Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2016/07/26 7:11 p.m.•37 views

Updated VirtualBox 5.1 packages fix security vulnerability

This update provides the new VirtualBox 5.1 series, currently based on 5.1.2 providing several perfomance enhancements The highlights include: VMM: new APIC and I/O APIC implementations that result in significantly improved performance in certain situations for example with networking VMM: activa...

5.5CVSS1AI score0.00388EPSS
Exploits0References2
Mageia
Mageia
•added 2016/06/17 5:58 a.m.•37 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.626 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-4144,...

10CVSS1.4AI score0.25419EPSS
Exploits8References2
Mageia
Mageia
•added 2016/05/29 1:55 p.m.•37 views

Updated phpmyadmin package fixes CVE-2016-5099

In phpMyAdmin before 4.4.15.6, a specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page CVE-2016-5099...

6.1CVSS4.1AI score0.01103EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•37 views

Updated libarchive packages fix CVE-2016-1541

Updated libarchive packages fix security vulnerability: Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive CVE-2016-1541. The...

8.8CVSS7.1AI score0.10284EPSS
Exploits1References3
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•37 views

Updated imlib2 packages fix security vulnerabilities

Updated imlib2 packages fix security vulnerabilities: An out-of-bounds read caused by an off-by-one error in imlibMergeUpdate in src/lib/updates.c in imlib2 1.4.8 and earlier CVE-2016-3993. An out-of-bounds read from colormap in the GIF loader in imlib2 1.4.8 and earlier can result in denial of...

8.2CVSS1.8AI score0.02915EPSS
Exploits0References4
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•37 views

Updated git packages fix security vulnerability

There is a buffer overflow vulnerability possibly leading to remote code execution in git. It can happen while pushing or cloning a repository with a large filename or a large number of nested trees CVE-2016-2315, CVE-2016-2324. The git package has been updated to version 2.7.4, which fixes this...

10CVSS2.5AI score0.18808EPSS
Exploits0References15
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•37 views

Updated cacti packages fix CVE-2016-2313

Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...

8.8CVSS3.7AI score0.02686EPSS
Exploits0References2
Mageia
Mageia
•added 2016/02/09 1:5 p.m.•37 views

Updated mbedtls/hiawatha/belle-sip/linphone/pdns packages fix security vulnerability

Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS. Heap-based buffer overflow in mbed TLS formerly PolarSSL 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code vi...

6.8CVSS8.6AI score0.03629EPSS
Exploits0References12
Mageia
Mageia
•added 2016/01/17 12:26 a.m.•37 views

Updated php packages fix security vulnerability

The php package has been updated to version 5.6.17, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

9.1CVSS3.3AI score0.07806EPSS
Exploits1References2
Mageia
Mageia
•added 2016/01/15 1:52 a.m.•37 views

Updated giflib packages fix security vulnerability

A heap-based buffer overflow vulnerability was found in giffix utility of giflib when processing records of the type 'IMAGEDESCRECORDTYPE' due to the allocated size of 'LineBuffer' equaling the value of the logical screen width, 'GifFileIn-SWidth', while subsequently having 'GifFileIn-Image.Width...

5.5CVSS6.5AI score0.01481EPSS
Exploits1References2
Mageia
Mageia
•added 2016/01/09 5:8 p.m.•37 views

Updated phpmyadmin packages fix security vulnerability

By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed CVE-2015-8669...

5.3CVSS5.6AI score0.02197EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/07 8:11 p.m.•37 views

Updated kernel packages fixes security vulnerability

This kernel update is based on the upstream 4.1.12 longterm kernel and fixes at least the following security issue: Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that,...

4.9CVSS8.4AI score0.00445EPSS
Exploits0References8
Mageia
Mageia
•added 2015/09/17 6:2 p.m.•37 views

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user...

6.8CVSS6.8AI score0.03037EPSS
Exploits0References4
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•37 views

Updated ruby-rack packages fix CVE-2015-3225

Updated ruby-rack packages fix security vulnerability: lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth CVE-2015-3225...

5CVSS6.2AI score0.07778EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•37 views

Updated polkit package fixes security vulnerabilities

Local privilege escalation in polkit before 0.113 due to predictable authentication session cookie values CVE-2015-4625. Various memory corruption vulnerabilities in polkit before 0.113 in the use of the JavaScript interpreter, possibly leading to local privilege escalation CVE-2015-3256. Memory...

4.6CVSS6.5AI score0.00415EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•37 views

Updated libvpx package fixes security vulnerability

libvpx before 1.4.0 allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data CVE-2015-1258...

7.5CVSS6.9AI score0.024EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/03 12:19 a.m.•37 views

Updated 389-ds-base packages fix CVE-2015-1854

Updated 389-ds-base packages fix security vulnerability: A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modification...

7.5CVSS7.4AI score0.02142EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/23 9:14 p.m.•37 views

Updated ntop packages fix CVE-2014-4165

Updated ntop package fixes security vulnerability: Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting XSS attacks against users of the web interface CVE-2014-4165...

4.3CVSS6.2AI score0.02094EPSS
Exploits1References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•37 views

Updated arj packages fix security vulnerabilities

Updated arj package fixes security vulnerabilities: ARJ follows symlinks when unpacking stuff, even the symlinks that were created during the same unpack process, making it vulnerable to a directory traversal CVE-2015-0556. To protect from directory traversals, ARJ strips leading slash from the...

7.5CVSS6.8AI score0.05889EPSS
Exploits2References2
Mageia
Mageia
•added 2015/03/23 11:58 p.m.•37 views

Updated tcpdump package fixes security vulnerabilities

Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service application crash or, potentially, execution of arbitrary code CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155...

7.5CVSS9.8AI score0.19028EPSS
Exploits5References2
Mageia
Mageia
•added 2015/03/05 7:34 p.m.•37 views

Updated python packages fix CVE-2014-9365

Updated python packages fix security vulnerability: When Python's standard library HTTP clients httplib, urllib, urllib2, xmlrpclib are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against th...

5.8CVSS7.6AI score0.03269EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•37 views

Updated ruby-sprockets packages fix CVE-2014-7819

Updated ruby-sprockets packages fix security vulnerabilities: Multiple directory traversal vulnerabilities in server.rb in Sprockets 2.12.x before 2.12.3, allow remote attackers to determine the existence of files outside the application root via a ../ dot dot slash sequence with double slashes o...

5CVSS6.5AI score0.0386EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•37 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.440 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe reports that CVE-2015-0311 is already being actively exploited in the wild via...

10CVSS7.1AI score0.8582EPSS
Exploits5References2
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•37 views

Updated util-linux packages fix CVE-2014-9114

Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and oth...

7.8CVSS7.9AI score0.00648EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/05 3:54 p.m.•37 views

Updated phpmyadmin package fixes CVE-2014-9218

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.8, with very long passwords it was possible to initiate a denial of service attack on phpMyAdmin CVE-2014-9218...

5CVSS9AI score0.11055EPSS
Exploits4References2
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•37 views

Updated flash-player-plugin packages fix CVE-2014-8439

Adobe Flash Player 11.2.202.424 contains additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution CVE-2014-8439. A mitigation was previously introduced for this issue in a previous update MGASA-2014-0448...

10CVSS6.8AI score0.20008EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/12 9:56 a.m.•37 views

Updated php packages fix security vulnerability

An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash CVE-2014-3710. PHP uses an embedded copy of file's libmagic library, and was therefore affected. It has been...

5CVSS7.4AI score0.14013EPSS
Exploits0References2
Mageia
Mageia
•added 2014/10/28 11:33 a.m.•37 views

Updated wget packages fix CVE-2014-4877

Updated wget package fixes security vulnerability: Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP CVE-2014-4877. The default settings in wget have been changed...

9.3CVSS7AI score0.39883EPSS
Exploits4References2
Mageia
Mageia
•added 2014/10/28 11:33 a.m.•37 views

Updated nginx packages fix CVE-2014-3616

Updated nginx package fixes security vulnerability: Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position...

4.3CVSS6.2AI score0.05654EPSS
Exploits0References2
Mageia
Mageia
•added 2014/10/23 1:27 p.m.•37 views

Updated ejabberd packages fix security vulnerability

A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760...

5CVSS6.4AI score0.01314EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•37 views

Updated libvncserver and remmina packages fix security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/22 10:58 a.m.•37 views

Updated krb5 package fixes security vulnerabilities

MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session CVE-2014-4341, CVE-2014-4342. MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL...

8.5CVSS9.2AI score0.08085EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•37 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses CVE-2014-4914...

9.8CVSS9.8AI score0.02313EPSS
Exploits0References3
Mageia
Mageia
•added 2014/06/06 10:27 a.m.•37 views

Updated wordpress package fixes multiple vulnerabilities

Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php CVE-2014-0165. The wpvalidateauthcookie...

6.4CVSS6.3AI score0.0893EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/06 5:49 a.m.•37 views

Updated libcap-ng packages fix CVE-2014-3215

Updated libcap-ng packages fix security vulnerability: capnglock in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without...

6.9CVSS6.6AI score0.00357EPSS
Exploits0References2
Mageia
Mageia
•added 2014/05/22 5:17 p.m.•37 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation CVE-2014-1740. John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation...

7.5CVSS6.8AI score0.01648EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/03 4:37 p.m.•37 views

Updated openssl packages fix CVE-2014-0198

Updated openssl packages fix security vulnerability: A null pointer dereference bug in OpenSSL 1.0.1g and earlier in sossl3write could possibly allow an attacker to cause generate an SSL alert which would cause OpenSSL to crash, resulting in a denial of service CVE-2014-0198...

4.3CVSS7.6AI score0.43828EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/02 5:52 p.m.•37 views

Updated bugzilla package fixes CVE-2014-1517

Updated bugzilla packages fix security vulnerability: The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information...

4CVSS5.8AI score0.01314EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/17 8:20 p.m.•37 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerability: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a...

5CVSS2.8AI score0.0304EPSS
Exploits1References5
Mageia
Mageia
•added 2014/04/03 1:29 p.m.•37 views

Updated mediawiki packages fix CVE-2014-2665

Updated mediawiki packages fix security vulnerability: Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity CVE-2014-2665. MediaWiki has been...

4CVSS7.7AI score0.0106EPSS
Exploits1References3
Mageia
Mageia
•added 2014/04/03 12:33 a.m.•37 views

Updated libyaml package fixes security vulnerability

Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application t...

6.8CVSS8.3AI score0.09264EPSS
Exploits2References2
Mageia
Mageia
•added 2014/03/23 9:10 a.m.•37 views

Updated samba packages fix security vulnerability

In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

5CVSS2.5AI score0.10642EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/26 6:23 p.m.•37 views

Updated lxc packages fix security vulnerability

Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host CVE-2013-6441...

7.2CVSS2.3AI score0.00498EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/21 6:10 p.m.•37 views

Updated imagemagick package fixes security vulnerabilities

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running...

8.8CVSS8.7AI score0.11055EPSS
Exploits0References4
Mageia
Mageia
•added 2014/02/17 12:25 a.m.•37 views

Updated rawtherapee package fixes security vulnerability

Due to flaws in the embedded copy of dcraw in rawtherapee, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference CVE-2013-1438...

4.3CVSS1.6AI score0.02059EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/11 10:13 p.m.•37 views

Updated chrony package fixes security vulnerability

Updated chrony package fixes security vulnerability: In the chrony control protocol some replies are significantly larger than their requests, which allows an attacker to use it in an amplification attack CVE-2014-0021. Note: in the default configuration, cmdallow is restricted to localhost, so...

7.5CVSS7.6AI score0.03801EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/21 4:23 p.m.•37 views

Updated nss packages fix security vulnerability

Updated nss packages fix security vulnerability: The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509...

5.8CVSS3.8AI score0.01929EPSS
Exploits1References2
Mageia
Mageia
•added 2013/11/30 9:42 p.m.•37 views

Updated quassel package fixes security vulnerability

Security vulnerability in Quassel before 0.9.2 through which a manipulated, but properly authenticated client was able to retrieve the backlog of other users on the same core in some cases CVE-2013-6404...

4CVSS3.6AI score0.02059EPSS
Exploits1References4
Mageia
Mageia
•added 2013/11/22 6:49 p.m.•37 views

Updated qemu package fixes security vulnerability

A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code...

7.2CVSS2.6AI score0.00434EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/20 8:28 p.m.•37 views

Updated poppler packages fix multiple vulnerabilities

Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application...

7.5CVSS3.9AI score0.10483EPSS
Exploits1References2
Total number of security vulnerabilities5000