Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2015/02/15 3:57 p.m.•42 views

Updated rsync package fixes security vulnerability

Updated rsync package fixes security vulnerability: Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption CVE-2014-2855. The...

7.8CVSS6.2AI score0.04119EPSS
Exploits1References3
Mageia
Mageia
•added 2015/02/15 3:57 p.m.•42 views

Updated cups packages fix CVE-2014-9679

Updated cups packages fix security vulnerability: A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels CVE-2014-9679...

6.8CVSS6.9AI score0.04633EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/07 4:32 p.m.•42 views

Updated apache packages fix CVE-2014-8109

Updated apache packages fix security vulnerability: modlua.c in the modlua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers...

4.3CVSS7.4AI score0.22016EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•42 views

Updated claws-mail packages fix security vulnerability

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service crash via a crafted TNEF file, which triggers a buffer overflow CVE-2010-5109. The claws-mail package contains an embedded copf of libytnef, which has been...

4.3CVSS5.3AI score0.02387EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•42 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-8137. A heap-based buffe...

7.5CVSS7.1AI score0.18501EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/22 10:54 a.m.•42 views

Updated polarssl package fix security vulnerabilities

A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker signature algorithm than available. This has been fixed in PolarSSL 1.3.9 CVE-2014-8627. Two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in PolarSSL 1.3.9 CVE-2014-8628...

7.8CVSS6.4AI score0.0209EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•42 views

Updated python-imaging and python-pillow packages fix security vulnerability

Python Image Library PIL 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters, due to an incomplete fix for CVE-2014-1932 CVE-2014-3007...

10CVSS9.4AI score0.12055EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/09 2:6 p.m.•42 views

Updated fish package fixes multiple security vulnerabilities

Updated fish packages fix security vulnerability: fish, from at least version 1.16.0 to version 2.1.0 inclusive, does not check the credentials of processes communicating over the fishd universal variable server UNIX domain socket. This allows a local attacker to elevate their privileges to those...

9.8CVSS9.1AI score0.0319EPSS
Exploits0References4
Mageia
Mageia
•added 2014/09/22 8:31 a.m.•43 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.406 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

10CVSS9.1AI score0.84178EPSS
Exploits7References2
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•42 views

Updated dump package fix CVE-2014-4607

Updated dump packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The dump package is buil...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•42 views

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicatio...

4CVSS7.9AI score0.07495EPSS
Exploits0References6
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•42 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.400 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

10CVSS7.1AI score0.07552EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/04 11:12 a.m.•42 views

Updated gcc packages fix security vulnerability and other bugs

Updated gcc packages fix the following security issue: Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code. CVE-2014-5044 They also fix...

9.8CVSS9.7AI score0.05886EPSS
Exploits0References1
Mageia
Mageia
•added 2014/07/08 10:50 p.m.•42 views

Updated liblzo packages fix CVE-2014-4607

Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker CVE-2014-4607...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/06/02 6:47 p.m.•42 views

Updated gnutls packages fix CVE-2104-3465-6

Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...

6.8CVSS8.7AI score0.11221EPSS
Exploits1References4
Mageia
Mageia
•added 2014/05/19 6:46 p.m.•42 views

Updated moodle packages fix multiple vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...

6.8CVSS6.2AI score0.02992EPSS
Exploits0References8
Mageia
Mageia
•added 2014/04/28 3:54 p.m.•42 views

Updated python-django packages fix multiple vulnerabilities

Updated python-django and python-dgango14 packages fix security vulnerabilities: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulti...

10CVSS6.8AI score0.0565EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/15 6:22 p.m.•42 views

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request...

7.5CVSS7.5AI score0.1639EPSS
Exploits2References3
Mageia
Mageia
•added 2014/04/03 12:50 a.m.•42 views

Updated xalan-j2 packages fix CVE-2014-0107

Updated xalan-j2 packages fix security vulnerability: Nicolas Gregoire discovered several vulnerabilities in libxalan2-java. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution CVE-2014-0107...

7.5CVSS9.2AI score0.13809EPSS
Exploits2References2
Mageia
Mageia
•added 2014/03/19 5:40 p.m.•42 views

Updated apache packages fix security vulnerabilities

Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098...

5CVSS7.4AI score0.26831EPSS
Exploits2References2
Mageia
Mageia
•added 2014/03/03 7:58 p.m.•42 views

Updated qt5 packages fix security vulnerability.

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service CVE-2013-4549...

5CVSS2.2AI score0.03105EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/21 6:13 p.m.•42 views

Updated freeradius package fixes security vulnerability

SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlmpap module if the password source uses an unusually long hashed password CVE-2014-2015...

7.5CVSS9.6AI score0.03912EPSS
Exploits1References4
Mageia
Mageia
•added 2014/01/24 9:1 p.m.•42 views

Updated lightdm-gtk-greeter fixes CVE-2014-0979

Updated lightdm-gtk-greeter package fixes security vulnerability: lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdmgreetergetauthenticationuser returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference...

2.1CVSS6.2AI score0.0041EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/21 4:8 p.m.•42 views

Updated x11-server package fixes security vulnerability

Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code CVE-2013-6424...

5CVSS4.5AI score0.02879EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/05 5:55 p.m.•42 views

Updated libvirt package fixes security vulnerabilities

It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service CVE-2013-4296. It was discovered that libvirt incorrectly handled certain bitmap operations. A remote attacker could...

5CVSS2.3AI score0.02678EPSS
Exploits1References1
Mageia
Mageia
•added 2013/09/19 9:49 a.m.•42 views

Updated firefox and thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird CVE-2013-1718, CVE-2013-1722,...

10CVSS1.7AI score0.08894EPSS
Exploits1References12
Mageia
Mageia
•added 2013/09/19 9:46 a.m.•42 views

Updated lightdm package fixes security vulnerability

lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with world-readable permissions CVE-2013-4331. Additionally, an issue where a user logged into a graphical desktop environment through lightdm would lose privleges to local devices such as the sound card when using the 'su' command...

2.1CVSS1.8AI score0.00368EPSS
Exploits0References3
Mageia
Mageia
•added 2013/09/19 9:35 a.m.•42 views

Updated wireshark package fixes security vulnerabilities

The ASSA R3 dissector could go into an infinite loop CVE-2013-5719. The RTPS dissector could overflow a buffer CVE-2013-5720. The MQ dissector could crash CVE-2013-5721. The LDAP dissector could crash CVE-2013-5722. The Netmon file parser could crash wpna-sec-2013-60...

5CVSS3.7AI score0.0284EPSS
Exploits1References10
Mageia
Mageia
•added 2013/08/30 5:44 p.m.•42 views

Updated libdigidoc packages fix CVE-2013-5648

Updated libdigidoc packages fix security vulnerability: Fixed one critical bug in the DDOC parsing routines. By persuading a victim to open a specially-crafted DDOC file, a remote attacker could exploit this vulnerability to overwrite arbitrary files on the system with the privileges of the victi...

6.8CVSS5.7AI score0.02053EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/30 5:36 p.m.•42 views

Updated asterisk package fixes security vulnerabilities

A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present CVE-2013-5641. A remotely exploitable crash vulnerability exists in the S...

5CVSS0.2AI score0.11653EPSS
Exploits0References3
Mageia
Mageia
•added 2013/08/17 8:43 a.m.•42 views

Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

4.3CVSS6.8AI score0.05347EPSS
Exploits1References3
Mageia
Mageia
•added 2013/07/21 9:25 a.m.•42 views

Updated python-suds package fixes security vulnerability

An insecure temporary directory use flaw was found in the way python-suds performed initialization of its internal file-based URL cache predictable location was used for directory to store the cached files. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to...

1.2CVSS1.4AI score0.00558EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/18 7:11 a.m.•42 views

Updated php packages fix CVE-2013-4113

Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages has been upgraded to the latest version 2013.4...

6.8CVSS2.4AI score0.05186EPSS
Exploits0References4
Mageia
Mageia
•added 2013/06/18 3:0 p.m.•42 views

Updated php packages fix security vulnerabilies

Heap based buffer overflow in quotedprintableencode in PHP before version 5.4.16 CVE-2013-2110. Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service applicati...

5CVSS5AI score0.06748EPSS
Exploits1References3
Mageia
Mageia
•added 2013/06/18 2:58 p.m.•42 views

Updated owncloud package fixes security vulnerabilities

Cross-site scripting XSS vulnerabilities in js/viewer.js inside the filesvideoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files CVE-2013-2150...

3.5CVSS4.9AI score0.01152EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/13 7:41 p.m.•41 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation. CVE-2025-4207...

5.9CVSS6.9AI score0.00612EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/12 6:41 a.m.•41 views

Updated radare2 packages fix security vulnerability

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parsedie function. CVE-2024-29645...

7.8CVSS7.8AI score0.00242EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/27 5:21 p.m.•41 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities

Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...

7.4CVSS7.2AI score0.01257EPSS
Exploits0References5
Mageia
Mageia
•added 2024/07/16 3:21 a.m.•41 views

Updated sendmail packages fix security vulnerability

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS7.3AI score0.01073EPSS
Exploits2References3
Mageia
Mageia
•added 2024/07/15 4:54 p.m.•41 views

Updated libreoffice packages fix security vulnerability

TLS certificates are not properly verified when utilizing LibreOfficeKit. CVE-2024-5261...

10CVSS7.3AI score0.00428EPSS
Exploits0References3
Mageia
Mageia
•added 2024/06/15 11:7 p.m.•41 views

Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

6.7CVSS7.6AI score0.00346EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/08 4:34 p.m.•41 views

Updated 0-plugins-base packages fix security vulnerability

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS8AI score0.01565EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/25 11:39 p.m.•41 views

Updated mariadb packages fix security vulnerability and bugs

Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor site...

4.9CVSS7.3AI score0.00424EPSS
Exploits0References3
Mageia
Mageia
•added 2024/04/15 6:21 p.m.•41 views

Updated upx packages fix security vulnerability

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...

9.8CVSS7.2AI score0.01223EPSS
Exploits1References3
Mageia
Mageia
•added 2024/02/17 12:55 a.m.•41 views

Updated vim packages fix a security vulnerability

The updated packages fix a security vulnerability: Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667...

7.8CVSS7.8AI score0.00563EPSS
Exploits1References2
Mageia
Mageia
•added 2023/12/08 10:55 a.m.•41 views

Updated firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...

8.8CVSS8.1AI score0.01406EPSS
Exploits0References4
Mageia
Mageia
•added 2023/11/06 11:8 p.m.•41 views

Updated libsndfile packages fix a security vulnerability

Add upstream patch to fix CVE-2022-33065...

7.8CVSS7.2AI score0.00351EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/13 10:56 p.m.•41 views

Updated the curl packages to fix two security vulnerabilities

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...

9.8CVSS7.6AI score0.78483EPSS
Exploits6References7
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•41 views

Updated systemd packages fix security vulnerability

Local information leak due to systemd-coredump not respecting the fs.suiddumpable kernel setting CVE-2022-4415...

5.5CVSS6.7AI score0.00867EPSS
Exploits1References6
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•41 views

Updated php-smarty packages fix security vulnerability

Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...

7.1CVSS6.2AI score0.01025EPSS
Exploits0References5
Total number of security vulnerabilities5000