Lucene search
K
MageiaMost viewed

6011 matches found

Mageia
Mageia
•added 2015/08/11 8:22 p.m.•45 views

Updated qemu package fixes security vulnerability

Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process CVE-2015-3209. Kurt Seifried discovered that QEMU incorrectly handl...

7.8CVSS8.1AI score0.09668EPSS
Exploits2References4
Mageia
Mageia
•added 2015/07/30 9:8 p.m.•45 views

Updated groovy package fixes security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whic...

9.8CVSS9.2AI score0.42983EPSS
Exploits4References2
Mageia
Mageia
•added 2015/07/27 5:18 p.m.•45 views

Updated expat package fixes security vulnerability

Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data CVE-2015-1283...

6.8CVSS8.7AI score0.19069EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•45 views

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup CVE-2015-3902. In phpMyAdmin before 4.2.13.3, a vulnerability in the API ca...

6.8CVSS6.2AI score0.01597EPSS
Exploits1References4
Mageia
Mageia
•added 2015/05/05 1:36 p.m.•45 views

Updated polarssl & hiawatha packages fix security vulnerabilities

Updated hiawatha package fixes security vulnerabilities: The hiawatha package included a bundled copy of PolarSSL 1.3.2, which was vulnerable to several security issues that had already been fixed in the system polarssl package. These issues were CVE-2014-4911, CVE-2014-8627, CVE-2014-8628, and...

6AI score
Exploits0References4
Mageia
Mageia
•added 2015/05/03 12:19 a.m.•45 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 42.0.2311.135 fixes security issues: a use-after-free in DOM CVE-2015-1243, and various fixes from internal audits, fuzzing and other initiatives CVE-2015-1250...

7.5CVSS6.4AI score0.02343EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•45 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting th...

4.3CVSS6.2AI score0.02219EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/24 9:20 p.m.•45 views

Updated samba packages fix CVE-2015-0240

Updated samba packages fix security vulnerabilities: An uninitialized pointer use flaw was found in the Samba daemon smbd. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of...

10CVSS8.7AI score0.87636EPSS
Exploits7References3
Mageia
Mageia
•added 2015/02/24 9:20 p.m.•45 views

Updated freetype2 packages fix security vulnerabilities

Updated freetype2 packages fix security vulnerabilities: The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...

7.5CVSS8.6AI score0.0571EPSS
Exploits17References4
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•45 views

Updated glibc packages fix security vulnerabilities

Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer CVE-2015-1472. The incorrect use of "libcusealloca newsize" caused a different and weaker policy to be enforced which could allow a denial of service attack CVE-2015-14...

7.5CVSS7.8AI score0.04688EPSS
Exploits2References2
Mageia
Mageia
•added 2015/02/09 9:44 p.m.•45 views

Updated clamav packages fix security vulnerabilities

ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...

7.5CVSS6.4AI score0.03234EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•45 views

Updated python-pillow packages fix CVE-2014-9601

Updated python-pillow packages fix security vulnerability: Pillow before 2.7.0 and 2.6.2 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed CVE-2014-9601...

5CVSS6.6AI score0.05426EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•45 views

Updated nvidia packages fix security vulnerabilities

Updated nvidia304 and nvidia-current drivers fixes security issues: The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allo...

7.5CVSS8.1AI score0.05192EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•45 views

Updated apache-poi packages fix security vulnerabilities

Updated apache-poi packages fix security vulnerabilities: It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server,...

4.3CVSS6.9AI score0.13258EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/10 8:9 p.m.•45 views

Updated pdns-recursor packages fix CVE-2014-8601

Updated pdns-recursor package fixes security vulnerability: PowerDNS Recursor before version 3.6.2, could be negatively impacted by specially configured, hard to resolve domain names. A remote attacker, by sending a query for such a domain name, could cause severe performance degradation in...

5CVSS6.3AI score0.73532EPSS
Exploits0References5
Mageia
Mageia
•added 2014/10/28 11:33 a.m.•45 views

Updated chromium-browser-stable packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191,...

10CVSS5.7AI score0.0595EPSS
Exploits0References4
Mageia
Mageia
•added 2014/10/07 9:22 a.m.•45 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer CVE-2014-6270. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack...

6.8CVSS7.8AI score0.76064EPSS
Exploits0References3
Mageia
Mageia
•added 2014/09/09 9:34 a.m.•45 views

Updated gtk+3.0 packages fix CVE-2014-1949

Updated gtk+3.0 packages fix security vulnerability: Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session CVE-2014-1949. This was fixed by...

7.2CVSS6.2AI score0.00331EPSS
Exploits0References7
Mageia
Mageia
•added 2014/08/07 5:1 p.m.•45 views

Updated drupal packages fix security vulnerabilities

An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same...

5CVSS6.3AI score0.02772EPSS
Exploits0References11
Mageia
Mageia
•added 2014/07/26 11:32 a.m.•45 views

Updated nss, firefox and thunderbird packages fix security vulnerabilities

A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application CVE-2014-1544. Several flaws were found in the processing ...

10CVSS9.9AI score0.06109EPSS
Exploits0References11
Mageia
Mageia
•added 2014/06/11 5:13 p.m.•45 views

Updated firefox & thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.8AI score0.05951EPSS
Exploits0References8
Mageia
Mageia
•added 2014/05/19 6:53 p.m.•45 views

Updated python-django package fix two vulnerabilities

Updated python-django and python-dgango14 packages fix security vulnerabilities: Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or...

6.4CVSS6.4AI score0.03123EPSS
Exploits0References3
Mageia
Mageia
•added 2014/04/16 1:8 p.m.•45 views

Updated json-c packages fix security vulnerabilities

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...

5CVSS1.1AI score0.04511EPSS
Exploits1References3
Mageia
Mageia
•added 2014/04/03 1:23 p.m.•45 views

Updated ruby-rack-ssl packages fix CVE-2014-2538

Updated ruby-rack-ssl packages fix security vulnerabilities: Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters su...

4.3CVSS5.6AI score0.0219EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/24 7:40 a.m.•45 views

Updated python3 package fixes security vulnerabilities

ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips CVE-2013-7338...

7.1CVSS2.1AI score0.05055EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/24 7:37 a.m.•45 views

Updated python package fixes security vulnerabilities

Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...

7.5CVSS2.6AI score0.03913EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/19 5:33 p.m.•45 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use-after-free in speech CVE-2014-1700. UXSS in events CVE-2014-1701. Use-after-free in web database CVE-2014-1702. Potential sandbox escape due to a use-after-free in web sockets CVE-2014-1703. Multiple vulnerabilities in V8 fixed in version 3.23.17.18 CVE-2014-1704. Memory corruption in V8...

10CVSS7.1AI score0.04822EPSS
Exploits3References3
Mageia
Mageia
•added 2014/03/15 4:29 p.m.•45 views

Updated libpng package fixes security vulnerability

The pngpushreadchunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an IDAT chunk with a length of zero CVE-2014-0333...

5CVSS8.8AI score0.03321EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/16 1:32 p.m.•45 views

Updated gnutls packages fix security vulnerability

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default something that deviates from the documented behavior CVE-2014-1959...

5.8CVSS6.4AI score0.03416EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/16 1:29 p.m.•45 views

Updated libpng12 package fixes security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS6.4AI score0.04692EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/21 4:16 p.m.•45 views

Updated net-snmp packages fix CVE-2012-6151

Updated net-snmp packages fix security vulnerability: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to...

4.3CVSS1.1AI score0.09451EPSS
Exploits1References4
Mageia
Mageia
•added 2014/01/17 12:33 a.m.•45 views

Updated openssl package fixes security vulnerabilities

Updated openssl packages fix security vulnerabilities: The DTLS retransmission implementation in OpenSSL through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by...

5.8CVSS1.4AI score0.14542EPSS
Exploits1References4
Mageia
Mageia
•added 2014/01/06 1:10 a.m.•45 views

Updated openjpeg package fixes security vulnerabilities

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

7.5CVSS3.8AI score0.05515EPSS
Exploits0References3
Mageia
Mageia
•added 2013/12/06 10:0 p.m.•45 views

Updated gimp package fixes security vulnerabilities

An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System XWD image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrar...

6.8CVSS4.6AI score0.04191EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/17 8:1 p.m.•45 views

Updated apache-mod_fcgid packages fix CVE-2013-4365

Updated apache-modfcgid package fixes security vulnerability: Apache modfcgid before version 2.3.9 fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the...

7.5CVSS7.1AI score0.13141EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 6:53 p.m.•45 views

Updated chromium-browser-stable packages fix security vulnerabilities

This updates chromium-browser to the latest stable version, fixing multiple security vulnerabilities. Security fixes: CVE-2013-2906: Races in Web Audio CVE-2013-2907: Out of bounds read in Window.prototype object CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code...

7.5CVSS2.2AI score0.02531EPSS
Exploits1References2
Mageia
Mageia
•added 2013/07/26 11:48 a.m.•45 views

Updated php packages fix CVE-2013-4113

Updated php packages fix security vulnerability: Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages have been upgraded to the latest version 2013.4...

6.8CVSS2.1AI score0.05186EPSS
Exploits0References4
Mageia
Mageia
•added 2013/07/21 8:41 a.m.•45 views

Updated libxml2 packages fix CVE-2013-2877

It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service CVE-2013-2877...

5CVSS2.2AI score0.04733EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/26 6:7 p.m.•45 views

Updated wireshark packages fix multiple security vulverabilities

The CAPWAP dissector could crash CVE-2013-4074. The HTTP dissector could overrun the stack CVE-2013-4081. The DCP ETSI dissector could crash CVE-2013-4083...

5CVSS0.7AI score0.60643EPSS
Exploits7References7
Mageia
Mageia
•added 2013/06/19 10:13 a.m.•45 views

Updated subversion packages fix security vulnerabilities

Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository CVE-2013-1968. Subversion's svnserve server process ma...

7.8CVSS3.4AI score0.03894EPSS
Exploits0References4
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•45 views

Updated wireshark packages fix security vulnerabilities (Mageia 3)

The RELOAD dissector could go into an infinite loop CVE-2013-2486, CVE-2013-2487. The GTPv2 dissector could crash CVE-2013-3555. The ASN.1 BER dissector could crash CVE-2013-3557. The PPP CCP dissector could crash CVE-2013-3558. The DCP ETSI dissector could crash CVE-2013-3559. The MPEG DSM-CC...

7.8CVSS1.3AI score0.03365EPSS
Exploits5References12
Mageia
Mageia
•added 2025/03/02 7:18 a.m.•44 views

Updated binutils packages fix security vulnerabilities

nm =2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: nm --without-symbol-version function. CVE-2024-57360 GNU Binutils objdump.c disassemblebytes stack-based overflow. CVE-2025-0840...

7.5CVSS6.9AI score0.00732EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/05 7:51 p.m.•44 views

Updated vim packages fix security vulnerability

Segmentation fault in winline in Vim 9.1.1043. CVE-2025-24014...

5.5CVSS6.8AI score0.00261EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/09 7:0 p.m.•44 views

Updated ffmpeg packages fix security vulnerabilities

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t...

8.8CVSS7AI score0.01132EPSS
Exploits1References2
Mageia
Mageia
•added 2024/07/20 9:22 p.m.•44 views

Updated chromium-browser-stable packages fix security vulnerabilities

Inappropriate implementation in V8. CVE-2024-6772 Type Confusion in V8. CVE-2024-6773 Use after free in Screen Capture. CVE-2024-6774 Use after free in Media Stream. CVE-2024-6775 Use after free in Audio. CVE-2024-6776 Use after free in Navigation. CVE-2024-6777 Race in DevTools. CVE-2024-6778 Ou...

9.6CVSS7.8AI score0.00781EPSS
Exploits10References2
Mageia
Mageia
•added 2024/07/10 6:1 p.m.•44 views

Updated netatalk packages fix security vulnerabilities

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. CVE-2024-38439 Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation...

9.8CVSS7.5AI score0.00931EPSS
Exploits3References2
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•44 views

Updated python-idna packages fix security vulnerability

mingw-python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode...

7.5CVSS6.8AI score0.01386EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/08 4:34 p.m.•44 views

Updated 0-plugins-base packages fix security vulnerability

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS8AI score0.01565EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•44 views

Updated tpm2-tools packages fixes security vulnerabilities

A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2GENERATEDVALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2checkquote CVE-2024-29038. The pcr selection which i...

9CVSS7.3AI score0.00984EPSS
Exploits2References4
Mageia
Mageia
•added 2024/04/26 6:47 a.m.•44 views

Updated wireshark packages fix security vulnerability

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...

7.8CVSS7.1AI score0.01403EPSS
Exploits1References2
Total number of security vulnerabilities5000