Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/08/31 9:11 p.m.•40 views

Updated libarchive packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader CVE-2017-14501. libarchive 3.3.2 suffe...

6.5CVSS4.5AI score0.02147EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•40 views

Updated gimp packages fix security vulnerabilities

Updated gimp packages fix security vulnerabilities: Several vulnerabilities were discovered in GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787...

7.8CVSS2.4AI score0.01952EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/12 8:41 a.m.•40 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 29.0.0.171 addresses a critical type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4944...

10CVSS3.1AI score0.08991EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•40 views

Updated sox packages fix security vulnerabilities

This update for sox fixes the following security issues: CVE-2017-11332: Fixed the startread function in wav.c, which allowed remote attackers to cause a DoS divide-by-zero via a crafted wav file. CVE-2017-11358: Fixed the readsamples function in hcom.c, which allowed remote attackers to cause a...

7.5CVSS4AI score0.07401EPSS
Exploits8References1
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•40 views

Updated tomcat-native package fixes security vulnerability

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected if the OCSP check...

5.9CVSS1.9AI score0.03594EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•40 views

Updated freetype2 packages fix security vulnerability

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the InsGETVARIATION function within ttinterp.c could lead to DoS via a crafted font file CVE-2018-6942...

6.5CVSS2.4AI score0.02124EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/27 9:19 a.m.•40 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.6, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.06468EPSS
Exploits3References4
Mageia
Mageia
•added 2018/01/02 3:2 p.m.•40 views

Updated libzip packages fix security vulnerability

The zipreadeocd64 function mishandled EOCD records, which allowed remote attackers to cause a denial of service memory allocation failure in zipcdirgrow in zipdirent.c via a crafted ZIP archive CVE-2017-14107...

6.5CVSS5.3AI score0.032EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•40 views

Updated gstreamer0.10-plugins-ugly packages fix security vulnerability

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened CVE-2017-5846, CVE-2017-5847...

7.5CVSS3.9AI score0.03734EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/16 11:20 p.m.•40 views

Updated deluge packages fix security vulnerability

The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template fileCVE-2017-9031. Updated deluge package adds systemd services required to autostart deluge daemon and web service...

9.8CVSS3.9AI score0.02499EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/16 11:20 p.m.•40 views

Updated rsync package fixes security vulnerabilities

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

9.8CVSS5.5AI score0.03362EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•40 views

Updated postgresql packages fix security vulnerabilities

The startup log file for the postmaster in newer releases, "postgres" process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data CVE-2017-12172. Crash d...

8.1CVSS0.7AI score0.06324EPSS
Exploits0References7
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•40 views

Updated chromium-browser-stable packages fix security issues

Chromium-browser 62.0.3202.94 fixes security issues: Multiple flaws were found in the way Chromium 60 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.8CVSS8.1AI score0.26331EPSS
Exploits6References9
Mageia
Mageia
•added 2017/11/20 9:18 p.m.•40 views

Updated krb5 packages fix security vulnerabilities

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances CVE-2017-7562...

9.8CVSS2.4AI score0.0837EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/24 5:50 a.m.•40 views

Updated mysql-connector-java packages fix security vulnerabilities

Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code CVE-2017-3523. Two vulnerabilities have been found in the MySQL Connector/J JDBC driver CVE-2017-3586, CVE-2017-3589...

8.5CVSS3.4AI score0.02877EPSS
Exploits0References5
Mageia
Mageia
•added 2017/10/05 8:37 p.m.•40 views

Updated poppler packages fix security vulnerabilities

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry function in XRef.cc via a crafted PDF document. CVE-2017-14517 In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp,...

7.8CVSS2.3AI score0.01542EPSS
Exploits3References3
Mageia
Mageia
•added 2017/09/14 6:21 p.m.•40 views

Updated libsndfile packages fix security vulnerability

It was discovered that a Heap-based Buffer Overflow in the psfbinheaderwritef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

9.8CVSS6.6AI score0.03978EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/19 10:16 a.m.•40 views

Updated cvs package fixes security vulnerability

It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...

7.5CVSS4.7AI score0.05968EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/15 9:57 a.m.•40 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801,...

10CVSS3.9AI score0.04187EPSS
Exploits13References4
Mageia
Mageia
•added 2017/07/24 9:45 p.m.•40 views

Updated irssi packages fix security vulnerabilities

A malicious server could cause irssi to crash by providing an invalid timestamp CVE-2017-10965. Undefined behavior may be triggered when irssi updates the internal nick list CVE-2017-10966...

9.8CVSS3.1AI score0.03443EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/23 7:58 p.m.•40 views

Updated c-ares packages fix security vulnerability

The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way CVE-2017-1000381...

7.5CVSS3.2AI score0.0331EPSS
Exploits0References2
Mageia
Mageia
•added 2017/06/14 1:50 p.m.•40 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 26.0.0.126 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves use-after-free vulnerabilities and memory corruption vulnerabilities that could lead to...

10CVSS5.6AI score0.30886EPSS
Exploits3References2
Mageia
Mageia
•added 2017/03/25 4:56 p.m.•40 views

Updated freetype2 packages fix security vulnerability

The parsecharstrings function in type1/t1load.c in FreeType 2 did not ensure that a font contains a glyph name, which could allow remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file CVE-2016-10244...

7.8CVSS6.4AI score0.03235EPSS
Exploits1References3
Mageia
Mageia
•added 2017/01/13 10:32 a.m.•40 views

Updated php-ZendFramework2 packages fix security vulnerability

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they c...

9.8CVSS4.2AI score0.38438EPSS
Exploits10References4
Mageia
Mageia
•added 2016/12/08 7:33 a.m.•40 views

Updated ntp packages fix security vulnerabilities

When ntpd is configured with rate limiting for all associations restrict default limited in ntp.conf, the limits are applied also to responses received from its configured sources. An attacker who knows the sources e.g., from an IPv4 refid in server response and knows the system is misconfigured ...

7.5CVSS1AI score0.12367EPSS
Exploits2References6
Mageia
Mageia
•added 2016/10/06 7:47 p.m.•40 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-5257...

9.8CVSS3.9AI score0.04243EPSS
Exploits0References3
Mageia
Mageia
•added 2016/09/28 5:59 a.m.•40 views

Updated gnutls packages fix security vulnerability

An issue was found in certificate validation using OCSP responses caused by not verifying the serial length, which can falsely report a certificate as valid CVE-2016-7444...

7.5CVSS2.4AI score0.02437EPSS
Exploits0References4
Mageia
Mageia
•added 2016/09/25 3:45 p.m.•40 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.0.6, which fixes several security issues where a malformed packet trace could cause it to crash, and fixes several other bugs as well. See the release notes for details...

5.9CVSS3.6AI score0.02652EPSS
Exploits0References9
Mageia
Mageia
•added 2016/09/25 11:41 a.m.•40 views

Updated libarchive packages fix security vulnerability

The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with...

7.5CVSS2.4AI score0.04707EPSS
Exploits1References9
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•40 views

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

10CVSS0.6AI score0.0475EPSS
Exploits0References28
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•40 views

Updated python-django packages fix security vulnerability

It was discovered that Django is prone to a cross-site scripting vulnerability in the admin's add/change related popup CVE-2016-6186...

6.1CVSS1.2AI score0.05536EPSS
Exploits6References3
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•40 views

Updated postgresql packages fix security vulnerability

It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution CVE-2016-5423. It was found that PostgreSQL client programs mishandle database and role names...

8.3CVSS3.2AI score0.05962EPSS
Exploits0References4
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•40 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-2805, CVE-2016-2807, CVE-2016-2818. This update...

10CVSS5.6AI score0.04692EPSS
Exploits0References10
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•40 views

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P4, an error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1285. In ISC BIND before 9.10.3-P4, a problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in...

8.6CVSS1.4AI score0.621EPSS
Exploits0References5
Mageia
Mageia
•added 2016/02/19 8:40 a.m.•40 views

Updated nodejs packages fix security vulnerability

A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...

7.5CVSS1.9AI score0.07013EPSS
Exploits0References4
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•40 views

Updated python-pillow packages fix security vulnerability

A buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file CVE-2016-0740. A buffer overflow in FliDecode.c causing a segfault when opening FLI files CVE-2016-0775. A buffer overflow in PcdDecode.c causing a segfault...

6.5CVSS4.2AI score0.02689EPSS
Exploits0References4
Mageia
Mageia
•added 2016/01/21 6:9 a.m.•40 views

Updated kernel-linus packages fix security vulnerability

Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728...

7.8CVSS2.1AI score0.03646EPSS
Exploits14References1
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•40 views

Updated latex2rtf packages fix security vulnerability

A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable 'keywords' in the function CmdKeywords may hold a malicious input strin...

9.3CVSS7.8AI score0.03556EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/11 7:20 p.m.•40 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.548 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-7659. This...

10CVSS7.3AI score0.40682EPSS
Exploits4References1
Mageia
Mageia
•added 2015/10/15 7:50 p.m.•40 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: In Wireshark before 1.12.8, the pcapng file parser could crash while copying an interface filter. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet...

4.3CVSS5.6AI score0.03037EPSS
Exploits0References4
Mageia
Mageia
•added 2015/10/15 7:50 p.m.•40 views

Updated 389-ds-base packages fix security vulnerability

this bug has been fixed by upgrade to vers. 1.3.3.13 this fixes security issue Bug 16928 CVE-2015-3230 this is a maintenance update and fixes a lot of other issues - See upstream announcement...

7.5CVSS6.4AI score0.02573EPSS
Exploits0References4
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•40 views

Updated ruby-RubyGems packages fix security vulnerabilities

Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...

5CVSS8.2AI score0.08934EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•40 views

Updated openafs package fixes security vulnerabilities

Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...

6.8CVSS6.8AI score0.02081EPSS
Exploits0References10
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•40 views

Updated redis package fixes security vulnerability

It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...

10CVSS8.1AI score0.09636EPSS
Exploits2References2
Mageia
Mageia
•added 2015/05/23 6:53 p.m.•40 views

Updated kernel packages fix security vulnerabilities and bugs

Updated kernel fixes security, critical data corruption and pdata loss issues This kernel update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4 filesystem ha...

7.2CVSS7.9AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/11 8:10 p.m.•40 views

Updated libssh packages fix CVE-2015-3146

Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet whi...

7.5CVSS6.5AI score0.0391EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/08 11:54 p.m.•40 views

Updated wordpress packages fix security vulnerabilities

Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.6, which fixes multiple cross-site scripting issues, including CVE-2015-3440, and other bugs. Note that upstream has advised us that WordPress 3.9.x is no longer supported. As this...

4.3CVSS6.6AI score0.17945EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/05 1:36 p.m.•40 views

Updated gstreamer0.10-plugins-bad packages fix security vulnerabilities

Updated gstreamer0.10-plugins-bad packages fix security vulnerability: Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code CVE-2015-0797...

6.8CVSS8.2AI score0.0544EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/03 12:19 a.m.•40 views

Updated cherokee packages fix CVE-2014-4668

Updated cherokee packages fix security vulnerability: The cherokeevalidatorldapcheck function in validatorldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty...

6.8CVSS6.8AI score0.02844EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/18 11:1 p.m.•40 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.9, by modifying URL a logged in user can view the list of another user's contacts, number of unread messages and list of their courses CVE-2015-2266. In Moodle before 2.6.9, authentication in mdeploy can be bypassed. It i...

6.8CVSS6.3AI score0.03285EPSS
Exploits5References11
Total number of security vulnerabilities5000