Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/03/07 8:37 p.m.•42 views

Updated dovecot packages fix security vulnerabilities

Dovecot has been updated to version 2.2.34 to fix two security issues. CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system,...

7.1CVSS3AI score0.17572EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•42 views

Updated ioquake3 packages fix security vulnerability

It was discovered that ioquake3 contained a read buffer overflow that allows remote attackers to cause a denial of service CVE-2017-11721...

9.8CVSS5.6AI score0.02517EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/22 7:49 p.m.•42 views

Updated quagga packages fix security vulnerability

This is an update to fix several security issues. 1. CVE-2018-5379: Fix double free of unknown attribute 2. CVE-2018-5380: debug print of received NOTIFY data can over-read msg array 3. CVE-2018-5381: fix infinite loop on certain invalid OPEN messages...

9.8CVSS2.4AI score0.39045EPSS
Exploits0References8
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•42 views

Updated libvpx packages fix security vulnerability

An out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure CVE-2017-7544...

9.1CVSS1.4AI score0.03273EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•42 views

Updated perl packages fix security vulnerability

Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...

9.1CVSS3.8AI score0.06207EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/06 8:22 a.m.•42 views

Updated poppler packages fix security vulnerabilities

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0 function in SplashOutputDev.cc via a crafted PDF document. CVE-2017-14927 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an...

8.8CVSS2.8AI score0.02585EPSS
Exploits2References6
Mageia
Mageia
•added 2017/11/06 8:22 a.m.•42 views

Updated lucene packages fix security vulnerability

It was found that the CoreParser class in Lucene accepts doctype declaration and expands external entities. An attacker could use this flaw to bypass security restrictions and access sensitive data CVE-2017-12629...

9.8CVSS3.6AI score0.91896EPSS
Exploits11References2
Mageia
Mageia
•added 2017/10/18 8:19 p.m.•42 views

Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

9.8CVSS0.5AI score0.16412EPSS
Exploits2References8
Mageia
Mageia
•added 2017/09/21 1:43 p.m.•42 views

Updated bluez packages fix security vulnerability

An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol SDP. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information...

6.5CVSS2.6AI score0.07774EPSS
Exploits3References3
Mageia
Mageia
•added 2017/09/10 12:36 p.m.•42 views

Updated libarchive packages fix security vulnerability

Heap-based buffer overflow in xmldata in archivereadsupportformatxar.c CVE-2017-14166...

6.5CVSS3.5AI score0.03341EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/03 2:31 p.m.•42 views

Updated botan packages fix security vulnerability

Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate CVE-2017-2801...

9.8CVSS3AI score0.01317EPSS
Exploits2References3
Mageia
Mageia
•added 2017/06/08 9:39 p.m.•42 views

Updated nss packages fix security vulnerability

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library CVE-2017-7502...

7.5CVSS1.5AI score0.04302EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/20 1:0 p.m.•42 views

Updated libgd packages fix security vulnerability

OOB reads of the TGA decompression buffer CVE-2016-6906. Double-free in gdImageWebPtr CVE-2016-6912. gdImageCreate doesn't check for oversized images and as such is prone to DoS vulnerabilities CVE-2016-9317. Potential unsigned underflow in gdinterpolation.c CVE-2016-10166. DOS vulnerability in...

9.8CVSS5.4AI score0.10687EPSS
Exploits0References5
Mageia
Mageia
•added 2016/12/15 8:33 p.m.•42 views

Updated chromium-browser-stable packages fix security vulnerabilities

Multiple flaws were found in the way Chromium 54 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206,...

10CVSS2AI score0.11182EPSS
Exploits5References3
Mageia
Mageia
•added 2016/12/05 9:49 p.m.•42 views

Updated firefox packages fix security vulnerability

A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-9079...

7.5CVSS4.4AI score0.87598EPSS
Exploits13References4
Mageia
Mageia
•added 2016/11/21 10:18 p.m.•42 views

Updated tre packages fix security vulnerability

The TRE library allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression CVE-2015-3796. A vulnerability has been found in the tre package that could allow an attacker to perform controlled he...

9.8CVSS9.2AI score0.12416EPSS
Exploits1References2
Mageia
Mageia
•added 2016/11/17 11:40 p.m.•42 views

Updated gnuchess packages fix security vulnerability

gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess CVE-2015-8972...

9.8CVSS9.4AI score0.03762EPSS
Exploits1References2
Mageia
Mageia
•added 2016/11/14 7:8 a.m.•42 views

Updated libwmf packages fix security vulnerability

The updated packages fix a security vulnerability: Memory allocation failure in wmfmalloc api.c CVE-2016-9011...

5.5CVSS2.5AI score0.02612EPSS
Exploits0References2
Mageia
Mageia
•added 2016/10/23 8:49 a.m.•42 views

Updated openjpeg packages fix security vulnerability

The openjpeg library was vulnerable to a crash when converting images due to a NULL pointer dereference in readpnmheader CVE-2016-7445...

7.5CVSS2.4AI score0.04191EPSS
Exploits1References2
Mageia
Mageia
•added 2016/10/04 12:20 p.m.•42 views

Updated python-django packages fix security vulnerability

CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...

7.5CVSS5.6AI score0.0613EPSS
Exploits1References2
Mageia
Mageia
•added 2016/09/28 5:59 a.m.•42 views

Updated graphicsmagick packages fix security vulnerability

A possible heap overflow of the EscapeParenthesis function CVE-2016-7447. The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU CVE-2016-7448. The TIFF reader had a bug...

9.8CVSS1.2AI score0.04021EPSS
Exploits0References2
Mageia
Mageia
•added 2016/09/16 9:27 a.m.•42 views

Updated cracklib packages fix security vulnerability

It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib CVE-2016-6318...

7.8CVSS4.6AI score0.00747EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•42 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect of ZendFramework is vulnerable to an SQL injection CVE-2016-6233...

9.8CVSS2.3AI score0.02047EPSS
Exploits1References3
Mageia
Mageia
•added 2016/07/12 7:49 p.m.•42 views

Updated flash-player-plugin packages fix 52 security vulnerabilities

Adobe Flash Player 11.2.202.632 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a race condition vulnerability that could lead to information disclosure CVE-2016-424...

9.3CVSS1.6AI score0.36456EPSS
Exploits26References2
Mageia
Mageia
•added 2016/06/09 12:45 p.m.•42 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822,...

8.8CVSS5.8AI score0.24039EPSS
Exploits7References10
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•42 views

Updated xymon packages fix security vulnerabilities

Updated xymon packages fix security vulnerabilities: The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service via application crash or remote code execution CVE-2016-2054. The incorrect handling of user-supplie...

9.8CVSS1.1AI score0.54507EPSS
Exploits7References2
Mageia
Mageia
•added 2016/05/12 8:0 p.m.•42 views

Updated mercurial packages fix security vulnerability

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...

8.8CVSS9.5AI score0.02655EPSS
Exploits0References3
Mageia
Mageia
•added 2016/04/26 6:2 p.m.•42 views

Updated libgd packages fix CVE-2016-3074

Updated libgd packages fix security vulnerability: A signedness vulnerability exists in libgd 2.1.1 and earlier which may result in a heap overflow when processing compressed gd2 data CVE-2016-3074...

9.8CVSS1.9AI score0.36974EPSS
Exploits8References2
Mageia
Mageia
•added 2016/04/26 6:2 p.m.•42 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The NCP dissector could crash CVE-2016-4076. TShark could crash due to a packet reassembly bug CVE-2016-4077. The IEEE 802.11 dissector could crash CVE-2016-4078. The PKTC dissector could crash CVE-2016-4079. The PKTC dissector could crash...

5.9CVSS1.4AI score0.02401EPSS
Exploits1References12
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•42 views

Updated dropbear packages fix CVE-2016-3116

Updated dropbear package fixes security vulnerability: Missing validation of X11 forwarding input could allow bypassing of authorizedkeys command= restrictions CVE-2016-3116...

6.4CVSS3.1AI score0.19302EPSS
Exploits4References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•42 views

Updated xdelta3 packages fix CVE-2014-9765

Updated xdelta3 package fixes security vulnerability: Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the maingetappheader function, which may lead to the execution of arbitrary code CVE-2014-9765...

8.8CVSS9.2AI score0.04157EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•42 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors CVE-2016-0766...

9CVSS6.3AI score0.06948EPSS
Exploits0References2
Mageia
Mageia
•added 2016/02/19 8:40 a.m.•42 views

Updated glibc packages fix security vulnerabilities

Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...

9.8CVSS9.3AI score0.89557EPSS
Exploits19References1
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•42 views

Updated encfs packages fix security vulnerability

A local attacker can utilize a possible buffer overflow in the encodeName method of StreamNameIO and BlockNameIO to execute arbitrary code or cause a Denial of Service. Also multiple weak cryptographics practices have been found in encfs CVE-2014-3462...

7.5CVSS8.2AI score0.03112EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/04 11:31 p.m.•42 views

Updated python-django packages fix security vulnerability

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format CVE-2015-8213...

5CVSS6.2AI score0.04284EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•42 views

Updated libsndfile packages fix security vulnerability

Due to a heap overflow in libsndfile, a specially crafted AIFF header can manage index values in order to use memcpy to overwrite memory the heap CVE-2015-7805...

9.3CVSS6.3AI score0.134EPSS
Exploits1References4
Mageia
Mageia
•added 2015/11/10 6:41 p.m.•42 views

Updated kernel-linus packages fixes security vulnerability

This update of kernel-linus provides the upstream 4.1.12 longterm kernel and fixes at least the following security issue: Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device...

4.9CVSS8.4AI score0.00445EPSS
Exploits0References5
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•42 views

Updated xmltooling packages fix CVE-2015-0851

Updated xmltooling and opensaml packages fix security vulnerability: The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a deni...

5CVSS7.3AI score0.02444EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•42 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...

7.5CVSS6.8AI score0.07483EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/11 8:22 p.m.•42 views

Updated firefox packages fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,...

10CVSS8.6AI score0.09027EPSS
Exploits0References13
Mageia
Mageia
•added 2015/07/31 10:46 p.m.•42 views

Updated bind package fixes security vulnerability

An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit CVE-2015-5477...

7.8CVSS7.7AI score0.91284EPSS
Exploits12References4
Mageia
Mageia
•added 2015/07/27 5:34 p.m.•42 views

Updated icu package fixes security vulnerability

The ucnviogetConverterName function in common/ucnvio.cpp in International Components for Unicode ICU mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service read of uninitialized memory or possibly have unspecified other impact via a craft...

6.8CVSS9.4AI score0.02732EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/09 8:9 a.m.•42 views

Updated bind package fixes security vulnerability

A recursive resolver that is performing DNSSEC validation can be deliberately terminated by any attacker who can cause a query to be performed against a maliciously constructed zone. This will result in a denial of service to clients who rely on that resolver CVE-2015-4620. Note that DNSSEC...

7.8CVSS8.2AI score0.37872EPSS
Exploits0References4
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•42 views

Updated curl package fixes security vulnerability

libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests CVE-2015-3236. libcurl can get tricked by a malicious SMB server to send of...

6.4CVSS9.1AI score0.09334EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•42 views

Updated pcre package fixes security vulnerability

PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed CVE-2015-5073...

9.1CVSS7.6AI score0.07673EPSS
Exploits1References2
Mageia
Mageia
•added 2015/05/27 4:57 p.m.•42 views

Updated fuse packages fix CVE-2015-3202

Updated fuse packages fix security vulnerability: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges CVE-2015-3202...

3.6CVSS6.5AI score0.01008EPSS
Exploits5References2
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•42 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.11, leaving gradebook feedback is a trusted action and such capabilities in other modules already have an XSS mask, 'mod/quiz:grade' was missing this flag CVE-2015-3174. In Moodle before 2.6.11, some error messages displa...

5.8CVSS7.2AI score0.01893EPSS
Exploits0References10
Mageia
Mageia
•added 2015/05/13 5:18 p.m.•42 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The WCP dissector could crash while decompressing data CVE-2015-3811. The X11 dissector could leak memory CVE-2015-3812. The IEEE 802.11 dissector could go into an infinite loop CVE-2015-3814...

7.8CVSS6.2AI score0.03731EPSS
Exploits0References6
Mageia
Mageia
•added 2015/05/06 3:16 p.m.•42 views

Updated x11-server packages fix CVE-2015-3418

Updated x11-server packages fix security vulnerability: A regression in the fix for CVE-2014-8092 MGASA-2014-0532 caused another issue which could lead to a local denial of service CVE-2015-3418...

7.5CVSS7.1AI score0.02314EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•42 views

Updated glusterfs packages fix security vulnerabilities

Updated glusterfs packages fix security vulnerability: glusterfs was vulnerable to a fragment header infinite loop denial of service attack CVE-2014-3619. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for th...

5CVSS8.4AI score0.02739EPSS
Exploits0References3
Total number of security vulnerabilities5000