 9:21 a.m.•47 views

Updated graphicsmagick packages fix security vulnerability

GraphicsMagick is vulnerable to an out of bounds read / heap Overflow in the function ReadPCXImage in the file pcx.c. This can be exploited by a crafted image file to cause a denial of service CVE-2014-8355...

5.5CVSS6.2AI score0.02082EPSS
Exploits0References2
Mageia
Mageia
•added 2014/10/09 2:39 p.m.•47 views

Updated python-requests packages fix security vulnerabilities

Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...

5CVSS6.2AI score0.022EPSS
Exploits0References3
Mageia
Mageia
•added 2014/09/22 8:31 a.m.•47 views

Updated zarafa packages fix multiple vulnerabilities

Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server CVE-2014-0103. Rober...

5.5CVSS5.9AI score0.00424EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•47 views

Updated glibc packages fix security issues

Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC and LANG variables. Together with typical OpenSSH configurations with suitable AcceptEnv settings in sshdconfig, this could conceivably be used to...

7.5CVSS7.8AI score0.03922EPSS
Exploits3References4
Mageia
Mageia
•added 2014/06/06 5:54 p.m.•47 views

Updated php packages fix CVE-2014-0237-8

Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...

5CVSS7.2AI score0.20805EPSS
Exploits0References5
Mageia
Mageia
•added 2014/05/10 7:44 p.m.•47 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: A type confusion issue was discovered in the v8 javascript library CVE-2014-1730. John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation CVE-2014-1731. Khalil Zhani discovered a...

7.8CVSS6.5AI score0.03225EPSS
Exploits0References3
Mageia
Mageia
•added 2014/03/03 8:1 p.m.•47 views

Updated egroupware package fixes security vulnerability

eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027...

7.5CVSS7.4AI score0.04079EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/27 10:7 p.m.•47 views

Updated chromium-browser-stable packages address multiple vulnerabilities

Use-after-free related to web contents CVE-2013-6653. Bad cast in SVG CVE-2013-6654. Use-after-free in layout CVE-2013-6655. Information leaks in XSS auditor CVE-2013-6656, CVE-2013-6657. Use-after-free in layout CVE-2013-6658. Issue with certificates validation in TLS handshake CVE-2013-6659...

7.5CVSS2.2AI score0.02057EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/11 10:38 p.m.•47 views

Updated kernel-vserver packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2014/01/31 4:44 p.m.•47 views

Updated ntp packages work around security vulnerability

The "monlist" command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is...

5CVSS2AI score0.97549EPSS
Exploits23References4
Mageia
Mageia
•added 2013/11/18 2:39 p.m.•47 views

Updated thunderbird package fixes security vulnerabilities

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602...

10CVSS2.5AI score0.06493EPSS
Exploits0References9
Mageia
Mageia
•added 2013/09/19 9:45 a.m.•47 views

Updated python-django package fixes multiple vulnerabilities

Updated python-django package fixes security vulnerabilities: Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to...

5CVSS0.7AI score0.03182EPSS
Exploits3References4
Mageia
Mageia
•added 2013/07/21 8:16 p.m.•47 views

Updated squid packages fix security vulnerability

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

7.5CVSS1AI score0.43261EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/21 9:31 a.m.•47 views

Updated xlockmore package fixes security vulnerability

xlockmore before 5.43 contains a security flaw related to potential NULL pointer dereferences when authenticating via glibc 2.17+'s crypt function. Under certain conditions the NULL pointers can trigger a crash in xlockmore effectively bypassing the screen lock CVE-2013-4143...

2.1CVSS4.6AI score0.00397EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/01 7:17 p.m.•47 views

Updated xen package fixes security issues

This update fixes the following security issues: XSA-52/CVE-2013-2076: Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-53/CVE-2013-2077: Hypervisor crash due to missing exception recovery on XRSTOR XSA-54/CVE-2013-2078: Hypervisor crash due to missing exception recovery on XSETBV...

7.4CVSS1.3AI score0.01058EPSS
Exploits0References1
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•47 views

Updated php-geshi package fix security vulnerabilities

A directory traversal and information disclosure local file inclusion flaws were found in the cssgen contrib module application to generate custom CSS files of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote...

4.3CVSS1.4AI score0.0163EPSS
Exploits1References1
Mageia
Mageia
•added 2024/07/16 3:21 a.m.•46 views

Updated nss & firefox packages fix security vulnerabilities

Memory corruption in WebGL API. CVE-2024-6600 Race condition in permission assignment. CVE-2024-6601 Memory corruption in NSS. CVE-2024-6602 Memory corruption in thread creation. CVE-2024-6603 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. CVE-2024-6604...

9.8CVSS8.1AI score0.00977EPSS
Exploits0References4
Mageia
Mageia
•added 2024/06/17 5:44 p.m.•46 views

Updated cups packages fix security vulnerability

When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target...

6.7CVSS7AI score0.02421EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•46 views

Updated python-requests packages fix security vulnerability

CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify bsc1224788...

5.6CVSS6.3AI score0.0034EPSS
Exploits0References6
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•46 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...

7.8CVSS7.9AI score0.00415EPSS
Exploits1References3
Mageia
Mageia
•added 2024/04/19 1:16 a.m.•46 views

Updated libreswan packages fix security vulnerability

CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affect...

6.5CVSS7AI score0.008EPSS
Exploits0References1
Mageia
Mageia
•added 2024/04/13 4:56 p.m.•46 views

Updated golang packages fix security vulnerability

CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References2
Mageia
Mageia
•added 2024/03/31 3:27 a.m.•46 views

Updated emacs packages fix security vulnerabilities

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. CVE-2024-30202 In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

7.8CVSS7.7AI score0.01108EPSS
Exploits0References3
Mageia
Mageia
•added 2024/03/21 4:56 a.m.•46 views

Updated python-scipy packages fix security vulnerability

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in PyFindObjects function. CVE-2023-25399...

5.5CVSS7.2AI score0.00385EPSS
Exploits1References2
Mageia
Mageia
•added 2024/01/25 11:21 a.m.•46 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.224 release. 4 vulnerabilities are fixed; some of them are listed below: High CVE-2024-0517: Out of bounds write in V8. Reported by Toan suto Pham of Qrious Secure on 2024-01-06. High CVE-2024-0518: Type Confusion in V8...

8.8CVSS7.2AI score0.21697EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•46 views

Updated firefox/nss packages fix security vulnerability

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS CVE-2023-37201. Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free in...

8.8CVSS8.9AI score0.00755EPSS
Exploits0References4
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•46 views

Updated patchelf packages fix security vulnerability

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. CVE-2022-44940...

9.1CVSS7.2AI score0.01042EPSS
Exploits1References2
Mageia
Mageia
•added 2023/03/24 5:55 a.m.•46 views

Updated gssntlmssp packages fix security vulnerability

Multiple out-of-bounds read when decoding NTLM fields. CVE-2023-25563 Memory corruption when decoding UTF16 strings. CVE-2023-25564 Incorrect free when decoding target information. CVE-2023-25565 Memory leak when parsing usernames. CVE-2023-25566 Out-of-bounds read when decoding target informatio...

8.2CVSS8AI score0.01942EPSS
Exploits0References2
Mageia
Mageia
•added 2023/03/01 9:14 p.m.•46 views

Updated libraw packages fix security vulnerability

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::getschar, int in /src/libraw/src/librawdatastream.cpp. CVE-2021-32142...

7.8CVSS4.9AI score0.00424EPSS
Exploits1References2
Mageia
Mageia
•added 2023/03/01 9:14 p.m.•46 views

Updated binwalk packages fix security vulnerability

Remote code execution using crafted PFS filesystem. CVE-2022-4510...

7.8CVSS3AI score0.21845EPSS
Exploits8References3
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•46 views

Updated vim packages fix security vulnerability

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. CVE-2023-0049...

7.8CVSS7.8AI score0.00471EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•46 views

Updated jbigkit packages fix security vulnerability

JBIG-KIT could be made to crash if it opened a specially crafted file. CVE-2017-9937...

6.5CVSS2.5AI score0.02846EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/04 9:16 p.m.•46 views

Updated ntfs-3g packages fix security vulnerability

NTFS-3G could be made to crash or run programs as an administrator if it mounted a specially crafted disk. CVE-2022-40284...

7.8CVSS2.8AI score0.00347EPSS
Exploits0References4
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•46 views

Updated firefox/nss packages fix security vulnerability

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin CVE-2022-38472. A cross-origin iframe referencing ...

8.8CVSS0.5AI score0.00905EPSS
Exploits0References6
Mageia
Mageia
•added 2022/08/13 2:32 a.m.•46 views

Updated ruby-sinatra packages fix security vulnerability

Sinatra before 2.2.0 does not validate that the expanded path matches publicdir when serving static files. CVE-2022-29970...

7.5CVSS2AI score0.02059EPSS
Exploits0References2
Mageia
Mageia
•added 2022/06/30 9:31 p.m.•46 views

Updated python-bottle packages fix security vulnerability

Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799...

9.8CVSS3.1AI score0.01869EPSS
Exploits0References4
Total number of security vulnerabilities5000