Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2016/09/25 11:41 a.m.•40 views

Updated libarchive packages fix security vulnerability

The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with...

7.5CVSS2.4AI score0.04707EPSS
Exploits1References9
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•40 views

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

10CVSS0.6AI score0.0475EPSS
Exploits0References28
Mageia
Mageia
•added 2016/08/09 8:58 a.m.•40 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 52.0.2743.116 fixes security issues: two heap overflow issues in pdfium CVE-2016-5139 and CVE-2016-5140; an address bar spoofing problem CVE-2016-5141; a use-after-free bug CVE-2016-5142 and a same origin bypass problem CVE-2016-5145 in blink; two parameter sanitization...

9.8CVSS2.3AI score0.01849EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•40 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-2805, CVE-2016-2807, CVE-2016-2818. This update...

10CVSS5.6AI score0.04692EPSS
Exploits0References10
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•40 views

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P4, an error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1285. In ISC BIND before 9.10.3-P4, a problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in...

8.6CVSS1.4AI score0.621EPSS
Exploits0References5
Mageia
Mageia
•added 2016/01/21 6:9 a.m.•40 views

Updated kernel-linus packages fix security vulnerability

Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728...

7.8CVSS2.1AI score0.03646EPSS
Exploits14References1
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•40 views

Updated bugzilla packages fix security vulnerability

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...

7.5CVSS5AI score0.03371EPSS
Exploits3References7
Mageia
Mageia
•added 2015/11/11 7:20 p.m.•40 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.548 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-7659. This...

10CVSS7.3AI score0.40682EPSS
Exploits4References1
Mageia
Mageia
•added 2015/10/15 7:50 p.m.•40 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: In Wireshark before 1.12.8, the pcapng file parser could crash while copying an interface filter. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet...

4.3CVSS5.6AI score0.03037EPSS
Exploits0References4
Mageia
Mageia
•added 2015/10/15 7:50 p.m.•40 views

Updated 389-ds-base packages fix security vulnerability

this bug has been fixed by upgrade to vers. 1.3.3.13 this fixes security issue Bug 16928 CVE-2015-3230 this is a maintenance update and fixes a lot of other issues - See upstream announcement...

7.5CVSS6.4AI score0.02573EPSS
Exploits0References4
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•40 views

Updated ruby-RubyGems packages fix security vulnerabilities

Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...

5CVSS8.2AI score0.08934EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•40 views

Updated openafs package fixes security vulnerabilities

Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...

6.8CVSS6.8AI score0.02081EPSS
Exploits0References10
Mageia
Mageia
•added 2015/05/23 6:53 p.m.•40 views

Updated kernel packages fix security vulnerabilities and bugs

Updated kernel fixes security, critical data corruption and pdata loss issues This kernel update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4 filesystem ha...

7.2CVSS7.9AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/05 1:36 p.m.•40 views

Updated gstreamer0.10-plugins-bad packages fix security vulnerabilities

Updated gstreamer0.10-plugins-bad packages fix security vulnerability: Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code CVE-2015-0797...

6.8CVSS8.2AI score0.0544EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/03 12:19 a.m.•40 views

Updated cherokee packages fix CVE-2014-4668

Updated cherokee packages fix security vulnerability: The cherokeevalidatorldapcheck function in validatorldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty...

6.8CVSS6.8AI score0.02844EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/18 11:1 p.m.•40 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.9, by modifying URL a logged in user can view the list of another user's contacts, number of unread messages and list of their courses CVE-2015-2266. In Moodle before 2.6.9, authentication in mdeploy can be bypassed. It i...

6.8CVSS6.3AI score0.03285EPSS
Exploits5References11
Mageia
Mageia
•added 2015/01/31 1:23 p.m.•40 views

Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs

Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack CVE-2013-7252. This...

5CVSS2.8AI score0.02147EPSS
Exploits1References6
Mageia
Mageia
•added 2015/01/31 1:23 p.m.•40 views

Updated libvirt packages fix CVE-2015-0236

Updated libvirt packages fix security vulnerability: The XML getters for save images and snapshots objects don't check ACLs for the VIRDOMAINXMLSECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to...

3.5CVSS6.6AI score0.01802EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/17 10:31 p.m.•40 views

Updated python-django and python-django14 packages fix security vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...

5CVSS6.5AI score0.06783EPSS
Exploits3References3
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•40 views

Updated castor packages fix CVE-2014-3004

Updated castor packages fix security vulnerability: The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document CVE-2014-3004...

4.3CVSS8.7AI score0.07794EPSS
Exploits3References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•40 views

Updated erlang packages fix security vulnerabilities

Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP command...

7.5CVSS9.7AI score0.02193EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/23 8:35 p.m.•40 views

Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

9.8CVSS9.5AI score0.63178EPSS
Exploits5References3
Mageia
Mageia
•added 2014/12/05 4:59 p.m.•40 views

Updated jasper packages fix CVE-2014-9029

Updated jasper packages fix security vulnerability: Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service application crash or the execution of arbitrary code CVE-2014-9029...

7.5CVSS7.1AI score0.18404EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•40 views

Updated libreoffice packages fix security vulnerability

"Document as E-mail" vulnerability bnc900218. It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2014-3693...

7.5CVSS7.6AI score0.04955EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/14 1:24 a.m.•40 views

Updated libreoffice packages fix security vulnerability

A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible...

4.3CVSS6.2AI score0.09864EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/09 2:39 p.m.•40 views

Updated rsyslog packages fix CVE-2014-3634

Updated rsyslog packages fix security vulnerability: Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial ...

7.5CVSS7.8AI score0.07546EPSS
Exploits1References4
Mageia
Mageia
•added 2014/09/24 4:44 p.m.•40 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: RTP dissector crash CVE-2014-6421, CVE-2014-6422. MEGACO dissector infinite loop CVE-2014-6423. Netflow dissector crash CVE-2014-6424. RTSP dissector crash CVE-2014-6427. SES dissector crash CVE-2014-6428. Sniffer file parser crash...

5CVSS6.6AI score0.03409EPSS
Exploits0References9
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•40 views

Updated python-imaging & python-pillow packages fix CVE-2014-3589

Updated python-imaging and python-pillow packages fix security vulnerabilities: The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin CVE-2014-3589...

5CVSS6.9AI score0.03587EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•40 views

Updated polarssl packages fix security vulnerability

A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute...

5CVSS6.7AI score0.02427EPSS
Exploits0References4
Mageia
Mageia
•added 2014/07/26 12:57 p.m.•40 views

Updated cacti package fixes security vulnerabilities

Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been found in Cacti CVE-2014-2326, CVE-2014-2328, CVE-2014-2708, CVE-2014-2709, CVE-2014-4002...

7.5CVSS7.2AI score0.04957EPSS
Exploits3References2
Mageia
Mageia
•added 2014/07/09 11:21 p.m.•40 views

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...

7.5CVSS6.6AI score0.23024EPSS
Exploits4References2
Mageia
Mageia
•added 2014/06/20 7:41 p.m.•40 views

Updated sendmail packages fix CVE-2014-3956

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...

1.9CVSS6.4AI score0.0063EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/11 4:56 p.m.•40 views

Updated iceape packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service memory corruption and...

9.8CVSS9.7AI score0.07543EPSS
Exploits7References11
Mageia
Mageia
•added 2014/02/27 10:3 p.m.•40 views

Updated imapsync package fixes CVE-2014-2014

Updated imapsync package fixes security vulnerability: In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login CVE-2014-2014...

4.3CVSS6.4AI score0.01549EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/21 6:18 p.m.•40 views

Updated libtar package fixes security vulnerability

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...

5.8CVSS4.8AI score0.03277EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/31 4:42 p.m.•40 views

Updated libmicrohttpd package fixes security vulnerabilities

The MHDhttpunescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service crash via unspecified vectors that trigger an out-of-bounds read CVE-2013-7038. Stack-based buffer overflow in the MHDdigestauthcheck function in...

6.4CVSS6.6AI score0.03277EPSS
Exploits0References3
Mageia
Mageia
•added 2013/12/20 5:29 p.m.•40 views

Updated gnupg package fixes CVE-2013-4576

Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...

2.1CVSS3.2AI score0.00451EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/30 9:35 p.m.•40 views

Updated drupal package fixes security vulnerabilities

Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations CVE-2013-6385. Drupal core directly used the mtrand pseudorandom number...

6.8CVSS0.03072EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/20 8:36 p.m.•40 views

Updated lighttpd packages fix multiple security vulnerbilities

Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the...

7.6CVSS0.7AI score0.10721EPSS
Exploits1References5
Mageia
Mageia
•added 2013/10/25 9:7 p.m.•40 views

Updated x11-server packages fix CVE-2013-4396

Updated x11-server packages fix security vulnerability: Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code vi...

6.5CVSS6.3AI score0.04077EPSS
Exploits0References4
Mageia
Mageia
•added 2013/10/05 5:58 p.m.•40 views

Updated proftpd package fixes security vulnerability

A bug in ProFTPd's modsftp and modsftppam modules can be used to trigger a large heap allocation and exhaust all available system memory of the underlying operating system CVE-2013-4359...

5CVSS1.3AI score0.02985EPSS
Exploits2References2
Mageia
Mageia
•added 2013/09/24 9:43 p.m.•40 views

Updated libtiff package fixes security vulnerability

A possible heap-based buffer overflow flaw was found in the readgifimage function in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code...

6.8CVSS5.6AI score0.07814EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/22 6:1 p.m.•40 views

Updated rubygem-passenger package fixes CVE-2013-4136 & apache module

Updated rubygem-passenger package fixes security vulnerability: It was reported that Phusion Passenger would reuse existing server instance directories temporary directories which could cause Passenger to remove or overwrite files belonging to other instances CVE-2013-4136. Additionally, the...

4.4CVSS2.1AI score0.00329EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/21 8:57 a.m.•40 views

Updated mediawiki packages fix security vulnerability

MediaWiki user Marco discovered that security checks for file uploads were not being run when the file was uploaded in chunks through the API. This option has been available to users who can upload files since MediaWiki 1.19 CVE-2013-2114...

6.8CVSS3AI score0.02344EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/06 2:12 p.m.•40 views

Updated axis package fixes security vulnerability

Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name CVE-2012-578...

5.8CVSS2.8AI score0.05722EPSS
Exploits1References2
Mageia
Mageia
•added 2013/06/19 10:20 a.m.•40 views

Updated php package fixes several issues

Fixed php bug 64879 Heap based buffer overflow in quotedprintableencode, CVE-2013-2110. Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang...

5CVSS4.5AI score0.06748EPSS
Exploits1References4
Mageia
Mageia
•added 2026/05/14 2:43 a.m.•39 views

Updated redis packages fix security vulnerabilities

CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...

8.8CVSS6.5AI score0.02995EPSS
Exploits4References4
Mageia
Mageia
•added 2025/05/13 8:56 p.m.•39 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Better TLS connection support. CVE-2025-21587 Improve compiler transformations. CVE-2025-30691 Enhance Buffered Image handling. CVE-2025-30698 The updated timezone data are needed by the new Java packages...

7.4CVSS7.6AI score0.0073EPSS
Exploits0References6
Mageia
Mageia
•added 2025/03/03 9:39 p.m.•39 views

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities

Use-after-free of the root cursor. CVE-2025-26594 Buffer overflow in XkbVModMaskText. CVE-2025-26595 Heap overflow in XkbWriteKeySyms. CVE-2025-26596 Buffer overflow in XkbChangeTypesOfKey. CVE-2025-26597 Out-of-bounds write in CreatePointerBarrierClient. CVE-2025-26598 Use of uninitialized point...

7.8CVSS7.4AI score0.00485EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/20 8:1 p.m.•39 views

Updated dcmtk packages fix security vulnerabilities

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...

8.4CVSS7.1AI score0.0061EPSS
Exploits2References2
Total number of security vulnerabilities5000