Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2015/11/02 8:21 p.m.•43 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerability: Crafted xml causes out of bound memory access in libxml2 due to a heap buffer-overflow in xmlParseConditionalSections in parser.c CVE-2015-7942...

6.8CVSS7.7AI score0.04737EPSS
Exploits1References3
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•43 views

Updated xfsprogs packages fix CVE-2012-2150

Updated xfsprogs packages fix security vulnerability: xfsmetadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image CVE-2012-2150...

5CVSS4.8AI score0.04535EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•43 views

Updated bind packages fix security vulnerabilities

Updated bind packages fix security vulnerability: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from ...

7.8CVSS7.6AI score0.33652EPSS
Exploits0References5
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•43 views

Updated python-django and python-django14 packages fix security vulnerabilities

Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service...

5CVSS6.3AI score0.05163EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/30 9:8 p.m.•43 views

Updated groovy package fixes security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whic...

9.8CVSS9.2AI score0.42983EPSS
Exploits4References2
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•43 views

Updated python-django and python-django14 packages fix security vulnerabilities

Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users' sessi...

7.8CVSS6.5AI score0.07266EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•43 views

Updated ansible package fixes security vulnerability

Update to 1.9.2. Fixes CVE-2015-3908 hostname and cert matching in some modules and plugins and another not yet issued CVE on chroot/jail/zone connection plugins as well as a number of bugfixes...

4.3CVSS7.5AI score0.00933EPSS
Exploits0References1
Mageia
Mageia
•added 2015/07/27 5:45 p.m.•43 views

Updated chromium-browser package fixes security vulnerabilities

Chromium-browser 44.0.2403.107 fixes several security issues: PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

9.8CVSS10.4AI score0.03615EPSS
Exploits2References3
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•43 views

Updated avidemux packages fix security vulnerabilities

Updated avidemux packages fix security vulnerabilities: The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJP...

7.5CVSS8.4AI score0.02568EPSS
Exploits0References5
Mageia
Mageia
•added 2015/04/18 8:21 a.m.•43 views

Updated potrace packages fix CVE-2013-7437

Updated potrace packages fix security vulnerability: Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service crash via large dimensions in a BMP image, which triggers a buffer overflow CVE-2013-7437...

5CVSS6.5AI score0.03315EPSS
Exploits1References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•43 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.457 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution...

10CVSS7.6AI score0.95184EPSS
Exploits11References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•43 views

Updated asterisk packages fix CVE-2015-3008

Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte...

4.3CVSS7.1AI score0.46156EPSS
Exploits0References4
Mageia
Mageia
•added 2015/03/14 6:44 p.m.•43 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.451 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution...

10CVSS10.1AI score0.71536EPSS
Exploits5References3
Mageia
Mageia
•added 2015/03/06 6:8 p.m.•43 views

Updated apache packages fix CVE-2015-0228

Updated apache packages fix security vulnerability: In the modlua module in the Apache HTTP Server through 2.4.10, a maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash CVE-2015-0228...

5CVSS9AI score0.18812EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•43 views

Updated apache-poi packages fix CVE-2014-9527

Updated apache-poi packages fixes security vulnerability: A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely...

5CVSS6.2AI score0.07922EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/15 3:57 p.m.•43 views

Updated cups packages fix CVE-2014-9679

Updated cups packages fix security vulnerability: A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels CVE-2014-9679...

6.8CVSS6.9AI score0.04633EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/06 4:51 p.m.•43 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.442 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves use-after-free vulnerabilities that could lead to code execution...

10CVSS8.6AI score0.95683EPSS
Exploits13References3
Mageia
Mageia
•added 2015/01/07 4:32 p.m.•43 views

Updated apache packages fix CVE-2014-8109

Updated apache packages fix security vulnerability: modlua.c in the modlua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers...

4.3CVSS7.4AI score0.22016EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•43 views

Updated libpng packages fix CVE-2014-9495

Updated libpng packages fix security vulnerability: libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in pngcombinerow when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary attacker-controlled dat...

10CVSS7.3AI score0.03889EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•43 views

Updated wss4j packages fix CVE-2014-3623

Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors CVE-2014-3623...

5CVSS6.5AI score0.09224EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/20 1:51 p.m.•43 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated CVE-2014-9293. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys...

7.5CVSS7.4AI score0.7809EPSS
Exploits4References8
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•43 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.400 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

10CVSS7.1AI score0.07552EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/04 11:12 a.m.•43 views

Updated gcc packages fix security vulnerability and other bugs

Updated gcc packages fix the following security issue: Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code. CVE-2014-5044 They also fix...

9.8CVSS9.7AI score0.05886EPSS
Exploits0References1
Mageia
Mageia
•added 2014/07/26 11:32 a.m.•43 views

Updated nss, firefox and thunderbird packages fix security vulnerabilities

A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application CVE-2014-1544. Several flaws were found in the processing ...

10CVSS9.9AI score0.06109EPSS
Exploits0References11
Mageia
Mageia
•added 2014/07/08 10:50 p.m.•43 views

Updated liblzo packages fix CVE-2014-4607

Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker CVE-2014-4607...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/06/27 3:8 p.m.•43 views

Updated gnupg & gnupg2 packages fixes CVE-2014-4617

Updated gnupg and gnupg2 packages fix security vulnerability: GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop CVE-2014-4617...

5CVSS6.1AI score0.03305EPSS
Exploits0References4
Mageia
Mageia
•added 2014/06/27 2:57 p.m.•43 views

Updated ctdb package fixes CVE-2013-4159

Updated ctdb packages fix security vulnerability: ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket CVE-2013-4159...

7.5CVSS1.9AI score0.02371EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/18 6:2 p.m.•43 views

Updated qt3 packages fix security vulnerabilities

Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted...

5CVSS7.1AI score0.03957EPSS
Exploits0References7
Mageia
Mageia
•added 2014/06/02 6:47 p.m.•43 views

Updated gnutls packages fix CVE-2104-3465-6

Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...

6.8CVSS8.7AI score0.11221EPSS
Exploits1References4
Mageia
Mageia
•added 2014/04/09 3:40 p.m.•43 views

Updated flash-player-plugin package fixes multiple vulnerabilities

Adobe Flash Player 11.2.202.350 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a use-after-free vulnerability that could result in...

10CVSS7.6AI score0.0761EPSS
Exploits4References2
Mageia
Mageia
•added 2014/04/09 5:36 a.m.•43 views

Updated squid packages fix CVE-2014-0128

Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128...

5CVSS6.3AI score0.32862EPSS
Exploits1References4
Mageia
Mageia
•added 2014/04/03 3:18 p.m.•43 views

Updated python-imaging package fixes insecure use of temporary files

Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created via mktemp in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perfo...

4.4CVSS8.6AI score0.00492EPSS
Exploits2References4
Mageia
Mageia
•added 2014/04/03 1:7 a.m.•43 views

Updated springframework packages fix multiple vulnerabilities

Updated springframework packages fix security vulnerabilities: Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities CVE-2014-0054. Spring MVC introduces a cross-site scripting vulnerability if the action on a Spring form is not specified CVE-2014-1904...

6.8CVSS7.2AI score0.91354EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/03 1:2 a.m.•43 views

Updated perl-YAML-LibYAML package fixes security vulnerabilies

Updated perl-YAML-LibYAML packages fix security vulnerabilities: Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag...

6.8CVSS8AI score0.09312EPSS
Exploits2References3
Mageia
Mageia
•added 2014/04/03 12:50 a.m.•43 views

Updated xalan-j2 packages fix CVE-2014-0107

Updated xalan-j2 packages fix security vulnerability: Nicolas Gregoire discovered several vulnerabilities in libxalan2-java. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution CVE-2014-0107...

7.5CVSS9.2AI score0.13809EPSS
Exploits2References2
Mageia
Mageia
•added 2014/03/19 5:40 p.m.•43 views

Updated apache packages fix security vulnerabilities

Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098...

5CVSS7.4AI score0.26831EPSS
Exploits2References2
Mageia
Mageia
•added 2014/02/25 9:59 p.m.•43 views

Updated oath-toolkit packages fix security vulnerability

It was found that comments lines starting with a hash in /etc/users.oath could prevent one-time-passwords OTP from being invalidated, leaving the OTP vulnerable to replay attacks CVE-2013-7322...

4.9CVSS1.2AI score0.00884EPSS
Exploits0References4
Mageia
Mageia
•added 2014/02/21 6:13 p.m.•43 views

Updated freeradius package fixes security vulnerability

SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlmpap module if the password source uses an unusually long hashed password CVE-2014-2015...

7.5CVSS9.6AI score0.03912EPSS
Exploits1References4
Mageia
Mageia
•added 2014/02/12 5:15 p.m.•43 views

Updated qemu package fixes security vulnerability

Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service CVE-2013-4377. Additionally, qemu has been updated to 1.6.2, fixing several other bugs...

2.3CVSS1.5AI score0.0046EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/10 7:51 p.m.•43 views

Updated springframework packages fix CVE-2013-4152

Updated springframework packages fix security vulnerability: Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites CVE-2013-4152...

6.8CVSS2.1AI score0.26467EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/06 1:2 a.m.•43 views

Updated ruby package fixes security vulnerability

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

6.8CVSS4.3AI score0.34968EPSS
Exploits3References4
Mageia
Mageia
•added 2013/12/12 10:21 p.m.•43 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

7.5CVSS2.1AI score0.02142EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/25 9:0 p.m.•43 views

Updated icu packages fix CVE-2013-2924

Updated icu packages fix security vulnerability: It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program...

7.5CVSS3AI score0.02531EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/05 5:55 p.m.•43 views

Updated libvirt package fixes security vulnerabilities

It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service CVE-2013-4296. It was discovered that libvirt incorrectly handled certain bitmap operations. A remote attacker could...

5CVSS2.3AI score0.02678EPSS
Exploits1References1
Mageia
Mageia
•added 2013/08/30 5:36 p.m.•43 views

Updated asterisk package fixes security vulnerabilities

A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present CVE-2013-5641. A remotely exploitable crash vulnerability exists in the S...

5CVSS0.2AI score0.11653EPSS
Exploits0References3
Mageia
Mageia
•added 2013/08/30 5:30 p.m.•43 views

Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once

Updated php packages fix security vulnerability: The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

4.3CVSS2.9AI score0.03588EPSS
Exploits0References5
Mageia
Mageia
•added 2013/07/26 11:52 a.m.•43 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline CVE-2013-2853. Chrome does not properly prevent pop-under windows CVE-2013-2867...

9.3CVSS0.5AI score0.02333EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/26 11:34 a.m.•43 views

Updated apache packages fix CVE-2013-1896

Updated apache packages fix security vulnerability: moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

4.3CVSS3.7AI score0.29484EPSS
Exploits3References4
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•43 views

Updated libvirt packages fix security vulnerability

It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd...

5CVSS2.1AI score0.03513EPSS
Exploits0References2
Mageia
Mageia
•added 2025/04/12 4:23 a.m.•42 views

Updated gnupg2 packages fix security vulnerability

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS". CVE-2025-30258...

4.7CVSS6.1AI score0.00179EPSS
Exploits1References2
Total number of security vulnerabilities5000