Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2020/02/09 7:13 p.m.43 views

Updated xmlrpc packages fix security vulnerability

A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrar...

9.8CVSS3.4AI score0.49285EPSS
Exploits2References2
Mageia
Mageia
added 2020/01/30 6:28 p.m.43 views

Updated gdal packages fix security vulnerability

Updated gdal packages fix security vulnerability: Double free vulnerability in OGRExpatRealloc CVE-2019-17545. Also, the gdalinfo command, which had been built incorrectly, has been fixed...

9.8CVSS2AI score0.02577EPSS
Exploits0References3
Mageia
Mageia
added 2020/01/28 7:52 a.m.43 views

Updated mbedtls packages fix security vulnerabilities

This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security vulnerabilities, among which: The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the...

5.3CVSS2.4AI score0.01773EPSS
Exploits0References5
Mageia
Mageia
added 2020/01/22 10:37 a.m.43 views

Updated sox packages fix security vulnerabilities

Updated sox packages fix security vulnerabilities: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357...

5.5CVSS2.1AI score0.01808EPSS
Exploits1References4
Mageia
Mageia
added 2020/01/13 4:51 p.m.43 views

Updated makepasswd fix insecure default length of password

Updated makepasswd fix insecure default length of password By default, makepasswd generates password with a length between 6 to 8 characters 48 to 64bits. This update raise the default to 16 characters 128 bits. The length can be changed at runtime with the -l option...

7.5CVSS3.5AI score0.01331EPSS
Exploits0References2
Mageia
Mageia
added 2019/12/13 6:25 p.m.43 views

Updated jasper packages fix security vulnerabilities

Heap based overflow in jasicctxtdescinput CVE-2018-19540. Heap based overread in jasimagedepalettize CVE-2018-19541...

8.8CVSS1.5AI score0.02802EPSS
Exploits2References2
Mageia
Mageia
added 2019/10/16 10:22 p.m.43 views

Updated nmap packages fix security vulnerability

Updated nmap packages fix security vulnerability: Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service stack consumption and application crash via a crafted TCP-based service CVE-2018-15173...

7.5CVSS5.2AI score0.06081EPSS
Exploits1References2
Mageia
Mageia
added 2019/09/21 11:7 a.m.45 views

Updated ibus packages fix security vulnerability

It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical...

7.1CVSS2.8AI score0.00365EPSS
Exploits0References2
Mageia
Mageia
added 2019/05/18 12:33 p.m.43 views

Updated libxslt packages fix security vulnerability

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded CVE-2019-11068...

9.8CVSS3.6AI score0.05089EPSS
Exploits0References2
Mageia
Mageia
added 2019/04/10 9:25 p.m.43 views

Updated ntp packages fix security vulnerability

A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. CVE-2019-8936...

7.5CVSS3.1AI score0.05726EPSS
Exploits2References2
Mageia
Mageia
added 2019/02/22 1:8 a.m.43 views

Updated spice-gtk packages fix security vulnerability

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

10CVSS3.8AI score0.05544EPSS
Exploits0References6
Mageia
Mageia
added 2019/02/22 12:35 a.m.43 views

Updated libtiff packages fix security vulnerability

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tifdirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file...

6.5CVSS5.4AI score0.03372EPSS
Exploits1References3
Mageia
Mageia
added 2019/02/13 11:8 a.m.43 views

Updated docker packages fix security vulnerability

Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go CVE-2018-20699...

4.9CVSS5.7AI score0.02231EPSS
Exploits0References2
Mageia
Mageia
added 2018/11/11 9:9 p.m.43 views

Updated libtiff packages fix security vulnerability

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tiflzw.c. CVE-2018-18661...

6.5CVSS3.1AI score0.0287EPSS
Exploits1References1
Mageia
Mageia
added 2018/11/03 11:55 a.m.44 views

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...

5.9CVSS2.4AI score0.03623EPSS
Exploits0References3
Mageia
Mageia
added 2018/11/03 11:55 a.m.43 views

Updated virtualbox packages fix security vulnerabilities

This update provides virtualbox 5.2.20 and fixes the following security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of tim...

9CVSS2.3AI score0.49268EPSS
Exploits0References3
Mageia
Mageia
added 2018/08/31 9:11 p.m.43 views

Updated poppler packages fix security vulnerability

The updated packages fix a security vulnerability: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be...

6.5CVSS3.2AI score0.0315EPSS
Exploits1References1
Mageia
Mageia
added 2018/06/17 9:26 p.m.43 views

Updated freedink-dfarc package fixes security vulnerability

Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc as well as in the RTsoft's Dink Smallwood HD / ProtonSDK version, allowing an attacker to overwrite arbitrary files on the user's system CVE-2018-0496. This release fixes it, and brings translation updates...

7.5CVSS4.4AI score0.02448EPSS
Exploits0References2
Mageia
Mageia
added 2018/05/29 7:41 p.m.43 views

Updated virtualbox packages fix security vulnerabilities

This update provides virtualbox 5.2.12 and fixes the following security issues: Unauthorized remote attacker may have caused a hang or frequently repeatable crash complete DOS CVE-2018-0739. Attacker with host login may have compromised Virtualbox or further system services after interaction with...

8.8CVSS1.7AI score0.19295EPSS
Exploits4References3
Mageia
Mageia
added 2018/05/16 8:24 a.m.43 views

Updated libsndfile packages fix security vulnerabilities

An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values CVE-2017-14245. An out of bounds read in the function d2ulawarray in ulaw.c of libsndfil...

8.1CVSS2.5AI score0.02229EPSS
Exploits0References2
Mageia
Mageia
added 2018/03/14 5:0 p.m.43 views

Updated clamav packages fix security vulnerabilities

Clamav has been updated to fix 2 security issues and also contains a lot of bugfixes. Out-of-bounds access in the PDF parser CVE-2018-0202 Out-of-bounds heap read in XAR parser CVE-2018-1000085...

5.5CVSS3AI score0.02672EPSS
Exploits0References3
Mageia
Mageia
added 2018/01/03 2:22 p.m.43 views

Updated libextractor packages fix security vulnerability

GNU Libextractor 1.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted GIF, IT Impulse Tracker, NSFE, S3M Scream Tracker 3, SID, or XM eXtended Module file, as demonstrated by the EXTRACTORxmextractmethod function in...

6.5CVSS5.8AI score0.0236EPSS
Exploits1References2
Mageia
Mageia
added 2018/01/01 10:38 a.m.43 views

Updated apache packages fix security vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed CVE-2017-9798...

7.5CVSS1.5AI score0.94999EPSS
Exploits9References2
Mageia
Mageia
added 2017/12/31 12:10 a.m.43 views

Updated kdebase4-runtime packages fix security vulnerability

A user could sneak an unicode string terminator in the kdesu invocation, which could hide the fact that more commands could be executed CVE-2016-7787...

4.9CVSS1.9AI score0.01661EPSS
Exploits0References3
Mageia
Mageia
added 2017/12/31 12:10 a.m.43 views

Updated freerdp packages fix security vulnerabilities

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

8.8CVSS2.2AI score0.01826EPSS
Exploits6References10
Mageia
Mageia
added 2017/12/07 8:54 p.m.43 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.2.11, which fixes a few security issues where a malformed packet trace could cause it to crash, and fixes several other bugs as well. See the release notes for details...

7.5CVSS3.6AI score0.16786EPSS
Exploits1References6
Mageia
Mageia
added 2017/11/06 8:22 a.m.43 views

Updated lucene packages fix security vulnerability

It was found that the CoreParser class in Lucene accepts doctype declaration and expands external entities. An attacker could use this flaw to bypass security restrictions and access sensitive data CVE-2017-12629...

9.8CVSS3.6AI score0.91896EPSS
Exploits11References2
Mageia
Mageia
added 2017/11/02 9:47 p.m.43 views

Updated sdl2 packages fix security vulnerability

Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and...

8.8CVSS4.2AI score0.03072EPSS
Exploits2References4
Mageia
Mageia
added 2017/10/30 7:23 p.m.43 views

Updated opensc_etc packages fix security vulnerability

A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...

5.9CVSS1.3AI score0.09825EPSS
Exploits0References2
Mageia
Mageia
added 2017/10/19 6:14 p.m.43 views

Updated poppler packages fix security vulnerabilities

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired function in Splash.cc via a crafted PDF document. CVE-2017-14518 In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling...

7.8CVSS1.6AI score0.0246EPSS
Exploits3References2
Mageia
Mageia
added 2017/10/09 9:51 a.m.43 views

Updated dnsmasq packages fix security vulnerabilities

CVE-2017-13704: Dnsmasq could be made to crash on a large DNS query. A DNS query received by UDP which exceeds 512 bytes or the EDNS0 packet size, if different. is enough to cause SIGSEGV. CVE-2017-14491: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies...

9.8CVSS2AI score0.93307EPSS
Exploits32References5
Mageia
Mageia
added 2017/10/05 8:8 p.m.43 views

Updated ghostscript packages fix security vulnerabilities

The InsMIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact via a crafted document. CVE-2017-9611 The InsIP function in base/ttinterp.c...

7.8CVSS6.5AI score0.0275EPSS
Exploits5References2
Mageia
Mageia
added 2017/08/15 9:57 a.m.43 views

Updated x11-server packages fix security vulnerabilities

Eric Sesterhenn discovered that the X.Org X server incorrectly compared MIT cookies. An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie CVE-2017-2624. It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X...

8.8CVSS2.9AI score0.03877EPSS
Exploits3References4
Mageia
Mageia
added 2017/06/12 7:42 a.m.43 views

Updated lxc packages fix security vulnerabilities

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container CVE-2016-8649. Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A...

9.1CVSS2.3AI score0.02813EPSS
Exploits0References5
Mageia
Mageia
added 2017/05/09 6:35 a.m.43 views

Updated ntp packages fix security vulnerability

A vulnerability was found in NTP, in the legacy MX4200 refclock implementation. If this refclock was compiled in and used, an attacker may be able to induce stack overflow, leading to a crash or potential code execution CVE-2017-6451. A vulnerability was found in NTP, in the building of response...

8.8CVSS2.7AI score0.06515EPSS
Exploits0References3
Mageia
Mageia
added 2017/03/25 4:56 p.m.43 views

Updated libwmf packages fix security vulnerability

The gdImageCreate function in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service system hang via an oversized image. CVE-2016-9317 The gdImageCreateFromGd2Ctx function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.4 allows remote...

7.8CVSS5.7AI score0.03736EPSS
Exploits0References1
Mageia
Mageia
added 2017/03/23 7:19 a.m.43 views

Updated kdelibs4 packages fix security vulnerability

Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part user:password@host, and in the path and th...

5.5CVSS0.3AI score0.00828EPSS
Exploits0References2
Mageia
Mageia
added 2016/12/15 8:33 p.m.43 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897,...

9.8CVSS3.9AI score0.21401EPSS
Exploits12References4
Mageia
Mageia
added 2016/12/09 8:42 a.m.43 views

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...

9.8CVSS0.2AI score0.02542EPSS
Exploits0References15
Mageia
Mageia
added 2016/10/04 7:44 a.m.43 views

Updated freerdp packages fix security vulnerabilities

FreeRDP could crash due to a NULL or invalid pointer CVE-2013-4118, CVE-2013-4119...

7.5CVSS1.7AI score0.04327EPSS
Exploits0References5
Mageia
Mageia
added 2016/09/21 8:38 p.m.43 views

Updated chromium-browser-stable packages fix security vulnerability

Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS UXSS." CVE-2016-5147 Cross-site scripting XSS...

8.8CVSS4AI score0.04702EPSS
Exploits0References4
Mageia
Mageia
added 2016/09/21 8:38 p.m.43 views

Updated nodejs packages fix security vulnerability

Under certain conditions, V8 may improperly expand memory allocations in the Zone::New function. This could potentially be used to cause a Denial of Service via buffer overflow or as a trigger for a remote code execution CVE-2016-1669. The primary npm registry has used HTTP bearer tokens to...

9.3CVSS2.9AI score0.04227EPSS
Exploits0References6
Mageia
Mageia
added 2016/07/26 9:16 p.m.43 views

Updated tomcat/apache-commons-fileupload packages fix security vulnerability

The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive,...

7.8CVSS1.4AI score0.35927EPSS
Exploits0References4
Mageia
Mageia
added 2016/05/20 11:38 a.m.43 views

Updated icu packages fix security vulnerability

It was discovered that ICU Layout Engine was missing multiple boundary and error return checks. These could lead to buffer overflows and memory corruption. A specially crafted font file could cause an application using ICU to parse untrusted fonts to crash and, possibly, execute arbitrary code...

10CVSS8.7AI score0.07514EPSS
Exploits0References3
Mageia
Mageia
added 2016/05/12 8:0 p.m.43 views

Updated mercurial packages fix security vulnerability

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...

8.8CVSS9.5AI score0.02655EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/19 8:40 a.m.43 views

Updated glibc packages fix security vulnerabilities

Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...

9.8CVSS9.3AI score0.89557EPSS
Exploits19References1
Mageia
Mageia
added 2016/01/29 11:2 a.m.43 views

Updated owncloud packages fix security vulnerability

A Cross-site scripting XSS vulnerability in the OCS discovery provider in ownCloud Server before 8.0.10 allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting CVE-2016-1498. ownCloud Server before 8.0.10 allows remote authenticated...

8.5CVSS6.3AI score0.03471EPSS
Exploits2References5
Mageia
Mageia
added 2015/12/28 7:23 p.m.43 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS7.6AI score0.06058EPSS
Exploits1References8
Mageia
Mageia
added 2015/12/28 7:23 p.m.43 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.559 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-8644. This...

10CVSS9.6AI score0.67922EPSS
Exploits4References2
Mageia
Mageia
added 2015/11/26 8:47 p.m.43 views

Updated libsndfile packages fix security vulnerability

Due to a heap overflow in libsndfile, a specially crafted AIFF header can manage index values in order to use memcpy to overwrite memory the heap CVE-2015-7805...

9.3CVSS6.3AI score0.134EPSS
Exploits1References4
Total number of security vulnerabilities5000