Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2020/05/05 12:20 p.m.37 views

Updated teeworlds packages fix security vulnerabilities

Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...

9.8CVSS1.6AI score0.02957EPSS
Exploits0References4
Mageia
Mageia
added 2020/04/15 10:12 a.m.37 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: The BACapp dissector could crash CVE-2020-11647...

7.5CVSS1.4AI score0.03322EPSS
Exploits0References4
Mageia
Mageia
added 2020/04/01 1:56 a.m.37 views

Updated sympa packages fix security vulnerability

Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service disk consumption from temporary files, and a flood of notifications to listmasters via a series of requests with malformed parameters CVE-2020-9369...

7.5CVSS5.4AI score0.02843EPSS
Exploits0References2
Mageia
Mageia
added 2020/02/13 10:49 a.m.37 views

Updated python-waitress packages fix security vulnerabilities

Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...

8.2CVSS0.9AI score0.02714EPSS
Exploits1References2
Mageia
Mageia
added 2020/01/05 3:37 p.m.37 views

Updated openconnect packages fix security vulnerability

Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes CVE-2019-16239...

9.8CVSS1.5AI score0.03445EPSS
Exploits0References2
Mageia
Mageia
added 2019/12/25 7:8 p.m.37 views

Updated libofx packages fix security vulnerability

Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump CVE-2019-9656...

8.8CVSS2.2AI score0.02141EPSS
Exploits1References2
Mageia
Mageia
added 2019/10/23 9:6 p.m.37 views

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup CVE-2019-16738...

5.3CVSS2.5AI score0.01768EPSS
Exploits1References3
Mageia
Mageia
added 2019/09/15 2:45 p.m.37 views

Updated openldap packages fix security vulnerabilities

Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations CVE-2019-13057. It was discovered th...

7.5CVSS1.2AI score0.05015EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.37 views

Updated monit packages fix security vulnerabilities

Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...

8.1CVSS2AI score0.03138EPSS
Exploits2References2
Mageia
Mageia
added 2019/08/31 1:22 p.m.37 views

Updated pango packages fix security vulnerability

Updated pango package fixes security vulnerability: It was discovered that pango was subject to a heap based buffer overflow vulnerability which could be used to get code execution CVE-2019-1010238...

9.8CVSS1.5AI score0.06274EPSS
Exploits1References3
Mageia
Mageia
added 2019/06/21 1:7 a.m.37 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin package fixes a security vulnerability: A use after free that leads to arbitrary code execution. CVE-2019-7845...

8.8CVSS2.6AI score0.05504EPSS
Exploits0References2
Mageia
Mageia
added 2019/05/12 9:35 a.m.37 views

Updated qt4 packages fix security vulnerability

Updated qt4 packages fix security vulnerability: A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp CVE-2018-19872...

5.5CVSS2.1AI score0.01384EPSS
Exploits1References2
Mageia
Mageia
added 2019/04/10 9:25 p.m.37 views

Updated libvirt packages fix security vulnerability

NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. CVE-2019-3840...

6.3CVSS3.2AI score0.0151EPSS
Exploits1References2
Mageia
Mageia
added 2019/04/05 6:12 p.m.37 views

Updated python-yaml packages fix security vulnerability

It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...

9.8CVSS3.5AI score0.06031EPSS
Exploits1References2
Mageia
Mageia
added 2019/03/14 9:39 p.m.37 views

Updated hiawatha packages fix security vulnerability

Verison 10.8.4 fixed a vulnerability which allowed a remote atacker to perform directory traversal when AllowDotFiles was enabled CVE-2019-8358...

8.1CVSS5.6AI score0.01499EPSS
Exploits0References2
Mageia
Mageia
added 2019/02/14 8:38 a.m.37 views

Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS6.6AI score0.07501EPSS
Exploits0References2
Mageia
Mageia
added 2019/01/31 10:55 p.m.37 views

Updated libvorbis packages fix security vulnerabilities

The vorbis library version 1.3.6 fix security vulnerabilities: - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbisblockclear function in lib/block.c - CVE-2017-11333 libvorbis: Memory exhaustion in vorbisanalysiswrote function in lib/block.c...

5.5CVSS3.7AI score0.04838EPSS
Exploits3References4
Mageia
Mageia
added 2019/01/30 7:39 p.m.37 views

Updated bluez packages fix security vulnerability

A buffer overflow in pincodereplydump function CVE-2016-9800. A buffer overflow in setextctrl function CVE-2016-9801. A buffer overflow in commandsdump function CVE-2016-9804...

5.3CVSS4AI score0.02923EPSS
Exploits3References3
Mageia
Mageia
added 2019/01/05 6:30 p.m.37 views

Updated pdns packages fix security vulnerabilities

A vulnerability was in found in PowerDNS Authoritative Server. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows an authorized user to...

7.5CVSS2.6AI score0.06041EPSS
Exploits0References4
Mageia
Mageia
added 2018/11/15 10:4 p.m.37 views

Updated ruby-rack packages fix security vulnerability

There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack CVE-2018-1647...

6.1CVSS0.6AI score0.01816EPSS
Exploits0References2
Mageia
Mageia
added 2018/10/19 6:0 p.m.37 views

Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack appear to be exploitable via...

9.8CVSS5.1AI score0.02955EPSS
Exploits0References1
Mageia
Mageia
added 2018/06/14 6:14 p.m.37 views

Updated leptonica packages fix security vulnerabilities

This update fixes a security issue potential injection attack using gplot rootdir originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0...

9.8CVSS3AI score0.03739EPSS
Exploits1References4
Mageia
Mageia
added 2018/02/26 11:40 p.m.37 views

Updated jhead package fixes security vulnerability

Updated jhead package fixes security vulnerability: An integer underflow bug in the processEXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecifie...

5.5CVSS4.4AI score0.01138EPSS
Exploits0References2
Mageia
Mageia
added 2018/02/02 12:33 p.m.37 views

Updated sox packages fix security vulnerability

There is a heap-based buffer overflow in the ImaExpandS function of imarw.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file CVE-2017-15370. There is a reachable assertion abort in the function soxappendcomment in formats.c i...

5.5CVSS4.7AI score0.01717EPSS
Exploits2References2
Mageia
Mageia
added 2018/01/24 10:37 p.m.37 views

Updated bind packages fix security vulnerability

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...

7.5CVSS2.2AI score0.27725EPSS
Exploits0References3
Mageia
Mageia
added 2018/01/21 9:31 p.m.37 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution CVE-2017-1000422...

8.8CVSS4.9AI score0.02021EPSS
Exploits0References3
Mageia
Mageia
added 2018/01/12 7:49 p.m.37 views

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. CVE-2017-14632 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

9.8CVSS4.1AI score0.05705EPSS
Exploits0References2
Mageia
Mageia
added 2018/01/03 10:32 a.m.37 views

Updated gimp packages fix security vulnerability

Several vulnerabilities were discovered in the GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789...

7.8CVSS3.2AI score0.01952EPSS
Exploits1References2
Mageia
Mageia
added 2018/01/01 3:50 p.m.37 views

Updated gstreamer0.10-plugins-ugly/gstreamer1.0-plugins-ugly packages fix security vulnerability

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened CVE-2017-5846, CVE-2017-5847...

7.5CVSS3.9AI score0.03734EPSS
Exploits0References3
Mageia
Mageia
added 2018/01/01 1:17 a.m.37 views

Updated ldns packages fix security vulnerabilities

Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-1000231, CVE-2017-1000232...

9.8CVSS3.2AI score0.02653EPSS
Exploits1References2
Mageia
Mageia
added 2017/12/21 6:18 p.m.37 views

Updated mariadb packages fix security vulnerabilities

Difficult to exploit vulnerability in MariaDB Server allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all...

6.5CVSS4.3AI score0.03264EPSS
Exploits0References4
Mageia
Mageia
added 2017/10/18 8:19 p.m.37 views

Updated libxfont packages fix security vulnerabilities

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS2.5AI score0.00442EPSS
Exploits0References3
Mageia
Mageia
added 2017/10/05 8:8 p.m.37 views

Updated open-vm-tools packages fix security vulnerability

It was discovered that open-vm-tools has multiple /tmp race conditions in the libDeployPkg component, allowing an unprivileged local user in a guest to cause a denial of service through file system manipulation, or, possibly, increase privileges CVE-2015-5191...

6.7CVSS6.7AI score0.00331EPSS
Exploits0References2
Mageia
Mageia
added 2017/09/21 1:43 p.m.37 views

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service CVE-2016-10198. A crafted mp4 file could have caused an invalid read and thus corruption or denial of service CVE-2016-10199. A crafted AVI file could have caused an invalid read and thus corruptio...

7.5CVSS2.4AI score0.04717EPSS
Exploits0References4
Mageia
Mageia
added 2017/08/25 8:35 p.m.37 views

Updated heimdal packages fix security vulnerability

Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 CVE-2017-6594. Note, this may break sites that rely on the bug. With the bug some...

7.5CVSS1.6AI score0.01759EPSS
Exploits0References2
Mageia
Mageia
added 2017/08/13 1:36 p.m.37 views

Updated heimdal packages fix security vulnerability

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks CVE-2017-11103...

8.1CVSS3.6AI score0.05118EPSS
Exploits0References2
Mageia
Mageia
added 2017/08/03 7:5 p.m.37 views

Updated spice packages fix security vulnerability

A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses leading to parts of server memory being leaked or a crash CVE-2017-7506. The Mageia 5 package has...

8.8CVSS2.8AI score0.04204EPSS
Exploits0References5
Mageia
Mageia
added 2017/07/22 9:36 a.m.37 views

Updated gnutls packages fix security vulnerabilities

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10. CVE-2017-7869 GnuTLS version 3.5.1...

7.5CVSS3.9AI score0.0341EPSS
Exploits0References4
Mageia
Mageia
added 2017/07/13 9:10 a.m.37 views

Updated cairo packages fix security vulnerability

It was discovered that there was a possible DoS attack in Cairo. An SVG could generate invalid pointers from a cairoimagesurface in writepng CVE-2016-9082...

5.5CVSS3.4AI score0.01995EPSS
Exploits0References2
Mageia
Mageia
added 2017/06/29 9:40 p.m.37 views

Updated golang packages fix security vulnerability

A carry propagation issue was found in the P-256 implementation for x86-64 in golang CVE-2017-8932...

5.9CVSS2.5AI score0.02225EPSS
Exploits0References2
Mageia
Mageia
added 2017/05/01 7:41 p.m.37 views

Updated squirrelmail packages fix security vulnerability

Squirrelmail version 1.4.22 and probably prior is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server CVE-2017-7692...

9CVSS5.5AI score0.32156EPSS
Exploits7References2
Mageia
Mageia
added 2017/03/03 10:9 a.m.37 views

Updated ming packages fix security vulnerability

Global-buffer-overflow in printMP3Headers. CVE-2016-9264 Divide-by-zero in printMP3Headers. CVE-2016-9265 Left shift in listmp3.c. CVE-2016-9266 Heap-based buffer overflow in iprintf. CVE-2016-9827 NULL pointer dereference in dumpBuffer. CVE-2016-9828 Heap-based buffer overflow in...

7.8CVSS3.5AI score0.02131EPSS
Exploits4References8
Mageia
Mageia
added 2017/02/23 2:58 p.m.37 views

Updated spice packages fix security vulnerability

An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. CVE-2016-9578...

8.8CVSS2.4AI score0.03844EPSS
Exploits0References2
Mageia
Mageia
added 2017/02/20 1:0 p.m.37 views

Updated netpbm packages fix security vulnerability

Version 10.73.07 fixes security vulnerabilities: Out-of-bounds write in writeRasterPbm CVE-2017-2581 Out-of-bounds read in expandCodeOntoStack CVE-2017-2579 Out-of-bounds write of heap data in addPixelToRaster CVE-2017-2580 Null pointer dereference in stringToUint CVE-2017-2586 Insufficient size...

7.8CVSS3AI score0.01614EPSS
Exploits0References2
Mageia
Mageia
added 2017/02/07 1:34 p.m.37 views

Updated icoutils packages fix security vulnerability

Multiple programming errors in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333...

8.8CVSS5.8AI score0.03591EPSS
Exploits0References4
Mageia
Mageia
added 2016/11/21 10:18 p.m.37 views

Updated libxslt packages fix security vulnerability

A heap overread bug was found in libxslt, which can cause arbitrary code execution or denial of service CVE-2016-4738...

9.3CVSS2.8AI score0.04147EPSS
Exploits0References2
Mageia
Mageia
added 2016/10/23 10:32 a.m.37 views

Updated guile packages fix security vulnerability

The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions CVE-2016-8605. GNU Guile, an...

9.8CVSS0.7AI score0.04092EPSS
Exploits0References4
Mageia
Mageia
added 2016/10/12 1:46 p.m.37 views

The updated packages fix a security vulnerability

Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...

9.8CVSS6.4AI score0.05101EPSS
Exploits0References2
Mageia
Mageia
added 2016/08/09 8:58 a.m.37 views

Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252,...

9.8CVSS4AI score0.04577EPSS
Exploits3References15
Mageia
Mageia
added 2016/07/26 7:11 p.m.37 views

Updated VirtualBox 5.1 packages fix security vulnerability

This update provides the new VirtualBox 5.1 series, currently based on 5.1.2 providing several perfomance enhancements The highlights include: VMM: new APIC and I/O APIC implementations that result in significantly improved performance in certain situations for example with networking VMM: activa...

5.5CVSS1AI score0.00388EPSS
Exploits0References2
Total number of security vulnerabilities5000