Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2019/01/31 10:55 p.m.36 views

Updated gitolite packages fixes security vulnerability

In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P CVE-2018-20683...

8.1CVSS5.3AI score0.02009EPSS
Exploits0References2
Mageia
Mageia
added 2019/01/11 9:7 p.m.36 views

Updated python-django packages fix security vulnerability

An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the...

6.5CVSS2.2AI score0.03685EPSS
Exploits0References3
Mageia
Mageia
added 2019/01/06 4:41 p.m.36 views

Updated dcraw packages fix security vulnerability

A NULL pointer dereference flaw was found in the way dcraw processed images. An attacker could potentially use this flaw to crash dcraw by tricking it into processing crafted images CVE-2018-5801...

6.5CVSS2.6AI score0.02039EPSS
Exploits1References2
Mageia
Mageia
added 2019/01/05 6:30 p.m.36 views

Updated ldb, talloc, and samba packages fix security vulnerabilities

Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service CVE-2018-14629. Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC's KDC when configured to accept smart-card...

6.5CVSS1.9AI score0.05192EPSS
Exploits1References18
Mageia
Mageia
added 2018/11/11 9:9 p.m.36 views

Updated audiofile packages fix security vulnerabilities

A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup allows for denial of service via crafted file CVE-2018-13440. A Heap-based buffer overflow was found in Expand3To4Module::run when running sfconvert CVE-2018-17095...

8.8CVSS4AI score0.04654EPSS
Exploits2References2
Mageia
Mageia
added 2018/07/01 5:17 p.m.36 views

Updated ansible packages fix security vulnerability

Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...

5.9CVSS1.2AI score0.03088EPSS
Exploits0References3
Mageia
Mageia
added 2018/06/06 6:15 p.m.36 views

Updated corosync packages fix security vulnerability

An integer overflow leading to an out-of-bound read was found in authenticatenss23 in Corosync. An attacker could craft a malicious packet that would lead to a denial of service CVE-2018-1084...

7.5CVSS4.3AI score0.03172EPSS
Exploits0References2
Mageia
Mageia
added 2018/05/16 8:24 a.m.36 views

Updated golang packages fix security vulnerability

A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS7AI score0.63229EPSS
Exploits1References2
Mageia
Mageia
added 2018/05/16 8:24 a.m.36 views

Updated perl packages fix security vulnerabilities

Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written CVE-2018-6797. Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially...

9.8CVSS1.8AI score0.10866EPSS
Exploits0References2
Mageia
Mageia
added 2018/03/07 8:37 p.m.36 views

Updated 389-ds-base packages fix CVE-2018-1054

389-ds-base has been updated to fix a security issue. A flaw was found in 389 Directory Server that affects all versions. An improper handling of the search feature with an extended filter, when read access on is enabled, in SetUnicodeStringFromUTF8 function in collate.c, can lead to out-of-bound...

7.5CVSS3.5AI score0.04817EPSS
Exploits0References2
Mageia
Mageia
added 2018/02/06 6:25 a.m.36 views

Updated dovecot packages fix security vulnerability

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...

7.5CVSS1.6AI score0.0312EPSS
Exploits0References3
Mageia
Mageia
added 2018/01/12 7:49 p.m.36 views

Updated irssi packages fix security vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...

9.8CVSS2.5AI score0.02439EPSS
Exploits0References2
Mageia
Mageia
added 2018/01/03 2:22 p.m.36 views

Updated connman packages fix security vulnerability

Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service...

9.8CVSS2.7AI score0.05519EPSS
Exploits0References2
Mageia
Mageia
added 2018/01/02 3:2 p.m.36 views

Updated mad packages fix security vulnerability

The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file CVE-2017-8373. The madbitskip function in bit.c in Underbit...

7.8CVSS6AI score0.02538EPSS
Exploits2References5
Mageia
Mageia
added 2017/11/16 7:39 a.m.36 views

Updated roundcubemail packages fix security vulnerability

It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...

7.8CVSS2.8AI score0.42831EPSS
Exploits5References3
Mageia
Mageia
added 2017/09/03 2:31 p.m.36 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.2.9, which fixes a few security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.5CVSS3.1AI score0.02012EPSS
Exploits0References6
Mageia
Mageia
added 2017/08/21 8:0 p.m.36 views

Updated clamav packages fix security vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service CVE-2017-6418. It was discovered that ClamAV incorrectly handled parsing certain PE files with WWPack...

5.5CVSS3.6AI score0.01415EPSS
Exploits0References2
Mageia
Mageia
added 2017/08/16 12:1 a.m.36 views

Updated libsoup packages fix security vulnerability

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability CVE-2017-28...

9.8CVSS3.3AI score0.24337EPSS
Exploits4References2
Mageia
Mageia
added 2017/08/05 7:19 p.m.36 views

Updated evince packages fix security vulnerability

Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book cbt files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files i...

7.8CVSS1.8AI score0.50826EPSS
Exploits9References2
Mageia
Mageia
added 2017/08/03 7:5 p.m.36 views

Updated tcpdump package fixes security vulnerability

Security issue due to insufficient bounds checking for STP CVE-2017-11108...

7.5CVSS1.8AI score0.04901EPSS
Exploits0References2
Mageia
Mageia
added 2017/07/25 10:7 p.m.36 views

Updated libquicktime packages fix security vulnerabilities

A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...

7.1CVSS4.3AI score0.06487EPSS
Exploits3References2
Mageia
Mageia
added 2017/06/29 9:40 p.m.36 views

Updated libmwaw packages fix security vulnerability

It was discovered that a buffer overflow in libmwaw might result in the execution of arbitrary code if a malformed document is opened CVE-2017-9433...

9.8CVSS3.5AI score0.02276EPSS
Exploits0References2
Mageia
Mageia
added 2017/06/29 9:40 p.m.36 views

Updated drupal packages fix security vulnerability

Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files uploaded by anonymous users into a private file system can be accessed by other anonymous users leading to an access bypass vulnerability CVE-2017-6922...

6.5CVSS3.9AI score0.01947EPSS
Exploits0References7
Mageia
Mageia
added 2017/06/26 9:28 a.m.36 views

Updated mercurial packages fix security vulnerability

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

9CVSS6.2AI score0.21512EPSS
Exploits1References3
Mageia
Mageia
added 2017/05/10 8:47 p.m.36 views

Updated feh package fixes security vulnerability

Updated feh package to fix a double-free/OOB-write in E17 IPC. This was a potential security issue as a malicious X11 app running alongside feh and pretending to be an E17 window manager could have had access to out-of-bound memory. Security vulnerability: CVE-2017-7875...

9.8CVSS3.5AI score0.02266EPSS
Exploits0References3
Mageia
Mageia
added 2017/04/04 6:44 a.m.36 views

Updated mxml packages fix security vulnerability

Two stack exhaustion issues based on uncontrolled recursion were found in mxml. A maliciously crafted xml file can cause the application to crash. Recursion using mxmlDelete at mxml-node.c:217 reproducer is stack-exhaustion-1.xml CVE-2016-4570. Recursion using mxmlwritenode at mxml-file.c:2739...

7.1CVSS2.6AI score0.01589EPSS
Exploits0References4
Mageia
Mageia
added 2017/01/13 10:32 a.m.36 views

Updated unzip package fixes security vulnerabilities

It was discovered that "unzip -l" CVE-2014-9913 and "zipinfo" CVE-2016-9844 were vulnerable to buffer overflows when provided malformed or maliciously-crafted ZIP files...

4CVSS5.6AI score0.01835EPSS
Exploits0References3
Mageia
Mageia
added 2017/01/13 10:32 a.m.36 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 24.0.0.194 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limite...

9.3CVSS3AI score0.2991EPSS
Exploits22References3
Mageia
Mageia
added 2017/01/03 10:5 p.m.36 views

Updated libupnp packages fix security vulnerability

Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to denial of service or remote code execution CVE-2016-8863...

9.8CVSS4AI score0.08488EPSS
Exploits0References2
Mageia
Mageia
added 2016/12/22 9:41 p.m.36 views

Updated squid packages fix security vulnerabilities

Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information CVE-2016-10002. Incorrect HTTP Request header comparison...

7.5CVSS0.8AI score0.06766EPSS
Exploits0References4
Mageia
Mageia
added 2016/11/21 10:18 p.m.36 views

Updated libssh2 packages fix security vulnerability

Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...

5.9CVSS1.1AI score0.02697EPSS
Exploits0References3
Mageia
Mageia
added 2016/09/21 8:38 p.m.36 views

Updated slock packages fix security vulnerability

The slock utility is susceptible to crash when verifying a password for a user without a valid shadow hash entry CVE-2016-6866...

7.5CVSS1.1AI score0.02893EPSS
Exploits0References2
Mageia
Mageia
added 2016/05/21 10:11 p.m.36 views

Updated bugzilla packages fix CVE-2016-2803

Updated bugzilla packages fix security vulnerability: In Bugzilla before 4.4.12, due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs CVE-2016-2803...

6.1CVSS2.4AI score0.01483EPSS
Exploits0References3
Mageia
Mageia
added 2016/05/20 11:38 a.m.36 views

Updated perl packages fix security vulnerability

The regex engine got into an infinite loop because of the malformation. It is trying to back-up over a sequence of UTF-8 continuation bytes. The character just before the sequence should be a start byte. If it's not, there is a malformation which results in "hang" of regexp matching and CPU...

7.5CVSS7.6AI score0.02553EPSS
Exploits0References2
Mageia
Mageia
added 2016/05/05 4:26 p.m.36 views

Updated quagga packages fix CVE-2016-4049

Updated quagga packages fix security vulnerability: A denial of dervice vulnerability have been found in BGP daemon from Quagga routing software bgpd: if the following conditions are satisfied: - regular dumping is enabled - bgpd instance has many BGP peers then BGP message packets that are big...

7.5CVSS0.9AI score0.04642EPSS
Exploits0References2
Mageia
Mageia
added 2016/04/08 6:17 a.m.36 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout...

10CVSS2.1AI score0.25639EPSS
Exploits5References2
Mageia
Mageia
added 2016/04/06 2:9 p.m.36 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to a buffer overrun, the Squid pinger binary in Squid before 3.5.16 is vulnerable to a denial of service or information leak attack when processing ICMPv6 packets. This bug also permits the server response to manipulate other ICMP and ICMPv...

8.2CVSS0.8AI score0.35265EPSS
Exploits0References3
Mageia
Mageia
added 2016/03/02 6:28 p.m.36 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: ASN.1 BER dissector crash CVE-2016-2522. DNP dissector infinite loop CVE-2016-2523. X.509AF dissector crash CVE-2016-2524. HTTP/2 dissector crash CVE-2016-2525. HiQnet dissector crash CVE-2016-2526. 3GPP TS 32.423 Trace file parser crash...

7.1CVSS1.4AI score0.03104EPSS
Exploits1References20
Mageia
Mageia
added 2016/02/23 12:23 p.m.36 views

Updated 389-ds-base packages fix security vulnerability

An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and st...

7.8CVSS1.7AI score0.0399EPSS
Exploits0References2
Mageia
Mageia
added 2016/01/29 11:2 a.m.36 views

Updated srtp packages fix security vulnerability

Srtp before 1.5.3 is vulnerable to a potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length CVE-2015-6360...

7.8CVSS7.4AI score0.08277EPSS
Exploits0References2
Mageia
Mageia
added 2016/01/20 5:53 p.m.36 views

Updated cacti packages fix security vulnerability

Several SQL injection vulnerabilities have been discovered in Cacti. Specially crafted input can be used by an attacker in the rraid value of the graph.php script to execute arbitrary SQL commands on the database CVE-2015-8369...

8.8CVSS9.9AI score0.02319EPSS
Exploits7References4
Mageia
Mageia
added 2015/12/17 8:19 p.m.36 views

Updated chromium-browser-stable packages fix CVE-2015-6792

Updated chromium-browser-stable packages fix security vulnerabilities: Fixes from internal audits and fuzzing CVE-2015-6792...

10CVSS9.2AI score0.03961EPSS
Exploits0References2
Mageia
Mageia
added 2015/11/02 8:21 p.m.36 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload CVE-2015-8001. ...

6.8CVSS8.8AI score0.01688EPSS
Exploits0References3
Mageia
Mageia
added 2015/10/30 8:11 p.m.36 views

Updated libpng12 package fixes security vulnerability

An out-of-bounds read in pngconverttorfc1123 in png.c in libpng 1.2.x before 1.2.54 could potentially be exploited by a crafted PNG file to leak information from an application's memory CVE-2015-7981...

5CVSS8.1AI score0.06359EPSS
Exploits1References2
Mageia
Mageia
added 2015/10/13 10:40 p.m.36 views

Updated openjpeg2 package fixes security vulnerability

Use-after-free vulnerability was found in j2k.c in opjj2kwritemco function rhbz1263359. Double free vulnerability in the opjj2kcopydefaulttcpandcreatetcd function in j2k.c in OpenJPEG allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by triggeri...

7.5CVSS9.6AI score0.02677EPSS
Exploits0References3
Mageia
Mageia
added 2015/10/03 9:15 p.m.36 views

Updated chromium-browser packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site...

7.5CVSS9.2AI score0.01757EPSS
Exploits2References5
Mageia
Mageia
added 2015/08/21 6:54 p.m.36 views

Updated x11-server packages fix security vulnerability

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket CVE-2015-3164...

3.6CVSS7.2AI score0.00393EPSS
Exploits0References3
Mageia
Mageia
added 2015/08/10 2:31 p.m.36 views

Updated cacti package fixes security vulnerability

Cross-site scripting XSS vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2015-2665. SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.03227EPSS
Exploits1References5
Mageia
Mageia
added 2015/07/31 10:46 p.m.36 views

Updated icu package fixes security vulnerability

It was discovered that ICU Layout Engine was missing multiple boundary checks. These could lead to buffer overflows memory corruption. A specially crafted file could cause an application using ICU to parse untrusted font files to crash and, possibly, execute arbitrary code CVE-2015-4760...

10CVSS6.8AI score0.07031EPSS
Exploits0References3
Mageia
Mageia
added 2015/07/27 5:18 p.m.36 views

Updated wesnoth packages fix security vulnerability

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed in...

4.3CVSS5.1AI score0.01715EPSS
Exploits0References6
Total number of security vulnerabilities5000