Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2019/09/15 12:11 p.m.45 views

Updated poppler packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an...

6.5CVSS1.4AI score0.02486EPSS
Exploits1References2
Mageia
Mageia
added 2019/08/31 1:22 p.m.46 views

Updated ghostscript packages fix security vulnerability

Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate...

7.8CVSS2.3AI score0.02295EPSS
Exploits0References4
Mageia
Mageia
added 2019/05/19 11:27 a.m.45 views

Updated tomcat-native packages fix security vulnerability

When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS CVE-2018-8019. Did not properly check OCSP...

7.4CVSS2.6AI score0.04199EPSS
Exploits0References2
Mageia
Mageia
added 2019/03/21 4:36 p.m.45 views

Updated ansible packages fix security vulnerability

The user module leaked parameters passed to ssh-keygen to the process environment CVE-2018-16837. The fetch module was susceptible to path traversal CVE-2019-3828...

4.2CVSS2.9AI score0.00522EPSS
Exploits0References2
Mageia
Mageia
added 2019/01/23 3:50 p.m.45 views

Updated wavpack packages fix security vulnerabilities

Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service CVE-2018-6767. It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cau...

7.8CVSS2.6AI score0.09905EPSS
Exploits10References5
Mageia
Mageia
added 2019/01/15 10:15 p.m.45 views

Updated nss packages fix security vulnerability

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys CVE-2018-0495...

4.7CVSS2.6AI score0.00887EPSS
Exploits1References2
Mageia
Mageia
added 2019/01/11 9:7 p.m.45 views

Updated spice-vdagent package fixes security vulnerability

Improperly escaped save directory that is passed to the shell allows local attacker with access to the session the agent runs to inject arbitrary commands to be executed CVE-2017-15108...

7.8CVSS4AI score0.00419EPSS
Exploits0References2
Mageia
Mageia
added 2019/01/10 10:53 a.m.45 views

Updated live, ffmpeg, mplayer, and vlc packages fix security vulnerabilities

A bug in the server implementation of RTSP-over-HTTP in live could allow a denial-of-service attack. A bug in the server implementation of RTSP-over-HTTP could allow a buffer overflow, which could result in the execution of arbitrary code when parsing a malformed RTSP stream CVE-2018-4013. The...

10CVSS5AI score0.09487EPSS
Exploits3References4
Mageia
Mageia
added 2018/12/31 10:42 p.m.45 views

Updated python-lxml packages fix security vulnerability

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer CVE-2018-19787...

6.1CVSS2.5AI score0.02438EPSS
Exploits1References2
Mageia
Mageia
added 2018/12/15 9:29 p.m.45 views

Updated nss packages fix security vulnerability

Cache side-channel variant of the Bleichenbacher attack.CVE-2018-12404...

5.9CVSS2.7AI score0.44398EPSS
Exploits0References2
Mageia
Mageia
added 2018/10/30 6:1 p.m.45 views

Updated spamassassin packages fix security vulnerabilities

Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script CVE-2016-1238. A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts CVE-2017-15705. A...

9.8CVSS1.4AI score0.1082EPSS
Exploits0References2
Mageia
Mageia
added 2018/08/31 9:11 p.m.45 views

Updated quazip packages fix security vulnerability

Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar,x...

5.5CVSS3.3AI score0.0595EPSS
Exploits0References2
Mageia
Mageia
added 2018/08/19 6:36 p.m.45 views

Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...

6.5CVSS2.2AI score0.01476EPSS
Exploits0References3
Mageia
Mageia
added 2018/08/12 8:39 p.m.45 views

Updated libsndfile packages fix security vulnerabilities

Updated libsndfile package fixes security vulnerabilities: The function d2alawarray in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17456. The function d2ulawarray in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17457. A stack-based buffer...

8.8CVSS5.2AI score0.03574EPSS
Exploits0References2
Mageia
Mageia
added 2018/07/13 7:1 p.m.45 views

Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin packages fix security vulnerabilities: A type confusion vulnerability that could lead to arbitrary code execution CVE-2018-5007. An out of bounds read that could lead to information disclosure CVE-2018-5008...

8.8CVSS2.6AI score0.18002EPSS
Exploits1References2
Mageia
Mageia
added 2018/06/14 6:14 p.m.45 views

Updated jasper packages fix security vulnerabilities

Updated japser packages fix security vulnerabilities: An assertion failure was possible to trigger in JPCNOMINALGAIN CVE-2016-9396. Denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c could lead to denial of service CVE-2018-9055...

7.5CVSS3.1AI score0.05686EPSS
Exploits1References4
Mageia
Mageia
added 2018/06/04 3:11 p.m.45 views

Updated python3 packages fix security vulnerabilities

Updated python3 packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...

7.5CVSS3AI score0.05103EPSS
Exploits1References4
Mageia
Mageia
added 2018/05/16 8:24 a.m.45 views

Updated libtiff packages fix security vulnerabilities

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-10963 In LibTIFF 4.0.9, a heap-based buffer overflo...

8.8CVSS5.6AI score0.03765EPSS
Exploits2References1
Mageia
Mageia
added 2018/01/03 6:52 p.m.45 views

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop...

7.5CVSS1.2AI score0.23633EPSS
Exploits0References2
Mageia
Mageia
added 2018/01/03 10:32 a.m.45 views

Updated elfutils packages fix security vulnerabilities

The elfutils package has been updated to version 0.169 to fix several bugs that can lead to memory allocation failures or heap overflows CVE-2016-10254, CVE-2016-10255, CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613...

5.5CVSS3.6AI score0.02126EPSS
Exploits7References10
Mageia
Mageia
added 2017/12/31 3:14 p.m.45 views

Updated icu packages fix security vulnerability

Integer overflow in ICU in the Persian calendar CVE-2017-15422...

6.5CVSS5AI score0.02479EPSS
Exploits0References3
Mageia
Mageia
added 2017/11/19 10:23 a.m.45 views

Updated apr packages fix security vulnerability

An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak CVE-2017-12613...

7.1CVSS3.2AI score0.01749EPSS
Exploits0References2
Mageia
Mageia
added 2017/11/19 10:23 a.m.45 views

Updated jq packages fix security vulnerabilities

A heap-based buffer overflow flaw was found in jq's tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system CVE-2015-8863. Stack exhaustion could affect...

10CVSS9.2AI score0.07495EPSS
Exploits1References2
Mageia
Mageia
added 2017/11/16 7:39 a.m.45 views

Updated flash-player-plugin packages fixes security vulnerabilities

Adobe Flash Player 27.0.0.187 addresses critical vulnerabilities that could lead to code execution. The update fixes out-of-bounds reads CVE-2017-3112, CVE-2017-3114, CVE-2017-11213 and use-after-free issues CVE-2017-11215, CVE-2017-11225...

10CVSS2.3AI score0.06518EPSS
Exploits0References2
Mageia
Mageia
added 2017/09/07 9:7 a.m.45 views

Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

6.5CVSS1.7AI score0.00538EPSS
Exploits3References2
Mageia
Mageia
added 2017/08/13 1:17 p.m.45 views

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS1.4AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
added 2017/08/13 1:17 p.m.45 views

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.7AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
added 2017/07/22 8:42 a.m.45 views

Updated libtiff packages fix security vulnerabilities

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code CVE-2017-9936, CVE-2017-10688...

7.5CVSS3.4AI score0.07482EPSS
Exploits3References2
Mageia
Mageia
added 2017/06/19 7:44 a.m.45 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751,...

9.8CVSS3.9AI score0.05216EPSS
Exploits11References4
Mageia
Mageia
added 2017/04/21 7:24 a.m.45 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.0.12, which fixes multiple security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.8CVSS2.8AI score0.03284EPSS
Exploits0References13
Mageia
Mageia
added 2017/02/18 9:50 p.m.45 views

Updated openjpeg2 packages fix security vulnerabilities

Floating Point Exception aka FPE or divide by zero in opjpinextcprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. CVE-2016-9112 There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-comps0.data is not assigned a value after initializationNULL...

7.5CVSS2.7AI score0.03168EPSS
Exploits7References2
Mageia
Mageia
added 2017/02/03 9:39 p.m.45 views

Updated phpmyadmin packages fix security vulnerabilities

Multiple vulnerabilities in setup script CVE-2016-6621 / PMASA-2016-44. Open redirect PMASA-2017-1. php-gettext code execution CVE-2015-8980 / PMASA-2017-2. DOS vulnerability in table editing PMASA-2017-3. CSS injection in themes PMASA-2017-4. SSRF in replication PMASA-2017-6. DOS in replication...

9.8CVSS9.9AI score0.06711EPSS
Exploits1References11
Mageia
Mageia
added 2017/01/06 8:28 a.m.45 views

Updated bash packages fix security vulnerability

In Bash, the popd command can be tricked to free a user supplied address, which could be used to bypass restricted shells rsh on some environments to cause use-after-free CVE-2016-9401...

6.2CVSS3AI score0.00421EPSS
Exploits0References3
Mageia
Mageia
added 2016/12/30 10:22 p.m.45 views

Updated mcabber packages fix security vulnerability

It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber XMPP client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza CVE-2016-9928...

7.4CVSS2.9AI score0.04512EPSS
Exploits2References4
Mageia
Mageia
added 2016/12/22 9:41 p.m.45 views

Updated libgd packages fixe security vulnerabilities

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service CVE-2016-6911. Emmanuel Law discovered that the GD library...

9.8CVSS3.3AI score0.04786EPSS
Exploits0References2
Mageia
Mageia
added 2016/11/06 10:34 a.m.45 views

Updated python-django packages fix security vulnerabilities

User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...

9.8CVSS3.2AI score0.06074EPSS
Exploits0References3
Mageia
Mageia
added 2016/10/21 2:48 p.m.45 views

Updated 389-ds-base packages fix security vulnerability

A vulnerability in 389-ds-base was found that allows to bypass limitations for compare and read operations specified by Access Control Instructions. When having LDAP sub-tree with some existing objects and having BIND DN which have no privileges over objects inside the sub-tree, unprivileged user...

7.5CVSS2.6AI score0.02412EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/23 8:57 p.m.45 views

Updated golang package fixes security vulnerability

Updated golang packages fix security vulnerability: Go: sets environmental variable based on user supplied Proxy request header CVE-2016-5386...

8.1CVSS2.1AI score0.0522EPSS
Exploits0References2
Mageia
Mageia
added 2016/09/21 8:38 p.m.45 views

Updated curl packages fix security vulnerability

The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked and due to arithmetic in...

9.8CVSS0.5AI score0.11737EPSS
Exploits0References2
Mageia
Mageia
added 2016/07/14 8:33 p.m.45 views

Updated sqlite3 packages fix security vulnerability

It was discovered that sqlite3 would reject a temporary directory e.g., as specified by the TMPDIR environment variable to which the executing user did not have read permissions. This could result in information leakage as less secure global temporary directories e.g., /var/tmp or /tmp would be...

5.9CVSS2.1AI score0.0048EPSS
Exploits0References2
Mageia
Mageia
added 2016/04/13 5:39 p.m.45 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

9.1CVSS1AI score0.03347EPSS
Exploits0References4
Mageia
Mageia
added 2016/04/06 2:9 p.m.45 views

Updated java packages fix CVE-2016-0636

Updated java-1.8.0-openjdk packages fix security vulnerability: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions CVE-2016-0636. Also, the icedtea-web package has been updated to...

9.3CVSS3.5AI score0.05765EPSS
Exploits0References3
Mageia
Mageia
added 2016/01/21 6:9 a.m.45 views

Updated kernel packages fix security vulnerability

Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728. Other fixes in this kernel update: - netfilter: nfnatredirect: add missing NULL pointer check...

7.8CVSS1.7AI score0.03646EPSS
Exploits14References1
Mageia
Mageia
added 2016/01/12 9:13 a.m.45 views

Updated ruby packages fix security vulnerability

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi CVE-2015-7551...

8.4CVSS7.7AI score0.005EPSS
Exploits0References3
Mageia
Mageia
added 2015/12/16 9:1 p.m.45 views

Updated libpng packages fix security vulnerabilities

Updated libpng and libpng12 packages fix security vulnerability: The fix for CVE-2015-8126 was incomplete. While it defended against the potential overrun while reading PNG files, it did not detect a potential overrun by applications using pngsetPLTE directly CVE-2015-8472...

7.5CVSS7.9AI score0.06054EPSS
Exploits0References3
Mageia
Mageia
added 2015/12/10 8:57 p.m.45 views

Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities: It was found that smaldecodesegment function do not handle index carefully, which may cause index overflow CVE-2015-8366. It was found that phaseonecorrect function does not handle memory object's initialization correctly, which may have...

9.8CVSS9.6AI score0.05454EPSS
Exploits0References2
Mageia
Mageia
added 2015/11/02 8:21 p.m.45 views

Updated postgresql packages fix security vulnerabilities

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...

6.4CVSS8.2AI score0.05045EPSS
Exploits0References3
Mageia
Mageia
added 2015/09/23 7:42 p.m.45 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.8.8, completed and graded lesson activity was not protected against making new attempts to answer some questions, so students could re-attempt answering questions in the lesson CVE-2015-5264. In Moodle before 2.8.8, users...

7.5CVSS6.4AI score0.02374EPSS
Exploits0References12
Mageia
Mageia
added 2015/09/15 2:55 p.m.45 views

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...

6.8CVSS8.5AI score0.09911EPSS
Exploits7References5
Mageia
Mageia
added 2015/08/26 8:36 p.m.45 views

Updated cgit package fixes security vulnerability

cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue CVE-2014-9390. The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes...

9.8CVSS9.1AI score0.63178EPSS
Exploits5References2
Total number of security vulnerabilities5000