Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2017/02/02 7:17 p.m.•39 views

Updated pdns-recursor packages fix security vulnerability

Florian Heinz and Martin Kluge reported that pdns-recursor parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service i...

7.8CVSS3.3AI score0.07294EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•39 views

Updated pdns packages fix security vulnerabilities

Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage of this flaw to crash server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record CVE-2016-2120. Florian Heinz and...

7.8CVSS1.6AI score0.07294EPSS
Exploits0References6
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•39 views

Updated unrtf package fixes security vulnerability

A Stack-based buffer overflow has been found in unrtf 0.21.9, which affects functions including cmdexpand, cmdemboss and cmdengrave CVE-2016-10091...

7.5CVSS4AI score0.02836EPSS
Exploits0References3
Mageia
Mageia
•added 2016/12/07 11:48 a.m.•39 views

Updated drupal packages fix security vulnerability

Inconsistent name for term access query; information on taxonomy terms might have been disclosed to unprivileged users CVE-2016-9449. Confirmation forms allow external URLs to be injected CVE-2016-9451...

6.8CVSS3.4AI score0.01957EPSS
Exploits0References21
Mageia
Mageia
•added 2016/11/04 9:24 a.m.•39 views

Updated bind packages fix security vulnerability

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-8864...

7.5CVSS2.1AI score0.38733EPSS
Exploits0References3
Mageia
Mageia
•added 2016/09/28 5:59 a.m.•39 views

Updated pdns packages fix security vulnerability

PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes CVE-2016-5426. PowerDNS Authoritative Server does not properly handle dot inside labels CVE-2016-5427. These issues allow a remote, unauthenticated attacker to cause an abnormal load on the PowerDNS backend ...

7.5CVSS1.6AI score0.62982EPSS
Exploits0References5
Mageia
Mageia
•added 2016/09/28 5:59 a.m.•39 views

Updated firefox/rootcerts/nss packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272,...

9.8CVSS4.3AI score0.05037EPSS
Exploits0References4
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•39 views

Updated nettle/nettle2.7 packages fix security vulnerability

The cryptographic library nettle had a potential information leak problem reported. RSA code is vulnerable to cache sharing related attacks CVE-2016-6489...

7.5CVSS3.6AI score0.05007EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•39 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.0.5, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

5.9CVSS2.9AI score0.0771EPSS
Exploits2References12
Mageia
Mageia
•added 2016/07/26 7:11 p.m.•39 views

Updated libgd packages fix security vulnerability

Updated libgd packages fix security vulnerabilities: A read out-of-bounds was found in the parsing of TGA files when the header reports an incorrect size CVE-2016-6132 or invalid bpp CVE-2016-6214 or RLE value upstream issue 248. Integer overflow error within gdContributionsAlloc CVE-2016-6207. A...

6.5CVSS1.9AI score0.06256EPSS
Exploits0References6
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•39 views

Updated libarchive packages fix security vulnerability

An out of bounds read in the rar parser: invalid read in function copyfromlzsswindow when unpacking malformed rar CVE-2015-8934. An exploitable heap overflow vulnerability exists in the 7zip readSubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow...

7.8CVSS7.7AI score0.04919EPSS
Exploits7References12
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•39 views

Updated squid packages fix CVE-2016-4051

Updated squid packages fix security vulnerability: Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. This problem allows any client to seed the Squid manager reports with data that will...

8.8CVSS3.1AI score0.16893EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/21 2:52 p.m.•39 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 50.0.2661.75 fixes security issues: Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary we...

10CVSS5.1AI score0.02573EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•39 views

Updated optipng packages fix security vulnerabilities

An updated optipng package fixes a number of bugs and security vulnerabilities. CVE-2015-7802 - Buffer over-read issue CVE-2016-2191 - An invalid write and segmentation fault may occur while processing bitmap images...

6.5CVSS6.6AI score0.03519EPSS
Exploits1References4
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•39 views

Updated filezilla packages fix security vulnerability

Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious server and...

9.8CVSS4.3AI score0.34216EPSS
Exploits4References4
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•39 views

Updated gnome-photos packages fix CVE-2013-7447

Updated gnome-photos package fixes security vulnerabilities: Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of gnome-photos CVE-2013-7447. A similar potential issue in viewhelperdraw in src/gegl-gtk-view-helper.c has also...

6.5CVSS2.5AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
•added 2016/02/09 7:5 p.m.•39 views

Updated jasper packages fix CVE-2016-1867

Updated jasper packages fix security vulnerabilities: The jpcpinextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG 2000 image CVE-2016-1867...

6.5CVSS5.4AI score0.02314EPSS
Exploits0References3
Mageia
Mageia
•added 2016/01/29 11:2 a.m.•39 views

Updated firefox packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-1930, CVE-2016-1935...

10CVSS4.1AI score0.05992EPSS
Exploits0References5
Mageia
Mageia
•added 2016/01/29 11:2 a.m.•39 views

Updated chromium-browser-stable packages fix security vulnerability

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...

9.3CVSS3.9AI score0.01662EPSS
Exploits1References3
Mageia
Mageia
•added 2016/01/21 6:9 a.m.•39 views

Updated kernel-tmb packages fix security vulnerability

Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728. Other fixes in this kernel update: - netfilter: nfnatredirect: add missing NULL pointer check...

7.8CVSS2AI score0.03646EPSS
Exploits14References1
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•39 views

Updated moodle packages fix security vulnerability

In Moodle before 2.8.10, web services coreenrolgetcourseenrolmentmethods and enrolselfgetinstanceinfo did not check user permission to access hidden courses CVE-2016-0724. In Moodle before 2.8.10, search string in course management interface was not escaped when being output creating potential fo...

6.1CVSS3AI score0.0194EPSS
Exploits0References5
Mageia
Mageia
•added 2015/12/24 11:8 a.m.•39 views

Updated keepassx packages fix CVE-2015-8378

Updated keepassx package fixes security vulnerability: Cancelling an export operation creates clear text copy of all of the user's KeePassX password database entries. CVE-2015-8378...

7.5CVSS7.6AI score0.0119EPSS
Exploits0References1
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•39 views

Updated libpng/libpng12 packages fix security vulnerability

Multiple buffer overflows in the pngsetPLTE and pnggetPLTE functions in libpng before 1.6.19 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a small bit-depth value in an IHDR aka image header chunk in a PNG image CVE-2015-8126...

7.5CVSS8.5AI score0.10339EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•39 views

Updated libtorrent-rasterbar packages fixes security vulnerability

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." Note while this CVE was reported against BitTorrent DHT Bootstrapt server, the same vulnerable code is available in...

7.5CVSS7.3AI score0.05511EPSS
Exploits0References2
Mageia
Mageia
•added 2015/10/25 2:38 p.m.•39 views

Updated nvidia driver packages fix security vulnerability

A vulnerability has been found in the nvidia proprietary driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kerne...

6.9CVSS6.2AI score0.00364EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•39 views

Updated openldap package fixes security vulnerability

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call in the bergetnext method in a/libraries/liblber/io.c that is hit when decoding tampered BER data CVE-2015-6908...

5CVSS5.6AI score0.19984EPSS
Exploits1References3
Mageia
Mageia
•added 2015/08/29 7:53 a.m.•39 views

Updated firefox package fixes security vulnerability

Updated firefox packages fix security vulnerabilities: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-4497. A flaw wa...

10CVSS9.5AI score0.08007EPSS
Exploits0References9
Mageia
Mageia
•added 2015/08/25 6:17 p.m.•39 views

Updated gnutls packages fix security vulnerabilities

It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import CVE-2015-0294. Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this fla...

7.5CVSS7.2AI score0.1903EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/03 8:55 p.m.•39 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.8.7, phishing is possible when redirecting to external site using referer headers in error messages CVE-2015-3272. In Moodle before 2.8.7, several web services returning user information did not clean text in text custom profile fields, leading to possible XSS CVE-2015-3274. In...

7.4CVSS6.6AI score0.01849EPSS
Exploits0References6
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•39 views

Updated springframework package fixes security vulnerability

In Spring Framework before 3.2.14, if DTD is not entirely disabled, inline DTD declarations can be used to perform denial of service attacks known as XML bombs. Such declarations are both well-formed and valid according to XML schema rules but when parsed can cause out of memory errors. To protec...

5.5CVSS6AI score0.02555EPSS
Exploits0References3
Mageia
Mageia
•added 2015/04/09 10:44 p.m.•39 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...

7.1CVSS6.3AI score0.0271EPSS
Exploits1References3
Mageia
Mageia
•added 2015/04/09 10:44 p.m.•39 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors CVE-2015-1233. Race condition ...

7.5CVSS7.9AI score0.05341EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/14 6:44 p.m.•39 views

Updated 389-ds-base packages fix security vulnerabilities

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

5CVSS5.7AI score0.02108EPSS
Exploits0References2
Mageia
Mageia
•added 2015/03/05 10:5 p.m.•39 views

Updated vlc package fixes security vulnerability

Updated vlc packages 2.1.6 are an upgrade with some fixes. Some of the problems fixed upstream were already fixed by a previous Mageia update to VLC see the link to MGASA-2015-0053. VLC versions before 2.1.5 contain a vulnerability in the transcode module that may allow a corrupted stream to...

9.8CVSS9.8AI score0.04985EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•39 views

Updated cpio package fixes security vulnerability

In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries...

8AI score
Exploits0References2
Mageia
Mageia
•added 2015/01/17 10:31 p.m.•39 views

Updated firefox and thunderbird packages fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it CVE-2014-8634. It was found that the Beacon interface...

7.5CVSS9.7AI score0.04158EPSS
Exploits0References9
Mageia
Mageia
•added 2015/01/09 4:44 p.m.•39 views

Updated gcab packages fix CVE-2015-0552

Updated gcab packages fix security vulnerability: Jakub Wilk reported a directory traversal vulnerability due to gcab not filtering leading slashes from paths in CAB files CVE-2015-0552...

6.4CVSS6.3AI score0.02791EPSS
Exploits1References2
Mageia
Mageia
•added 2015/01/08 12:36 p.m.•39 views

Updated libsndfile packages fix CVE-2014-9496

Updated libsndfile packages fix security vulnerabilities: libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service CVE-2014-9496...

2.1CVSS7.9AI score0.00586EPSS
Exploits1References4
Mageia
Mageia
•added 2014/12/05 3:54 p.m.•39 views

Updated tcpdump package fixes security vulnerability

It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2014-9140...

5CVSS9.8AI score0.05761EPSS
Exploits1References2
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•39 views

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoo...

6.5CVSS5.8AI score0.02725EPSS
Exploits3References5
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•39 views

Updated flash-player-plugin packages fix CVE-2014-8439

Adobe Flash Player 11.2.202.424 contains additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution CVE-2014-8439. A mitigation was previously introduced for this issue in a previous update MGASA-2014-0448...

10CVSS6.8AI score0.20008EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/09 2:6 p.m.•39 views

Updated cacti package fixes multiple security vulnerabilities

Updated cacti package fixes security vulnerabilities: Multiple security issues cross-site scripting, missing input sanitising and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems CVE-2014-5025, CVE-2014-5026, CVE-2014-5261, CVE-2014-5262...

7.5CVSS9.1AI score0.10773EPSS
Exploits3References2
Mageia
Mageia
•added 2014/09/24 4:44 p.m.•39 views

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to...

5CVSS7.9AI score0.07432EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•39 views

Updated italc package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The italc package is built with a bundled copy of minilzo, which is a part...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•39 views

Updated cups packages fix security vulnerability

In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd CVE-2014-3537. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index...

5CVSS9.4AI score0.02911EPSS
Exploits0References3
Mageia
Mageia
•added 2014/06/02 6:44 p.m.•39 views

Updated libtasn1 packages fix CVE-2014-3467-9

Updated libtasn1 packages fix security vulnerabilities: Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash CVE-2014-3467. It was...

7.5CVSS6AI score0.068EPSS
Exploits0References5
Mageia
Mageia
•added 2014/05/17 12:20 a.m.•39 views

Updated postgresql packages fix multiple vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

6.5CVSS9.5AI score0.06666EPSS
Exploits6References4
Mageia
Mageia
•added 2014/03/08 9:44 p.m.•39 views

Updated wireshark packages fix multiple vulnerabilies

The NFS dissector could crash CVE-2014-2281. The M3UA dissector could crash CVE-2014-2282. The RLC dissector could crash CVE-2014-2283. The MPEG file parser could overflow a buffer CVE-2014-2299...

9.3CVSS6.8AI score0.47422EPSS
Exploits11References7
Mageia
Mageia
•added 2014/02/27 10:0 p.m.•39 views

Updated subversion packages fix CVE-2014-0032

Updated subversion packages fix security vulnerability: The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via an OPTIONS request CVE-2014-0032. The package has been updated to version 1.8.8, which...

4.3CVSS8.3AI score0.11052EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/17 12:22 a.m.•39 views

Updated denyhosts package fixes security vulnerability

Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user ...

5CVSS1.1AI score0.08896EPSS
Exploits0References3
Total number of security vulnerabilities5000