Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2019/11/30 1:6 p.m.•39 views

Updated zipios++ packages fix security vulnerability

Updated zipios++ packages fix security vulnerability: Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources CVE-2019-13453...

6.5CVSS2.1AI score0.02026EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•39 views

Updated clamav packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. CVE-2019-12625 BZ2decompress in decompress.c...

9.8CVSS3.1AI score0.08042EPSS
Exploits0References5
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•39 views

Updated fribidi packages fix security vulnerability

Updated fribidi packages fix security vulnerability: A stack buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text conten...

7.8CVSS4.7AI score0.02182EPSS
Exploits0References2
Mageia
Mageia
•added 2019/09/27 7:38 p.m.•39 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 77.0.3865.90 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.75: one in the UI component CVE-2019-13685, two in the media component CVE-2019-13688, CVE-2019-13687, and one in the offline pages component CVE-2019-13686...

8.8CVSS2.7AI score0.00914EPSS
Exploits0References2
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•39 views

Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code execution in the context of the current user. CVE-2019-8069 Use after free that leads to arbitrary code execution in the context of the current user. CVE-2019-8070...

10CVSS3.2AI score0.06054EPSS
Exploits0References2
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•39 views

Updated sigil packages fix security vulnerability

Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem CVE-2019-14452...

7.5CVSS2AI score0.03694EPSS
Exploits0References2
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•39 views

Updated libgcrypt packages fix security vulnerability

Updated libgcrypt packages fix security vulnerability: ECDSA timing side-channel attack vulnerability CVE-2019-13627...

6.3CVSS2.3AI score0.0051EPSS
Exploits0References2
Mageia
Mageia
•added 2019/08/18 12:39 p.m.•39 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

8.8CVSS3.6AI score0.0217EPSS
Exploits0References5
Mageia
Mageia
•added 2019/05/07 9:38 p.m.•39 views

Updated putty/filezilla/wxgtk packages fix security vulnerability

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification CVE-2019-9894. In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding CVE-2019-9895. Multiple...

9.8CVSS2.5AI score0.03937EPSS
Exploits0References5
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•39 views

Updated libarchive packages fix security vulnerability

libarchive contains an out-of-bounds read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be exploitable via the victim opening a specially crafted 7zip file CVE-2019-1000019. libarchive contains...

6.5CVSS4.5AI score0.03407EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/03 7:36 p.m.•39 views

Updated firefox packages fix security vulnerabilities

Use-after-free parsing HTML5 stream CVE-2018-18500. Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 CVE-2018-18501. Privilege escalation through IPC channel messages CVE-2018-18505...

10CVSS3.2AI score0.12658EPSS
Exploits1References5
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•39 views

Updated zeromq packages fix security vulnerability

CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow...

9CVSS3.8AI score0.09444EPSS
Exploits2References1
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•39 views

Updated perl-Email-Address package fixes security vulnerability

The parse method in the Email::Address module through 1.912 for Perl can consume a large amount of resources on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f" CVE-2018-12558...

7.5CVSS4.6AI score0.0265EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•39 views

Updated openafs packages fix security vulnerabilities

Jeffrey Altman reported that the backup tape controller butc process does accept incoming RPCs but does not require or allow for authentication of those RPCs, allowing an unauthenticated attacker to perform volume operations with administrator credentials CVE-2018-16947. Mark Vitale reported that...

9.8CVSS2.2AI score0.03075EPSS
Exploits0References6
Mageia
Mageia
•added 2018/10/19 6:36 p.m.•39 views

Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. CVE-2018-17961 Saved execution stacks can leak operator arrays. CVE-2018-18073 1Policy operator gives access to .forceput. CVE-2018-18284...

8.6CVSS1.8AI score0.16288EPSS
Exploits3References5
Mageia
Mageia
•added 2018/09/20 11:17 p.m.•39 views

Updated libx11 packages fix security vulnerabilities

Updated libx11 packages fix security vulnerabilities: An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS...

9.8CVSS2.5AI score0.09341EPSS
Exploits0References4
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•39 views

Updated libraw packages fix security vulnerabilities

This update provides libraw 0.18.13 fixing at least the following security issues: LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcrawcommon.cpp:parseqt function. An attacker could exploit this to cause an infinite loop via a specially crafted Apple...

7.1CVSS5.6AI score0.02194EPSS
Exploits0References4
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•39 views

Updated libxcursor packages fix security vulnerability

Updated libxcursor packages fix security vulnerability XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. CVE-2015-9262...

9.8CVSS9.2AI score0.05907EPSS
Exploits0References3
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•39 views

Updated gnupg2 packages fix security vulnerability

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234...

7.5CVSS2.5AI score0.02082EPSS
Exploits0References1
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•39 views

Updated 389-ds-base packages fix security vulnerability

389-ds-base did not properly handle characters needed to be escaped in its query filter. This could result in buffer overflows, from the heap or the stack, on larger filters. An unauthenticated attacker could send a specially crafted LDAP request and crash the server CVE-2018-1089...

7.5CVSS4.1AI score0.04294EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/10 8:47 p.m.•39 views

Updated mbedtls and related packages fix security vulnerabilities

The mbedtls package has been updated to fix several security issues. Fixed a heap corruption issue in the implementation of the truncated HMAC extension. When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet could be used to selectively corrupt 6 byt...

9.8CVSS2.7AI score0.04884EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•39 views

Updated libvpx packages fix security vulnerability

A flaw was found in libvpx related to odd frame width, which may lead to a denial of service CVE-2017-13194...

7.8CVSS2.2AI score0.01805EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•39 views

Updated thunderbird packages fix security vulnerability

Integer overflow in Skia library during edge builder allocation. CVE-2018-5095 Use-after-free while editing form elements. CVE-2018-5096 Use-after-free when source document is manipulated during XSLT. CVE-2018-5097 Use-after-free while manipulating form input elements. CVE-2018-5098 Use-after-fre...

9.8CVSS1.9AI score0.07262EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/31 8:47 p.m.•39 views

Updated rsync package fixes security vulnerability

It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code CVE-2018-5764...

7.5CVSS4.6AI score0.06337EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/24 10:37 p.m.•39 views

Updated bind packages fix security vulnerability

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...

7.5CVSS2.2AI score0.27725EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/21 6:18 p.m.•39 views

Updated flash-player-plugin packages fix security vulnerability

A regression affecting Adobe Flash Player version 27.0.0.187 and earlier versions causes the unintended reset of the global settings preference file when a user clears browser data. CVE-2017-11305...

6.5CVSS4.3AI score0.03642EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/20 9:18 p.m.•39 views

Updated botan packages fix security vulnerability

In the Montgomery exponentiation code, a table of precomputed values is used. An attacker able to analyze which cache lines were accessed perhaps via an active attack such as Prime+Probe could recover information about the exponent CVE-2017-14737...

5.5CVSS3.4AI score0.00318EPSS
Exploits0References3
Mageia
Mageia
•added 2017/11/08 10:43 p.m.•39 views

Updated openssl packages fix security vulnerabilities

If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format CVE-2017-3735. There is a carry propagating bug in the x8664 Montgomery squaring procedure...

6.5CVSS2.1AI score0.17699EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•39 views

Updated xmlsec1 packages fix security vulnerability

It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service CVE-2017-1000061...

7.1CVSS2.2AI score0.01341EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/21 8:28 p.m.•39 views

Updated nasm packages fix security vulnerabilities

Multiple heap use after free vulnerabilities CVE-2017-10686. Heap-based buffer overflow and application crash CVE-2017-11111...

7.8CVSS1.4AI score0.02946EPSS
Exploits1References2
Mageia
Mageia
•added 2017/07/30 8:17 a.m.•39 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.16.6, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.08059EPSS
Exploits29References3
Mageia
Mageia
•added 2017/06/01 9:25 p.m.•39 views

Updated openvpn packages fix security vulnerability

It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service server or client crash CVE-2017-7478. It was discovered that OpenVPN improperly triggered an assert when packe...

7.5CVSS3.4AI score0.13892EPSS
Exploits2References3
Mageia
Mageia
•added 2017/05/07 8:20 p.m.•39 views

Updated libarchive packages fix security vulnerabilities

The archivewstringappendfrommbs function in archivestring.c in libarchive 3.2.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive file. CVE-2016-10209 The archivele32dec function in archiveendian.h in libarchive 3.2.2 allows...

5.5CVSS4.9AI score0.0191EPSS
Exploits1References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•39 views

Updated openjpeg packages fix security vulnerability

Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2016-51...

8.8CVSS5.8AI score0.07114EPSS
Exploits2References2
Mageia
Mageia
•added 2017/04/04 6:44 a.m.•39 views

Updated pidgin packages fix security vulnerability

A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side CVE-2017-2640. The pidgin package has been updated to version 2.12.0, which fixes this issue...

9.8CVSS1.9AI score0.06258EPSS
Exploits0References4
Mageia
Mageia
•added 2017/03/25 4:56 p.m.•39 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin installs latest version for the flash plugin from adobe. See the referenced security bulletin for details...

9.3CVSS3AI score0.0836EPSS
Exploits1References2
Mageia
Mageia
•added 2017/03/23 7:19 a.m.•39 views

Updated icoutils packages fix security vulnerability

Multiple vulnerabilities were discovered in the icotool CVE-2017-6010, CVE-2017-6011 and wrestool CVE-2017-6009 tools of icoutils, a set of programs that deal with MS Windows icons and cursors, which may result in denial of service or the execution of arbitrary code if a malformed .ico or .exe fi...

5.5CVSS4.8AI score0.01538EPSS
Exploits3References3
Mageia
Mageia
•added 2017/02/02 7:17 p.m.•39 views

Updated pdns-recursor packages fix security vulnerability

Florian Heinz and Martin Kluge reported that pdns-recursor parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service i...

7.8CVSS3.3AI score0.07294EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•39 views

Updated pdns packages fix security vulnerabilities

Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record CVE-2016-2120. Florian Heinz and...

7.8CVSS1.6AI score0.07294EPSS
Exploits0References6
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•39 views

Updated unrtf package fixes security vulnerability

A Stack-based buffer overflow has been found in unrtf 0.21.9, which affects functions including cmdexpand, cmdemboss and cmdengrave CVE-2016-10091...

7.5CVSS4AI score0.02836EPSS
Exploits0References3
Mageia
Mageia
•added 2016/12/29 10:29 a.m.•39 views

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application CVE-2016-9634,...

9.8CVSS3.6AI score0.09192EPSS
Exploits4References3
Mageia
Mageia
•added 2016/12/07 11:48 a.m.•39 views

Updated drupal packages fix security vulnerability

Inconsistent name for term access query; information on taxonomy terms might have been disclosed to unprivileged users CVE-2016-9449. Confirmation forms allow external URLs to be injected CVE-2016-9451...

6.8CVSS3.4AI score0.01957EPSS
Exploits0References21
Mageia
Mageia
•added 2016/11/04 9:24 a.m.•39 views

Updated bind packages fix security vulnerability

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-8864...

7.5CVSS2.1AI score0.38733EPSS
Exploits0References3
Mageia
Mageia
•added 2016/09/28 5:59 a.m.•39 views

Updated pdns packages fix security vulnerability

PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes CVE-2016-5426. PowerDNS Authoritative Server does not properly handle dot inside labels CVE-2016-5427. These issues allow a remote, unauthenticated attacker to cause an abnormal load on the PowerDNS backend ...

7.5CVSS1.6AI score0.62982EPSS
Exploits0References5
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•39 views

Updated nettle/nettle2.7 packages fix security vulnerability

The cryptographic library nettle had a potential information leak problem reported. RSA code is vulnerable to cache sharing related attacks CVE-2016-6489...

7.5CVSS3.6AI score0.05007EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/09 8:58 a.m.•39 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 52.0.2743.116 fixes security issues: two heap overflow issues in pdfium CVE-2016-5139 and CVE-2016-5140; an address bar spoofing problem CVE-2016-5141; a use-after-free bug CVE-2016-5142 and a same origin bypass problem CVE-2016-5145 in blink; two parameter sanitization...

9.8CVSS2.3AI score0.01849EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•39 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.0.5, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

5.9CVSS2.9AI score0.0771EPSS
Exploits2References12
Mageia
Mageia
•added 2016/07/26 7:11 p.m.•39 views

Updated libgd packages fix security vulnerability

Updated libgd packages fix security vulnerabilities: A read out-of-bounds was found in the parsing of TGA files when the header reports an incorrect size CVE-2016-6132 or invalid bpp CVE-2016-6214 or RLE value upstream issue 248. Integer overflow error within gdContributionsAlloc CVE-2016-6207. A...

6.5CVSS1.9AI score0.06256EPSS
Exploits0References6
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•39 views

Updated libarchive packages fix security vulnerability

An out of bounds read in the rar parser: invalid read in function copyfromlzsswindow when unpacking malformed rar CVE-2015-8934. An exploitable heap overflow vulnerability exists in the 7zip readSubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow...

7.8CVSS7.7AI score0.04919EPSS
Exploits7References12
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•39 views

Updated squid packages fix CVE-2016-4051

Updated squid packages fix security vulnerability: Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. This problem allows any client to seed the Squid manager reports with data that will...

8.8CVSS3.1AI score0.16893EPSS
Exploits0References2
Total number of security vulnerabilities5000