Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2016/09/21 8:38 p.m.44 views

Updated jsch packages fix security vulnerability

It was discovered that there was a path traversal vulnerability in jsch CVE-2016-5725...

5.9CVSS2.5AI score0.24143EPSS
Exploits3References2
Mageia
Mageia
added 2016/08/31 5:34 p.m.44 views

Updated python3/python packages fix security vulnerability

Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTPPROXY” environmental variable based on the header value. When this variable is used in man...

6.1CVSS2AI score0.04526EPSS
Exploits0References4
Mageia
Mageia
added 2016/07/14 8:33 p.m.44 views

Updated sqlite3 packages fix security vulnerability

It was discovered that sqlite3 would reject a temporary directory e.g., as specified by the TMPDIR environment variable to which the executing user did not have read permissions. This could result in information leakage as less secure global temporary directories e.g., /var/tmp or /tmp would be...

5.9CVSS2.1AI score0.0048EPSS
Exploits0References2
Mageia
Mageia
added 2016/07/08 7:50 p.m.44 views

Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

8.2CVSS1.6AI score0.25737EPSS
Exploits0References3
Mageia
Mageia
added 2016/06/02 9:40 p.m.44 views

Updated nginx packages fix CVE-2016-4450

Updated nginx package fixes security vulnerability: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a...

7.5CVSS1.8AI score0.16376EPSS
Exploits0References1
Mageia
Mageia
added 2016/05/23 10:0 p.m.44 views

Updated golang package fixes CVE-2016-3959

Updated golang packages fix security vulnerability: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...

7.5CVSS1.7AI score0.04335EPSS
Exploits0References2
Mageia
Mageia
added 2016/05/20 11:38 a.m.44 views

Updated xerces-c packages fix security vulnerability

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to not properly handling invalid characters in XML input documents in the DTDScanner CVE-2016-2099...

10CVSS2.3AI score0.06781EPSS
Exploits0References2
Mageia
Mageia
added 2016/05/18 8:14 p.m.44 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 50.0.2661.102 fixes several security issues: same origin bypass vulnerabilities in DOM CVE-2016-1667 and the Blink V8 bindings CVE-2016-1668, a buffer overflow in V8 CVE-2016-1669, and a race condition in the loader CVE-2016-1670...

9.3CVSS3.1AI score0.04227EPSS
Exploits2References2
Mageia
Mageia
added 2016/05/05 4:26 p.m.44 views

Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

9CVSS5.7AI score0.82697EPSS
Exploits23References3
Mageia
Mageia
added 2016/03/25 6:38 a.m.44 views

Updated webkit packages fix security vulnerability

The webkit package has been updated to version 2.4.10, fixing several security issues and other bugs...

6.8CVSS7.4AI score0.10946EPSS
Exploits2References3
Mageia
Mageia
added 2016/03/07 11:20 a.m.44 views

Updated python-django packages fix security vulnerability

Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. CVE-2016-2512 Sjoerd Job Postmus discovered that Djan...

7.4CVSS1.6AI score0.04035EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/09 7:5 p.m.44 views

Updated ffmpeg packages fix security vulnerabilities

Updated ffmpeg packages fix security vulnerabilities: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first li...

6.5CVSS3.8AI score0.14621EPSS
Exploits3References5
Mageia
Mageia
added 2016/01/12 9:13 a.m.44 views

Updated ruby packages fix security vulnerability

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi CVE-2015-7551...

8.4CVSS7.7AI score0.005EPSS
Exploits0References3
Mageia
Mageia
added 2015/10/25 4:34 p.m.44 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim...

7.5CVSS9.4AI score0.06974EPSS
Exploits2References4
Mageia
Mageia
added 2015/09/17 6:2 p.m.44 views

Updated wordpress package fixes security vulnerabilities

Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.9, fixing two cross-site scripting issues and a potential privilege escalation issue CVE-2015-5714, CVE-2015-5715, as well as other bugs. See the upstream announcement and release note...

6.1CVSS6.3AI score0.06389EPSS
Exploits2References3
Mageia
Mageia
added 2015/09/08 6:23 p.m.44 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerability: The xmlreader in libxml2 allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack CVE-2015-1819. The libxml2 package has been patched to fix this issue, as well ...

5CVSS9AI score0.0634EPSS
Exploits0References4
Mageia
Mageia
added 2015/07/27 5:18 p.m.44 views

Updated expat package fixes security vulnerability

Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data CVE-2015-1283...

6.8CVSS8.7AI score0.19069EPSS
Exploits0References2
Mageia
Mageia
added 2015/07/05 5:22 p.m.44 views

Updated wireshark package fixes security vulnerability

WCCP dissector crash CVE-2015-4651. GSM DTAP dissector crash CVE-2015-4652...

5CVSS5.8AI score0.03525EPSS
Exploits0References5
Mageia
Mageia
added 2015/05/05 1:36 p.m.44 views

Updated polarssl & hiawatha packages fix security vulnerabilities

Updated hiawatha package fixes security vulnerabilities: The hiawatha package included a bundled copy of PolarSSL 1.3.2, which was vulnerable to several security issues that had already been fixed in the system polarssl package. These issues were CVE-2014-4911, CVE-2014-8627, CVE-2014-8628, and...

6AI score
Exploits0References4
Mageia
Mageia
added 2015/05/03 12:19 a.m.44 views

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user CVE-2015-3143. When parsing HTTP cookies, if the parsed...

7.5CVSS8.8AI score0.3763EPSS
Exploits0References5
Mageia
Mageia
added 2015/05/03 12:19 a.m.44 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 42.0.2311.135 fixes security issues: a use-after-free in DOM CVE-2015-1243, and various fixes from internal audits, fuzzing and other initiatives CVE-2015-1250...

7.5CVSS6.4AI score0.02343EPSS
Exploits0References2
Mageia
Mageia
added 2015/02/24 9:20 p.m.44 views

Updated samba packages fix CVE-2015-0240

Updated samba packages fix security vulnerabilities: An uninitialized pointer use flaw was found in the Samba daemon smbd. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of...

10CVSS8.7AI score0.87636EPSS
Exploits7References3
Mageia
Mageia
added 2015/02/24 9:20 p.m.44 views

Updated freetype2 packages fix security vulnerabilities

Updated freetype2 packages fix security vulnerabilities: The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...

7.5CVSS8.6AI score0.0571EPSS
Exploits17References4
Mageia
Mageia
added 2015/01/31 1:23 p.m.44 views

Updated bugzilla packages fix CVE-2014-8630

Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...

6.5CVSS6.7AI score0.0204EPSS
Exploits0References3
Mageia
Mageia
added 2015/01/27 9:8 p.m.44 views

Updated python-pillow packages fix CVE-2014-9601

Updated python-pillow packages fix security vulnerability: Pillow before 2.7.0 and 2.6.2 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed CVE-2014-9601...

5CVSS6.6AI score0.05426EPSS
Exploits0References3
Mageia
Mageia
added 2015/01/19 4:47 p.m.44 views

Updated binutils packages fix security vulnerabilities

Updated binutils packages fix security vulnerabilities: Multiple security issues have been found in binutils. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of...

7.5CVSS10.2AI score0.07486EPSS
Exploits7References2
Mageia
Mageia
added 2014/12/31 12:28 p.m.44 views

Updated sox packages fix CVE-2014-8145

Updated sox packages fix security vulnerability: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities CVE-2014-8145...

7.5CVSS6.7AI score0.07709EPSS
Exploits1References3
Mageia
Mageia
added 2014/12/26 5:4 p.m.44 views

Updated apache-poi packages fix security vulnerabilities

Updated apache-poi packages fix security vulnerabilities: It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server,...

4.3CVSS6.9AI score0.13258EPSS
Exploits0References2
Mageia
Mageia
added 2014/12/26 5:4 p.m.44 views

Updated axis packages fix CVE-2014-3596

Updated axis packages fixes security vulnerability: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name CN field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate...

5.8CVSS8.3AI score0.05806EPSS
Exploits0References2
Mageia
Mageia
added 2014/11/21 12:44 p.m.44 views

Updated kdenetwork4 packages fix security vulnerabilities in krfb

A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter CVE-2014-6053, CVE-2014-6054. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a...

6.5CVSS8.9AI score0.0783EPSS
Exploits0References3
Mageia
Mageia
added 2014/11/15 6:31 p.m.44 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update provides an upgrade to the upstream 3.14 -longterm branch, currently based on 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a...

7.2CVSS7.3AI score0.03751EPSS
Exploits8References29
Mageia
Mageia
added 2014/11/14 1:24 a.m.44 views

Updated libreoffice packages fix security vulnerabilities

It was discovered during routine code review that LibreOffice unconditionally executed certain VBA macros on loading Microsoft Office documents, contrary to user expectations CVE-2014-0247. A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the...

10CVSS6.4AI score0.09864EPSS
Exploits0References5
Mageia
Mageia
added 2014/10/29 11:30 a.m.44 views

Updated zabbix package fixes security vulnerability

It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local...

9.8CVSS8.8AI score0.05303EPSS
Exploits1References5
Mageia
Mageia
added 2014/10/28 11:33 a.m.44 views

Updated chromium-browser-stable packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191,...

10CVSS5.7AI score0.0595EPSS
Exploits0References4
Mageia
Mageia
added 2014/10/25 8:23 p.m.44 views

Updated mariadb packages fix security vulnerabilities

This update provides MariaDB 5.5.40, which fixes several security issues and other bugs...

7.5CVSS7.7AI score0.0726EPSS
Exploits0References5
Mageia
Mageia
added 2014/10/09 2:39 p.m.44 views

Updated golang packages fix CVE-2014-7189

Updated golang packages fix security vulnerability: Go 1.1 through 1.3.2 has an issue that affects programs that use crypto/tls to implement a TLS server. If the server enables TLS client authentication using certificates and explicitly sets SessionTicketsDisabled to true in the tls.Config, then ...

4.3CVSS9.2AI score0.01383EPSS
Exploits0References2
Mageia
Mageia
added 2014/10/07 9:22 a.m.44 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer CVE-2014-6270. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack...

6.8CVSS7.8AI score0.76064EPSS
Exploits0References3
Mageia
Mageia
added 2014/09/05 9:7 a.m.44 views

Updated squid packages fix CVE-2014-3609

Updated squid packages fix security vulnerability: Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service CVE-2014-3609...

5CVSS6.2AI score0.5622EPSS
Exploits0References4
Mageia
Mageia
added 2014/08/07 5:1 p.m.44 views

Updated drupal packages fix security vulnerabilities

An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same...

5CVSS6.3AI score0.02772EPSS
Exploits0References11
Mageia
Mageia
added 2014/07/26 11:56 a.m.44 views

Updated pidgin packages fix CVE-2014-3775

Updated pidgin packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or...

7.5CVSS7.5AI score0.0378EPSS
Exploits0References2
Mageia
Mageia
added 2014/06/11 5:13 p.m.44 views

Updated firefox & thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.8AI score0.05951EPSS
Exploits0References8
Mageia
Mageia
added 2014/05/29 6:55 a.m.44 views

Updated qt4 and qtbase5 packages fix security vulnerability

A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...

4.3CVSS8.4AI score0.03957EPSS
Exploits0References5
Mageia
Mageia
added 2014/05/19 6:53 p.m.44 views

Updated python-django package fix two vulnerabilities

Updated python-django and python-dgango14 packages fix security vulnerabilities: Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or...

6.4CVSS6.4AI score0.03123EPSS
Exploits0References3
Mageia
Mageia
added 2014/03/24 7:37 a.m.44 views

Updated python package fixes security vulnerabilities

Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...

7.5CVSS2.6AI score0.03913EPSS
Exploits1References2
Mageia
Mageia
added 2014/02/21 6:20 p.m.44 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.341 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in...

10CVSS7.5AI score0.24204EPSS
Exploits4References2
Mageia
Mageia
added 2014/02/16 1:32 p.m.44 views

Updated gnutls packages fix security vulnerability

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default something that deviates from the documented behavior CVE-2014-1959...

5.8CVSS6.4AI score0.03416EPSS
Exploits1References2
Mageia
Mageia
added 2014/02/16 1:29 p.m.44 views

Updated libpng12 package fixes security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS6.4AI score0.04692EPSS
Exploits1References2
Mageia
Mageia
added 2014/02/10 8:20 p.m.44 views

Updated icedtea-web packages fix CVE-2013-6493

Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user...

2.1CVSS2.2AI score0.00482EPSS
Exploits1References3
Mageia
Mageia
added 2014/01/17 12:33 a.m.44 views

Updated openssl package fixes security vulnerabilities

Updated openssl packages fix security vulnerabilities: The DTLS retransmission implementation in OpenSSL through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by...

5.8CVSS1.4AI score0.14542EPSS
Exploits1References4
Mageia
Mageia
added 2014/01/06 1:10 a.m.44 views

Updated openjpeg package fixes security vulnerabilities

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

7.5CVSS3.8AI score0.05515EPSS
Exploits0References3
Total number of security vulnerabilities5000