Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/12/15 9:29 p.m.•46 views

Updated firefox packages fix security vulnerabilities

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash CVE-2018-17466. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to...

9.8CVSS0.9AI score0.09646EPSS
Exploits0References3
Mageia
Mageia
•added 2018/11/27 3:26 p.m.•46 views

Updated libpng(12) packages fix security vulnerability

In libpng until version 1.6.35, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVE-2018-13785 This update fixes it, also providing the...

6.5CVSS5.6AI score0.0447EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/22 10:26 p.m.•46 views

Updated flash-player-plugin packages fix security vulnerability

A critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE-2018-15981...

10CVSS5.2AI score0.11702EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/30 6:1 p.m.•46 views

Updated spamassassin packages fix security vulnerabilities

Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script CVE-2016-1238. A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts CVE-2017-15705. A...

9.8CVSS1.4AI score0.1082EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/30 6:1 p.m.•46 views

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-0500. Zhaoyang Wu discovered tha...

10CVSS10.5AI score0.12058EPSS
Exploits1References12
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•46 views

Updated quazip packages fix security vulnerability

Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar,x...

5.5CVSS3.3AI score0.0595EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/19 6:36 p.m.•46 views

Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...

6.5CVSS2.2AI score0.01476EPSS
Exploits0References3
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•46 views

Updated iceaepe packages fix security vulnerability

Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...

9.8CVSS2.3AI score0.21288EPSS
Exploits7References7
Mageia
Mageia
•added 2018/08/12 8:39 p.m.•46 views

Updated libsndfile packages fix security vulnerabilities

Updated libsndfile package fixes security vulnerabilities: The function d2alawarray in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17456. The function d2ulawarray in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17457. A stack-based buffer...

8.8CVSS5.2AI score0.03574EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/13 7:1 p.m.•46 views

Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin packages fix security vulnerabilities: A type confusion vulnerability that could lead to arbitrary code execution CVE-2018-5007. An out of bounds read that could lead to information disclosure CVE-2018-5008...

8.8CVSS2.6AI score0.18002EPSS
Exploits1References2
Mageia
Mageia
•added 2018/06/04 3:11 p.m.•46 views

Updated python3 packages fix security vulnerabilities

Updated python3 packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...

7.5CVSS3AI score0.05103EPSS
Exploits1References4
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•46 views

Updated libtiff packages fix security vulnerabilities

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-10963 In LibTIFF 4.0.9, a heap-based buffer overflo...

8.8CVSS5.6AI score0.03765EPSS
Exploits2References1
Mageia
Mageia
•added 2018/02/26 11:40 p.m.•46 views

Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...

7.5CVSS0.9AI score0.02979EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•46 views

Updated pure-ftpd packages fix security vulnerability

Fixes loading the configuration file...

6.1CVSS2AI score0.01077EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•46 views

Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...

7.5CVSS6.2AI score0.02434EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/19 10:23 a.m.•46 views

Updated apr packages fix security vulnerability

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak CVE-2017-12613...

7.1CVSS3.2AI score0.01749EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/07 9:7 a.m.•46 views

Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

6.5CVSS1.7AI score0.00538EPSS
Exploits3References2
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•46 views

Updated postgresql9.4 packages fix security vulnerabilities

Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7484. Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection CVE-2017-7485. Andrew Wheelwright...

7.5CVSS2.4AI score0.06331EPSS
Exploits0References4
Mageia
Mageia
•added 2017/05/21 8:28 p.m.•46 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 25.0.0.171 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves a use-after-free vulnerability that could lead to code execution CVE-2017-3071. This...

9.3CVSS4.1AI score0.20353EPSS
Exploits2References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•46 views

Updated libxslt packages fix security vulnerability

Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service application crash or possible execute arbitrary code CVE-2017-5029...

8.8CVSS3.4AI score0.02131EPSS
Exploits0References2
Mageia
Mageia
•added 2017/03/27 1:55 p.m.•46 views

Updated glibc packages fix security vulnerability

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service CVE-2015-5180. Tim Ruehsen discovered that the getaddrinfo implementation in the GNU C Library did not properly track memory allocations. An...

7.5CVSS7.8AI score0.0627EPSS
Exploits0References1
Mageia
Mageia
•added 2017/02/20 1:24 p.m.•46 views

Updated iceape packages fix security vulnerability

Updated Iceape packages derived from Seamonkey include security fixes from Mozilla Firefox: Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Seamonkey before 2.46 allows remote attackers to cause a denial of service boolean out-of-bounds write or possib...

9.8CVSS6.2AI score0.05037EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/27 9:19 a.m.•46 views

Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,...

9.8CVSS4AI score0.33434EPSS
Exploits16References4
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•46 views

Updated bash packages fix security vulnerability

In Bash, the popd command can be tricked to free a user supplied address, which could be used to bypass restricted shells rsh on some environments to cause use-after-free CVE-2016-9401...

6.2CVSS3AI score0.00421EPSS
Exploits0References3
Mageia
Mageia
•added 2016/12/30 3:0 p.m.•46 views

Updated samba packages fix security vulnerability

Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" TGT, which can be used to fully impersonate the...

6.5CVSS3.2AI score0.09199EPSS
Exploits0References2
Mageia
Mageia
•added 2016/12/22 9:41 p.m.•46 views

Updated libgd packages fixe security vulnerabilities

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service CVE-2016-6911. Emmanuel Law discovered that the GD library...

9.8CVSS3.3AI score0.04786EPSS
Exploits0References2
Mageia
Mageia
•added 2016/11/17 4:37 p.m.•46 views

Updated python-pillow packages fix security vulnerabilities

It was discovered that there were a number of memory overflow issues in python-pillow, a Python image manipulation library. CVE-2016-9189 and CVE-2016-9190...

7.8CVSS2.5AI score0.02026EPSS
Exploits0References2
Mageia
Mageia
•added 2016/09/21 8:38 p.m.•46 views

Updated jsch packages fix security vulnerability

It was discovered that there was a path traversal vulnerability in jsch CVE-2016-5725...

5.9CVSS2.5AI score0.24143EPSS
Exploits3References2
Mageia
Mageia
•added 2016/09/21 8:38 p.m.•46 views

Updated icu packages fix security vulnerability

Buffer overflow ICU in the ulocacceptLanguageFromHTTP function CVE-2016-6293...

9.8CVSS3.8AI score0.04957EPSS
Exploits1References2
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•46 views

Updated curl packages fix security vulnerability

libcurl before 7.50.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous...

8.1CVSS1.2AI score0.15063EPSS
Exploits0References4
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•46 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610. Multiple denial of service flaws were found i...

9.6CVSS2.1AI score0.0669EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•46 views

Updated mariadb packages fix security vulnerability

The mariadb package has been updated to version 10.0.26. It fixes several security issues CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440 and other bugs. See the upstream release notes for details...

8.1CVSS4.1AI score0.05826EPSS
Exploits0References3
Mageia
Mageia
•added 2016/04/06 2:9 p.m.•46 views

Updated java packages fix CVE-2016-0636

Updated java-1.8.0-openjdk packages fix security vulnerability: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions CVE-2016-0636. Also, the icedtea-web package has been updated to...

9.3CVSS3.5AI score0.05765EPSS
Exploits0References3
Mageia
Mageia
•added 2016/01/23 11:46 a.m.•46 views

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.0.14 maintenance release. It also fixes the following security issues: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown...

4.3CVSS5.2AI score0.03342EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/16 9:36 p.m.•46 views

Updated krb5 packages fix CVE-2015-2698

Updated krb5 packages fix security vulnerabilities: In any MIT krb5 release with the patches for CVE-2015-2696 applied, an application which calls gssexportseccontext may experience memory corruption if the context was established using the IAKERB mechanism. Historically, some vulnerabilities of...

8.5CVSS8.4AI score0.02891EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/07 8:11 p.m.•46 views

Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: In MIT krb5 1.5 and later, applications which call gssinquirecontext on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. This bug may go unnotice...

7.1CVSS7.7AI score0.06243EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/02 8:21 p.m.•46 views

Updated postgresql packages fix security vulnerabilities

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...

6.4CVSS8.2AI score0.05045EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/17 8:53 a.m.•46 views

Updated flash-player-plugin package fix security vulnerabilities

Adobe Flash Player 11.2.202.540 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2015-7645,...

10CVSS9.1AI score0.68396EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/02 12:38 p.m.•46 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

7.5CVSS9.6AI score0.0608EPSS
Exploits0References8
Mageia
Mageia
•added 2015/09/23 7:42 p.m.•46 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.8.8, completed and graded lesson activity was not protected against making new attempts to answer some questions, so students could re-attempt answering questions in the lesson CVE-2015-5264. In Moodle before 2.8.8, users...

7.5CVSS6.4AI score0.02374EPSS
Exploits0References12
Mageia
Mageia
•added 2015/09/23 7:42 p.m.•46 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox that could cause memory corruption and crashes or potentially allow for arbitrary code execution CVE-2015-4500. Using the...

7.5CVSS10.7AI score0.0608EPSS
Exploits0References8
Mageia
Mageia
•added 2015/08/26 8:36 p.m.•46 views

Updated cgit package fixes security vulnerability

cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue CVE-2014-9390. The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes...

9.8CVSS9.1AI score0.63178EPSS
Exploits5References2
Mageia
Mageia
•added 2015/08/13 8:56 p.m.•46 views

Updated owncloud package fixes security vulnerabilities

In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted CVE-2015-4715. In ownCloud before 6.0.8 and 8.0.4, the...

9CVSS6.8AI score0.03043EPSS
Exploits0References5
Mageia
Mageia
•added 2015/07/27 5:18 p.m.•46 views

Updated thunderbird package fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-2724, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,...

10CVSS6.5AI score0.0587EPSS
Exploits0References5
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•46 views

Updated mysql-connector-java package fixes security vulnerability

Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL...

4.9CVSS8AI score0.0359EPSS
Exploits0References3
Mageia
Mageia
•added 2015/05/11 8:10 p.m.•46 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite...

5CVSS6.4AI score0.05489EPSS
Exploits7References3
Mageia
Mageia
•added 2015/04/03 1:11 p.m.•46 views

Updated mongodb packages fix security vulnerabilities

Updated mongodb packages fix security vulnerability: It was found that the mongod server did not correctly validate certain malformed BSON requests. A remote, unauthenticated attacker could use a specially crafted BSON message to crash a mongod server CVE-2015-1609...

5CVSS7.9AI score0.028EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/22 9:42 p.m.•46 views

Updated libtiff packages fix security vulnerabilities

The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547...

8.8CVSS7.9AI score0.05669EPSS
Exploits3References4
Mageia
Mageia
•added 2015/01/31 1:23 p.m.•46 views

Updated icu packages fix security vulnerabilities

Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...

7.5CVSS9.4AI score0.02217EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•46 views

Updated iceape package fixes security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service memory corruption and...

7.5CVSS10.3AI score0.65657EPSS
Exploits4References9
Total number of security vulnerabilities5000