Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/11/15 3:45 p.m.•36 views

Updated libexif packages fix a security vulnerability

In exifentrygetvalue of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for...

9.8CVSS3.8AI score0.03189EPSS
Exploits0References3
Mageia
Mageia
•added 2020/11/13 9:20 p.m.•36 views

Updated packagekit packages fix a security vulnerability

It was discovered that packagekit was subject to a vulnerability where the InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the...

3.3CVSS3.8AI score0.00462EPSS
Exploits1References2
Mageia
Mageia
•added 2020/11/13 9:20 p.m.•36 views

Updated firefox and thunderbird packages fix a security vulnerability

Write side effects in MCallGetProperty opcode not accounted for. In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. CVE-2020-26950 Also some bugfix for Thunderbird have been added. See upstream release...

9.3CVSS1.6AI score0.42327EPSS
Exploits4References6
Mageia
Mageia
•added 2020/10/13 12:39 p.m.•36 views

Updated mariadb packages fix security vulnerability

This update fixes CVE-2020-15180...

9CVSS2.3AI score0.05539EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•36 views

Updated python-ipaddress package fixes security vulnerability

Hash collisions in IPv4Interface and IPv6Interface could lead to DOS CVE-2020-14422...

5.9CVSS1.1AI score0.12826EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•36 views

Updated libssh packages fix security vulnerability

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service CVE-2020-16135...

5.9CVSS3.2AI score0.04105EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/05 3:53 p.m.•36 views

Updated docker packages fix security vulnerability

Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a...

6CVSS2.6AI score0.02839EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•36 views

Updated tor packages fix security vulnerabilities

Updated tor package fixes security vulnerabilities: Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service CPU consumption CVE-2020-10592. Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service memory leak. This occurs in circpadsetupmachineoncirc because a...

7.8CVSS6.1AI score0.03146EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•36 views

Updated weechat packages fix security vulnerabilities

Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 0.4.0 to 2.7 are affected. A malformed message 352 who can cause a NULL pointer dereference in the callback function, resulting in a crash CVE-2020-9759. An issue was discovered in WeeChat befor...

9.8CVSS1AI score0.02193EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/18 3:27 p.m.•36 views

Updated sleuthkit packages fix security vulnerability

Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c CVE-2020-10232...

9.8CVSS4.3AI score0.02419EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•36 views

Updated glib2.0 packages fix security vulnerability

The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may...

5.9CVSS0.6AI score0.02174EPSS
Exploits1References3
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•36 views

Updated ruby-rake packages fix security vulnerability

Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character CVE-2020-8130...

6.9CVSS2.8AI score0.01359EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•36 views

Updated fontforge packages fix security vulnerabilities

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c CVE-2020-5395 FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c CVE-2020-5496...

8.8CVSS3.4AI score0.02478EPSS
Exploits2References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•36 views

Updated hunspell packages fix security vulnerability

Updated hunspell packages fix security vulnerability: Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx CVE-2019-16707...

6.5CVSS1.6AI score0.01656EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/24 12:24 p.m.•36 views

Updated libmirage packages fix security vulnerabilities

Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user CVE-2019-15540. NULL pointer dereference in the NRG parser CVE-2019-15757...

7.8CVSS4.4AI score0.01588EPSS
Exploits2References1
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•36 views

Updated sysstat packages fix security vulnerability

Updated sysstat package fixes security vulnerability: Memory corruption due to an integer overflow CVE-2019-16167...

5.5CVSS3.6AI score0.01533EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•36 views

Updated QT stack fix security vulnerability

This update provides the 5.12.6 QT stack maintenance release and fixes the following security issue: An out-of-bounds memory access in the generateDirectionalRuns function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an...

4.3CVSS5.1AI score0.0205EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•36 views

Updated libjpeg packages fix security vulnerability

The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. CVE-2019-2201...

9.3CVSS3.8AI score0.02461EPSS
Exploits0References4
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•36 views

Updated zeromq packages fix security vulnerability

A security vulnerability has been reported in libzmq/zeromq. a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer...

9.8CVSS3.7AI score0.42464EPSS
Exploits1References4
Mageia
Mageia
•added 2019/10/23 9:6 p.m.•36 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 77.0.3865.120 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component CVE-2019-13693, one in the WebRTC component CVE-2019-13694, one in the audio component CVE-2019-13695, and one in the V8 component CVE-2019-13696. A...

8.8CVSS1.8AI score0.01243EPSS
Exploits0References2
Mageia
Mageia
•added 2019/10/16 10:22 p.m.•36 views

Updated e2fsprogs packages fix security vulnerability

Updated e2fsprogs packages fix security vulnerability: Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code CVE-2019-5094. The...

7.5CVSS3.1AI score0.01105EPSS
Exploits1References3
Mageia
Mageia
•added 2019/09/21 4:4 p.m.•36 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition CVE-2019-10197. An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference CVE-2019-12435 A...

9.1CVSS1.5AI score0.03182EPSS
Exploits0References8
Mageia
Mageia
•added 2019/09/15 2:45 p.m.•36 views

Updated kconfig packages fix security vulnerability

Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file e.g. if it's embedded into a downloaded archive and it gets opened in a file...

7.8CVSS2.5AI score0.04069EPSS
Exploits1References3
Mageia
Mageia
•added 2019/08/31 1:22 p.m.•36 views

Updated wavpack packages fix security vulnerabilities

Updated wavpack packages fixes security vulnerabilities: It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service CVE-2019-11498. Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An...

6.5CVSS2.4AI score0.03044EPSS
Exploits4References3
Mageia
Mageia
•added 2019/07/10 10:44 a.m.•36 views

Updated microcode package fixes security vulnerability

Secure Encrypted Virtualization SEV on Advanced Micro DevicesAMD Platform Security Processor PSP; aka AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation. This update provides Amd SEV Firmware to 0.17 build 22 CVE-2019-9836. It also updates the...

5.3CVSS1.7AI score0.01609EPSS
Exploits1References1
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•36 views

Updated thunderbird packages fix security vulnerabilities

The updated thunderbird packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. CVE-2019-11703 Heap buffer overflow in icalvalue.c. CVE-2019-11704 Stack buffer overflow in icalrecur.c. CVE-2019-11705 Type confusion in icalproperty.c. CVE-2019-11706...

9.8CVSS2.5AI score0.10527EPSS
Exploits14References7
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•36 views

Updated dovecot packages fix security vulnerability

CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files...

8.8CVSS3.1AI score0.01178EPSS
Exploits0References3
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•36 views

Updated ming packages fix security vulnerability

The printDefineFont2 function util/listfdb.c in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. CVE-2018-6358 There is a heap-based buffer overflow in the getString...

8.8CVSS4AI score0.0192EPSS
Exploits6References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•36 views

Updated pdns packages fix security vulnerability

Updated pdns packages fix security vulnerability: An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode without post=1 set, allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured...

8.8CVSS2AI score0.1286EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•36 views

Updated python-gnupg packages fix security vulnerability

When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...

7.5CVSS2.6AI score0.08548EPSS
Exploits2References2
Mageia
Mageia
•added 2019/02/17 5:17 p.m.•36 views

Updated flash-player-plugin packages fix security vulnerability

Information disclosure in the context of the current user. CVE-2019-7090...

6.5CVSS1.5AI score0.04795EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/31 10:55 p.m.•36 views

Updated gitolite packages fixes security vulnerability

In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P CVE-2018-20683...

8.1CVSS5.3AI score0.02009EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/11 9:7 p.m.•36 views

Updated python-django packages fix security vulnerability

An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the...

6.5CVSS2.2AI score0.03685EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/10 10:53 a.m.•36 views

Updated krb5 packages fix security vulnerability

An authenticated user who can obtain a TGT using an older encryption type DES, DES3, or RC4 can cause an assertion failure in the KDC by sending an S4U2Self request CVE-2018-20217...

5.3CVSS1.7AI score0.01417EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/06 4:41 p.m.•36 views

Updated dcraw packages fix security vulnerability

A NULL pointer dereference flaw was found in the way dcraw processed images. An attacker could potentially use this flaw to crash dcraw by tricking it into processing crafted images CVE-2018-5801...

6.5CVSS2.6AI score0.02039EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•36 views

Updated ldb, talloc, and samba packages fix security vulnerabilities

Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service CVE-2018-14629. Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC's KDC when configured to accept smart-card...

6.5CVSS1.9AI score0.05192EPSS
Exploits1References18
Mageia
Mageia
•added 2018/11/11 9:9 p.m.•36 views

Updated audiofile packages fix security vulnerabilities

A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup allows for denial of service via crafted file CVE-2018-13440. A Heap-based buffer overflow was found in Expand3To4Module::run when running sfconvert CVE-2018-17095...

8.8CVSS4AI score0.04654EPSS
Exploits2References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•36 views

Updated clamav packages fix security vulnerability

The updated clamav packages fix a security vulnerability: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition on an affected device CVE-2018-15378...

5.5CVSS3.6AI score0.01315EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•36 views

Updated ansible packages fix security vulnerability

Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...

5.9CVSS1.2AI score0.03088EPSS
Exploits0References3
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•36 views

Updated corosync packages fix security vulnerability

An integer overflow leading to an out-of-bound read was found in authenticatenss23 in Corosync. An attacker could craft a malicious packet that would lead to a denial of service CVE-2018-1084...

7.5CVSS4.3AI score0.03172EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•36 views

Updated golang packages fix security vulnerability

A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS7AI score0.63229EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•36 views

Updated perl packages fix security vulnerabilities

Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written CVE-2018-6797. Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially...

9.8CVSS1.8AI score0.10866EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•36 views

Updated python-pycrypto packages fix security vulnerability

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

7.5CVSS0.0211EPSS
Exploits1References4
Mageia
Mageia
•added 2018/03/07 8:37 p.m.•36 views

Updated 389-ds-base packages fix CVE-2018-1054

389-ds-base has been updated to fix a security issue. A flaw was found in 389 Directory Server that affects all versions. An improper handling of the search feature with an extended filter, when read access on is enabled, in SetUnicodeStringFromUTF8 function in collate.c, can lead to out-of-bound...

7.5CVSS3.5AI score0.04817EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•36 views

Updated dovecot packages fix security vulnerability

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...

7.5CVSS1.6AI score0.0312EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/12 7:49 p.m.•36 views

Updated irssi packages fix security vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...

9.8CVSS2.5AI score0.02439EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 6:52 p.m.•36 views

Updated gdm packages fix security vulnerability

Updated gdm packages fix security vulnerability: A flaw was discovered in the gdm where gdm greeter was no longer setting the ranonce boolean during autologin. If autologin was enable for a victim, an attacker could simply select 'login as another user' to unlock their screen CVE-2017-12164...

6.9CVSS1.9AI score0.00385EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•36 views

Updated connman packages fix security vulnerability

Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service...

9.8CVSS2.7AI score0.05519EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/02 3:2 p.m.•36 views

Updated mad packages fix security vulnerability

The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file CVE-2017-8373. The madbitskip function in bit.c in Underbit...

7.8CVSS6AI score0.02538EPSS
Exploits2References5
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•36 views

Updated memcached packages fix security vulnerability

The tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read CVE-2017-9951...

7.5CVSS6.2AI score0.04166EPSS
Exploits1References2
Total number of security vulnerabilities5000