Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/08/27 3:52 p.m.•37 views

Updated libx11 packages fix security vulnerability

There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free CVE-2020-14363...

7.8CVSS3.7AI score0.00575EPSS
Exploits1References4
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•37 views

Updated targetcli packages fix security vulnerability

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...

5.5CVSS3.2AI score0.00335EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/05 7:48 p.m.•37 views

Updated ntp packages fix security vulnerability

Updated ntp packages fix security vulnerability: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC...

4.9CVSS5.1AI score0.03357EPSS
Exploits0References3
Mageia
Mageia
•added 2020/06/10 10:57 p.m.•37 views

Updated libarchive packages fix security vulnerability

Updated libarchive packages fix security vulnerability: archivereadsupportformatlha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted LHA archive...

5AI score
Exploits0References5
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•37 views

Updated clamav packages fix security vulnerabilities

Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...

7.5CVSS1.3AI score0.05063EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•37 views

Updated teeworlds packages fix security vulnerabilities

Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...

9.8CVSS1.6AI score0.02957EPSS
Exploits0References4
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•37 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: The BACapp dissector could crash CVE-2020-11647...

7.5CVSS1.4AI score0.03322EPSS
Exploits0References4
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•37 views

Updated sympa packages fix security vulnerability

Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service disk consumption from temporary files, and a flood of notifications to listmasters via a series of requests with malformed parameters CVE-2020-9369...

7.5CVSS5.4AI score0.02843EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/13 10:49 a.m.•37 views

Updated python-waitress packages fix security vulnerabilities

Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...

8.2CVSS0.9AI score0.02714EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•37 views

Updated python-reportlab packages fix security vulnerability

A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution CVE-2019-17626...

9.8CVSS6.4AI score0.10231EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•37 views

Updated openconnect packages fix security vulnerability

Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes CVE-2019-16239...

9.8CVSS1.5AI score0.03445EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•37 views

Updated libofx packages fix security vulnerability

Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump CVE-2019-9656...

8.8CVSS2.2AI score0.02141EPSS
Exploits1References2
Mageia
Mageia
•added 2019/10/23 9:6 p.m.•37 views

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup CVE-2019-16738...

5.3CVSS2.5AI score0.01768EPSS
Exploits1References3
Mageia
Mageia
•added 2019/09/15 2:45 p.m.•37 views

Updated openldap packages fix security vulnerabilities

Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations CVE-2019-13057. It was discovered th...

7.5CVSS1.2AI score0.05015EPSS
Exploits0References2
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•37 views

Updated monit packages fix security vulnerabilities

Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...

8.1CVSS2AI score0.03138EPSS
Exploits2References2
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•37 views

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The cod...

8.6CVSS2.3AI score0.04022EPSS
Exploits0References3
Mageia
Mageia
•added 2019/08/18 12:39 p.m.•37 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

8.8CVSS3.6AI score0.0217EPSS
Exploits0References5
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•37 views

Updated qt4 packages fix security vulnerability

Updated qt4 packages fix security vulnerability: A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp CVE-2018-19872...

5.5CVSS2.1AI score0.01384EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•37 views

Updated squirrelmail packages fix security vulnerability

Updated squirellmail packages to fix a XSS-security issue...

6.1CVSS2AI score0.01426EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•37 views

Updated libvirt packages fix security vulnerability

NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. CVE-2019-3840...

6.3CVSS3.2AI score0.0151EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•37 views

Updated python-yaml packages fix security vulnerability

It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...

9.8CVSS3.5AI score0.06031EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•37 views

Updated hiawatha packages fix security vulnerability

Verison 10.8.4 fixed a vulnerability which allowed a remote atacker to perform directory traversal when AllowDotFiles was enabled CVE-2019-8358...

8.1CVSS5.6AI score0.01499EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•37 views

Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS6.6AI score0.07501EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/31 10:55 p.m.•37 views

Updated libvorbis packages fix security vulnerabilities

The vorbis library version 1.3.6 fix security vulnerabilities: - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbisblockclear function in lib/block.c - CVE-2017-11333 libvorbis: Memory exhaustion in vorbisanalysiswrote function in lib/block.c...

5.5CVSS3.7AI score0.04838EPSS
Exploits3References4
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•37 views

Updated bluez packages fix security vulnerability

A buffer overflow in pincodereplydump function CVE-2016-9800. A buffer overflow in setextctrl function CVE-2016-9801. A buffer overflow in commandsdump function CVE-2016-9804...

5.3CVSS4AI score0.02923EPSS
Exploits3References3
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•37 views

Updated pdns packages fix security vulnerabilities

A vulnerability was in found in PowerDNS Authoritative Server. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows an authorized user to...

7.5CVSS2.6AI score0.06041EPSS
Exploits0References4
Mageia
Mageia
•added 2018/11/15 10:4 p.m.•37 views

Updated ruby-rack packages fix security vulnerability

There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack CVE-2018-1647...

6.1CVSS0.6AI score0.01816EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/26 6:47 p.m.•37 views

Updated exempi packages fix security vulnerability

It was found that the WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBPSupport.hpp in Exempi 2.4.5 has a NULL pointer dereference CVE-2018-12648...

7.5CVSS2AI score0.02271EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•37 views

Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack appear to be exploitable via...

9.8CVSS5.1AI score0.02955EPSS
Exploits0References1
Mageia
Mageia
•added 2018/10/14 12:58 a.m.•37 views

Updated nextcloud packages fix security vulnerability

Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...

5.4CVSS2.5AI score0.00769EPSS
Exploits0References4
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•37 views

Updated leptonica packages fix security vulnerabilities

This update fixes a security issue potential injection attack using gplot rootdir originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0...

9.8CVSS3AI score0.03739EPSS
Exploits1References4
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•37 views

Updated firefox packages fix security vulnerability

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash CVE-2018-6126...

8.8CVSS2AI score0.07666EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•37 views

Updated gnupg2 packages fix security vulnerability

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234...

7.5CVSS2.5AI score0.02082EPSS
Exploits0References1
Mageia
Mageia
•added 2018/02/26 11:40 p.m.•37 views

Updated jhead package fixes security vulnerability

Updated jhead package fixes security vulnerability: An integer underflow bug in the processEXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecifie...

5.5CVSS4.4AI score0.01138EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/26 4:23 p.m.•37 views

Updated qpdf packages fix security vulnerabilities

Updated qpdf packages fix security vulnerabilities: 1. Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral 2. Another stack overflow / endless recursion in QPDFWriter::enqueueObject 3. Stack out of bounds read in iteraterc4 4. heap out of bounds read large in...

7.8CVSS3.6AI score0.01804EPSS
Exploits4References3
Mageia
Mageia
•added 2018/01/24 10:37 p.m.•37 views

Updated bind packages fix security vulnerability

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...

7.5CVSS2.2AI score0.27725EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/21 9:31 p.m.•37 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution CVE-2017-1000422...

8.8CVSS4.9AI score0.02021EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•37 views

Updated gimp packages fix security vulnerability

Several vulnerabilities were discovered in the GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789...

7.8CVSS3.2AI score0.01952EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/01 3:50 p.m.•37 views

Updated gstreamer0.10-plugins-ugly/gstreamer1.0-plugins-ugly packages fix security vulnerability

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened CVE-2017-5846, CVE-2017-5847...

7.5CVSS3.9AI score0.03734EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/01 1:17 a.m.•37 views

Updated ldns packages fix security vulnerabilities

Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-1000231, CVE-2017-1000232...

9.8CVSS3.2AI score0.02653EPSS
Exploits1References2
Mageia
Mageia
•added 2017/12/21 6:18 p.m.•37 views

Updated mariadb packages fix security vulnerabilities

Difficult to exploit vulnerability in MariaDB Server allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all...

6.5CVSS4.3AI score0.03264EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/18 8:19 p.m.•37 views

Updated libxfont packages fix security vulnerabilities

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS2.5AI score0.00442EPSS
Exploits0References3
Mageia
Mageia
•added 2017/10/05 8:8 p.m.•37 views

Updated open-vm-tools packages fix security vulnerability

It was discovered that open-vm-tools has multiple /tmp race conditions in the libDeployPkg component, allowing an unprivileged local user in a guest to cause a denial of service through file system manipulation, or, possibly, increase privileges CVE-2015-5191...

6.7CVSS6.7AI score0.00331EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/21 1:43 p.m.•37 views

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service CVE-2016-10198. A crafted mp4 file could have caused an invalid read and thus corruption or denial of service CVE-2016-10199. A crafted AVI file could have caused an invalid read and thus corruptio...

7.5CVSS2.4AI score0.04717EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/25 8:35 p.m.•37 views

Updated libice packages fix security vulnerability

libICE depends on arc4random to generate the session cookies, thereby using a weak mechanism to generate entropy CVE-2017-2626...

5.5CVSS1.4AI score0.00464EPSS
Exploits2References2
Mageia
Mageia
•added 2017/08/25 8:35 p.m.•37 views

Updated heimdal packages fix security vulnerability

Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 CVE-2017-6594. Note, this may break sites that rely on the bug. With the bug some...

7.5CVSS1.6AI score0.01759EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/13 1:36 p.m.•37 views

Updated heimdal packages fix security vulnerability

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks CVE-2017-11103...

8.1CVSS3.6AI score0.05118EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/12 10:13 a.m.•37 views

Updated krb5 packages fix security vulnerability

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request CVE-2017-11368...

6.5CVSS3.6AI score0.02397EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•37 views

Updated spice packages fix security vulnerability

A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses leading to parts of server memory being leaked or a crash CVE-2017-7506. The Mageia 5 package has...

8.8CVSS2.8AI score0.04204EPSS
Exploits0References5
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•37 views

Updated cairo packages fix security vulnerability

It was discovered that there was a possible DoS attack in Cairo. An SVG could generate invalid pointers from a cairoimagesurface in writepng CVE-2016-9082...

5.5CVSS3.4AI score0.01995EPSS
Exploits0References2
Total number of security vulnerabilities5000