Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/03/06 7:55 a.m.•41 views

Updated xerces-c packages fix CVE-2017-12627

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processi...

9.8CVSS3.9AI score0.08751EPSS
Exploits3References2
Mageia
Mageia
•added 2018/02/25 5:31 p.m.•41 views

Updated ghostscript packages fix security vulnerability

The fillthreshholdbuffer function in base/gxhtthresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document CVE-2016-10317...

7.8CVSS6AI score0.02282EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•41 views

Updated postgresql packages fix security vulnerability

In postgresql 9.4.x before 9.4.16 and 9.6.x before 9.6.7, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which is normally used for other temporary files. This can allow ...

7CVSS6.9AI score0.00491EPSS
Exploits0References4
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•41 views

Updated apache-commons-email packages fix security vulnerability

Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly validate bounce addresses. If a user of Commons-Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients,...

7.5CVSS2.4AI score0.02863EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/25 1:36 p.m.•41 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...

9.8CVSS4AI score0.07262EPSS
Exploits0References5
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•41 views

Updated awstats packages fix security vulnerability

The cPanel Security Team discovered two path traversal flaws in awstats in the "config" and "migrate" parameters that could be leveraged for unauthenticated remote code execution CVE-2017-1000501...

9.8CVSS4.1AI score0.04352EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/02 4:25 p.m.•41 views

Updated samba packages fix security vulnerability

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. CVE-2017-12150 Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote...

7.5CVSS1.5AI score0.21408EPSS
Exploits0References6
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•41 views

Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability

Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...

7.8CVSS2.7AI score0.07967EPSS
Exploits1References12
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•41 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

JPEG gdkpixbufjpegimageloadincrement Code Execution Vulnerability CVE-2017-2862. tiffimageparse Code Execution Vulnerability CVE-2017-2870. Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked...

8.8CVSS2.7AI score0.04599EPSS
Exploits9References3
Mageia
Mageia
•added 2017/12/28 1:16 p.m.•41 views

Updated glibc packages fix security vulnerabilities

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.CVE-2017-12132, CVE-2017-12133. The GNU C Library aka...

9.8CVSS2.9AI score0.03002EPSS
Exploits0References1
Mageia
Mageia
•added 2017/12/07 8:54 p.m.•41 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 3.3.5, which fixes several security vulnerabilities and other bugs which were corrected upstream...

6.5CVSS4AI score0.01655EPSS
Exploits0References4
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•41 views

Updated postgresql packages fix security vulnerabilities

The startup log file for the postmaster in newer releases, "postgres" process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data CVE-2017-12172. Crash d...

8.1CVSS0.7AI score0.06324EPSS
Exploits0References7
Mageia
Mageia
•added 2017/11/20 9:18 p.m.•41 views

Updated krb5 packages fix security vulnerabilities

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances CVE-2017-7562...

9.8CVSS2.4AI score0.0837EPSS
Exploits0References4
Mageia
Mageia
•added 2017/11/19 11:20 a.m.•41 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-7826, CVE-2017-7828, CVE-2017-7830...

10CVSS3.9AI score0.07439EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/30 7:23 p.m.•41 views

Updated irssi packages fix security vulnerabilities

While waiting for the channel synchronization, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on CVE-2017-15227. When installing themes with unterminated color formatting sequences, Irssi may access...

7.5CVSS2.1AI score0.02371EPSS
Exploits0References2
Mageia
Mageia
•added 2017/10/18 8:19 p.m.•41 views

Updated openvpn packages fix security vulnerability

The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0...

9.8CVSS3.3AI score0.03629EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/05 8:8 p.m.•41 views

Updated libraw packages fix security vulnerabilities

There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It cou...

9.8CVSS4.1AI score0.04336EPSS
Exploits0References7
Mageia
Mageia
•added 2017/09/14 6:21 p.m.•41 views

Updated libsndfile packages fix security vulnerability

It was discovered that a Heap-based Buffer Overflow in the psfbinheaderwritef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

9.8CVSS6.6AI score0.03978EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/17 8:2 a.m.•41 views

Updated poppler packages fix security vulnerabilities

Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service CVE-2017-7511. It was discovered that the...

7.8CVSS2.8AI score0.04338EPSS
Exploits1References4
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•41 views

Updated qpdf packages fix security vulnerabilities

This snapshot of the upstream development branch 6.0 of qpdf fixes several infinite loop vulnerabilities: CVE-2017-9208, CVE-2017-9209, CVE-2017-9210, CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627. For Mageia 5, the cups-filters package was also rebuilt against this new major...

5.5CVSS4.5AI score0.01465EPSS
Exploits4References2
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•41 views

Updated jbig2dec packages fix security vulnerability

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened CVE-2016-9601. Artifex jbig2dec has a heap-based buffer over-read leading to...

7.8CVSS3.7AI score0.01813EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/18 4:29 p.m.•41 views

Updated jitsi packages fix security vulnerability

An incorrect implementation of XEP-0280: Message Carbons in Jitsi and other XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks CVE-2017-5603...

5.9CVSS5.5AI score0.0155EPSS
Exploits2References2
Mageia
Mageia
•added 2016/12/29 10:29 a.m.•41 views

Updated hdf5 packages fix security vulnerabilities

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution CVE-2016-4330. When decoding data out of a dataset...

8.6CVSS1.9AI score0.00812EPSS
Exploits8References2
Mageia
Mageia
•added 2016/10/21 2:48 p.m.•41 views

Updated c-ares packages fix security vulnerability

In c-ares before 1.12.0, When a string is passed in to 'arescreatequery' or 'aresmkquery' and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong and subsequently writes outside of the the allocated buffer with one byte. The wrongly written byte is the least...

9.8CVSS1.5AI score0.08583EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•41 views

Updated gnupg/libgcrypt packages fix security vulnerability

Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output CVE-2016-6313. The gnupg package has been...

5.3CVSS1.5AI score0.03597EPSS
Exploits0References3
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•41 views

Updated python-django packages fix security vulnerability

It was discovered that Django is prone to a cross-site scripting vulnerability in the admin's add/change related popup CVE-2016-6186...

6.1CVSS1.2AI score0.05536EPSS
Exploits6References3
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•41 views

Updated harfbuzz packages fix security vulnerability

Two memory access issues, including a heap-based buffer overflow CVE-2015-8947 and incorrect table length check CVE-2016-2052 could lead to a denial of service when rendering a crafted OpenType font...

7.6CVSS7.8AI score0.02451EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•41 views

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a BBCode injection to setup script in case it's not accessed on https CVE-2016-5701. In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control...

9.8CVSS0.3AI score0.02948EPSS
Exploits0References10
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•41 views

Updated cacti packages fix security vulnerabilities

Updated cacti package fixes security vulnerability: SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action CVE-2016-3172. SQL injection vulnerability in graphview.php ...

8.8CVSS6.9AI score0.02827EPSS
Exploits3References2
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•41 views

Updated putty packages fix CVE-2016-2563

Updated putty package fixes security vulnerability: Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited,...

9.8CVSS3.4AI score0.34216EPSS
Exploits4References3
Mageia
Mageia
•added 2016/02/19 8:40 a.m.•41 views

Updated nodejs packages fix security vulnerability

A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...

7.5CVSS1.9AI score0.07013EPSS
Exploits0References4
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•41 views

Updated python-pillow packages fix security vulnerability

A buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file CVE-2016-0740. A buffer overflow in FliDecode.c causing a segfault when opening FLI files CVE-2016-0775. A buffer overflow in PcdDecode.c causing a segfault...

6.5CVSS4.2AI score0.02689EPSS
Exploits0References4
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•41 views

Updated krb5 packages fix security vulnerability

In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database CVE-2015-8629. In MIT krb5 1.12 and...

7.5CVSS6.5AI score0.04643EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/21 9:38 p.m.•41 views

Updated dhcpcd packages fix security vulnerability

Possible heap overflow in dhcpcd before 6.10.0 caused by malformed dhcp responses due to incorrect option length values CVE-2016-1503. Possible invalid read in dhcpcd before 6.10.0 caused by malformed dhcp responses can lead to a crash CVE-2016-1504. The dhcpcd package has been updated to version...

10CVSS2.2AI score0.06344EPSS
Exploits0References11
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•41 views

Updated dhcp packages fix security vulnerability

A badly formed packet with an invalid IPv4 UDP length field can cause an ISC DHCP server, client, or relay program to terminate abnormally CVE-2015-8605. The dhcp package has been updated to version 4.3.3-P1, which fixes this issue and several other bugs. Also, the package has also been enhanced ...

6.5CVSS6.7AI score0.7645EPSS
Exploits0References5
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•41 views

Updated bugzilla packages fix security vulnerability

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...

7.5CVSS5AI score0.03371EPSS
Exploits3References7
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•41 views

Updated bouncycastle packages fix security vulnerability

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack" CVE-2015-7940...

5CVSS8.4AI score0.0482EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•41 views

Updated uglify-js packages fix security vulnerability

The UglifyJS node module has a problem where the combination of De Morgan's Law and non-boolean values can lead to a case where code is incorrectly minified, which can lead to possibly malicious minified JS code...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•41 views

Updated latex2rtf packages fix security vulnerability

A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable 'keywords' in the function CmdKeywords may hold a malicious input strin...

9.3CVSS7.8AI score0.03556EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•41 views

Updated libreoffice packages fix security vulnerability

Federico Scrinzi discovered that LibreOffice incorrectly handled documents inserted into Writer or Calc via links. If a user were tricked into opening a specially crafted document, a remote attacker could possibly obtain the contents of arbitrary files CVE-2015-4551. It was discovered that...

6.8CVSS8.1AI score0.13826EPSS
Exploits0References14
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•41 views

Updated sddm packages fixes security vulnerability

Pavel Avgustinov discovered that SDDM does not disable the KDE crash handler, and certain themes would allow shell access to the sddm user as a result in case of a crash CVE-2015-0856. Only SDDM users using the Breeze theme from plasma-workspace are affected...

4.6CVSS6.4AI score0.00414EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/27 9:6 a.m.•41 views

Updated virtualbox packages fix security vulnerabilities

A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash...

5CVSS6.4AI score0.03667EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/14 5:55 a.m.•41 views

Updated flash-player-plugin packages fixes security vulnerabilities

Adobe Flash Player 11.2.202.535 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a vulnerability that could be exploited to bypass the same-origin-policy and lead to...

10CVSS7.6AI score0.08245EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/02 11:52 p.m.•41 views

Updated gdk-pixbuf2.0 packages fix security vulnerabilities

Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash CVE-2015-7673. Security research...

6.8CVSS7.7AI score0.05796EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/21 9:7 p.m.•41 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.521 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-5573. This...

10CVSS7.6AI score0.45511EPSS
Exploits2References2
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•41 views

Updated openldap package fixes security vulnerability

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call in the bergetnext method in a/libraries/liblber/io.c that is hit when decoding tampered BER data CVE-2015-6908...

5CVSS5.6AI score0.19984EPSS
Exploits1References3
Mageia
Mageia
•added 2015/07/08 10:3 p.m.•41 views

Updated cups-filters package fixes security vulnerability

A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of...

7.5CVSS7.5AI score0.08295EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•41 views

Updated libwmf package fixes security vulnerability

It was discovered that libwmf did not correctly process certain WMF Windows Metafiles containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges ...

6.8CVSS7.6AI score0.09221EPSS
Exploits3References3
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•41 views

Updated redis package fixes security vulnerability

It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...

10CVSS8.1AI score0.09636EPSS
Exploits2References2
Mageia
Mageia
•added 2015/05/11 8:10 p.m.•41 views

Updated libssh packages fix CVE-2015-3146

Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet whi...

7.5CVSS6.5AI score0.0391EPSS
Exploits0References2
Total number of security vulnerabilities5000