Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/03/26 8:21 p.m.•34 views

Updated jupyter-notebook packages fix security vulnerability

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS1.2AI score0.011EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/14 4:21 p.m.•34 views

Updated zsh packages fix security vulnerabilities

Zsh has been updated to fix 4 security issues. In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 In utils.c in zsh before 5.4, symlink expansion had a buff...

9.8CVSS0.5AI score0.03223EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/26 4:23 p.m.•34 views

Updated flatpak packages fix security vulnerability

Updated flatpak packages fix security vulnerability: A sandbox escape in the flatpak dbus proxy in the authentication phase CVE-2018-6560. The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,...

8.8CVSS2.3AI score0.0042EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/11 7:36 p.m.•34 views

Updated poppler packages fix security vulnerability

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. CVE-2017-1000456...

8.8CVSS2.3AI score0.01968EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/04 4:48 p.m.•35 views

Updated erlang packages fix security vulnerabilities

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys CVE-2017-1000385...

5.9CVSS2.9AI score0.22098EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/01 10:38 a.m.•34 views

Updated ipsec-tools packages fix security vulnerability

It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain ISAKMP fragments. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service CVE-2016-10396...

9.9CVSS2.5AI score0.01211EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/06 11:43 a.m.•34 views

Updated libxcursor packages fix security vulnerability

Heap overflows when parsing malicious files. CVE-2017-16612...

7.5CVSS3.2AI score0.05173EPSS
Exploits1References2
Mageia
Mageia
•added 2017/11/02 9:47 p.m.•34 views

Updated sdl2_image & mingw packages fix security vulnerability

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

8.8CVSS4.2AI score0.02656EPSS
Exploits1References2
Mageia
Mageia
•added 2017/10/09 9:51 a.m.•34 views

Updated libidn packages fix security vulnerability

Integer overflow in the decodedigit function in punydecode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVE-2017-14062...

9.8CVSS7.5AI score0.03965EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/26 9:17 p.m.•34 views

Updated flash-player-plugin packages fix security vulnerabilities

This update upgrades Flash Player to version 26.0.0.151. Security Fixes: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF fil...

9.3CVSS2.1AI score0.22311EPSS
Exploits3References1
Mageia
Mageia
•added 2017/08/23 3:43 p.m.•34 views

Updated graphicsmagick packages fix security vulnerability

Invalid memory read in SetImageColorCallBack in image.c CVE-2017-12935. Use-after-free in ReadWMFImage in wmf.c CVE-2017-12936. Heap-based buffer overflow in ReadSUNImage in sun.c CVE-2017-12937...

8.8CVSS3.8AI score0.25065EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/15 9:57 a.m.•34 views

Updated phpldapadmin packages fix security vulnerability

phpLDAPadmin through 1.2.3 has XSS in htdocs/entrychooser.php via the form, element, rdn, or container parameter CVE-2017-11107...

6.1CVSS3.1AI score0.02069EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/08 8:24 p.m.•34 views

Updated mpg123 packages fix security vulnerabilities

The nexttext function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service buffer over-read via a crafted mp3 file CVE-2017-9545. Invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes CVE-2017-10683. Extend pow tables for...

5.5CVSS3.9AI score0.01167EPSS
Exploits1References2
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•34 views

Updated libquicktime packages fix security vulnerabilities

A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...

7.1CVSS4.3AI score0.06487EPSS
Exploits3References2
Mageia
Mageia
•added 2017/07/22 8:42 a.m.•34 views

Updated sane packages fix security vulnerability

saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory CVE-2017-6318...

7.5CVSS4.6AI score0.02963EPSS
Exploits0References2
Mageia
Mageia
•added 2017/06/08 9:39 p.m.•34 views

Updated gc packages fix security vulnerability

Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service application crash or possibly execute arbitrary code CVE-2016-9427...

9.8CVSS4.4AI score0.0414EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/14 7:40 p.m.•34 views

Updated python-django packages fix security vulnerability

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

6.1CVSS1.4AI score0.02384EPSS
Exploits2References3
Mageia
Mageia
•added 2017/01/27 9:19 a.m.•34 views

Updated gstreamer packages fix security vulnerability

Out of bounds heap read in windowsicontypefind in gst/typefind/gsttypefindfunctions.c CVE-2016-9811...

4.7CVSS0.9AI score0.02344EPSS
Exploits0References3
Mageia
Mageia
•added 2016/11/17 11:40 p.m.•34 views

Updated tar packages fix security vulnerability

Harry Sintonen discovered that GNU tar does not properly handle member names containing '..', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory CVE-2016-6321...

7.5CVSS1.5AI score0.15155EPSS
Exploits3References2
Mageia
Mageia
•added 2016/11/11 10:9 p.m.•34 views

Updated quagga packages fix security vulnerability

It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages CVE-2016-1245...

9.8CVSS3.4AI score0.03656EPSS
Exploits0References3
Mageia
Mageia
•added 2016/10/21 2:48 p.m.•34 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...

9.8CVSS3.9AI score0.04124EPSS
Exploits1References3
Mageia
Mageia
•added 2016/10/18 6:46 p.m.•34 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.637 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2016-6992. This...

9.3CVSS2.7AI score0.19899EPSS
Exploits4References2
Mageia
Mageia
•added 2016/09/16 9:27 a.m.•34 views

Updated jasper packages fix security vulnerability

A double-free issue in JasPer 1.900.1 in the jasperimagestopload function can cause a denial of service if a specially crafted JPEG image is loaded CVE-2015-5203. A use-after-free which leads to double-free vulnerability was found in Jasper JPEG-2000 library, in src/libjasper/mif/mifcod.c file...

5.5CVSS6.4AI score0.0219EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•34 views

Updated mupdf packages fix security vulnerability

A flaw was discovered in the pdfloadmeshparams function allowing out-of-bounds write access to memory locations. With carefully crafted input, that could trigger a heap overflow, resulting in application crash or possibly having other unspecified impact CVE-2016-6525. Also, mupdf already containe...

9.8CVSS2.3AI score0.03772EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•34 views

Updated dhcpcd packages fix security vulnerability

The printoption function in dhcp-common.c in dhcpcd through 6.10.2 misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory corruption via a crafted message CVE-2014-7913. The dhcpcd package has been...

6.8CVSS8AI score0.01841EPSS
Exploits0References5
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•34 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

The gdk-pixbuf2.0 library is vulnerable to overflows in the pixopscompositenearest, pixopscompositecolornearest and pixopsprocess functions in pixops/pixops.c CVE-2015-8875...

7.8CVSS7.4AI score0.02773EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•34 views

Updated varnish packages fix CVE-2015-8852

Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies CVE-2015-8852...

7.5CVSS7.7AI score0.03524EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•34 views

Updated moodle packages fix security vulnerability

In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...

8.8CVSS1.6AI score0.01931EPSS
Exploits0References13
Mageia
Mageia
•added 2016/01/15 1:52 a.m.•34 views

Updated librsvg packages fix security vulnerability

Out-of-bounds heap read in librsvg2 was found when parsing SVG file CVE-2015-7557. Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file CVE-2015-7558. The librsvg package has been updated to version 2.40.13, fixing these issues and...

7.5CVSS7.5AI score0.02399EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•34 views

Updated blueman packages fix security vulnerability

Privilege escalation vulnerability in blueman before 2.0.3 in the dbus API CVE-2015-8612...

8.4CVSS8.5AI score0.0634EPSS
Exploits4References3
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•34 views

Updated gcc packages fix security vulnerability

It was discovered that the std::randomdevice class in libstdc++ would not properly detect short reads and could return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random. CVE-2015-5276...

5CVSS6.8AI score0.02941EPSS
Exploits0References3
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•34 views

Updated spice packages fix security vulnerabilities

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization CVE-2015-5260, CVE-2015-5261...

7.8CVSS7.6AI score0.00575EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•34 views

Updated ipython packages fix CVE-2015-6938

Updated ipython packages fix security vulnerability: In IPython, local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it CVE-2015-6938...

4.3CVSS5.7AI score0.02768EPSS
Exploits1References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•34 views

Updated squashfs-tools packages fix security vulnerabilities

Updated squashfs-tools package fixes security vulnerabilities: The unsquashfs command from squashfs-tools is vulnerable to integer CVE-2015-4645 and stack CVE-2015-4646 overflows...

7.5CVSS6.6AI score0.0691EPSS
Exploits0References2
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•34 views

Updated vlc packages fix security vulnerabilities

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

6.8CVSS9.5AI score0.13337EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•34 views

Updated drupal packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...

7.5CVSS7.2AI score0.0506EPSS
Exploits0References4
Mageia
Mageia
•added 2015/08/17 10:47 p.m.•34 views

Updated kdepim package fixes security vulnerability

This update fixes a security vulnerability in kdepim : kmail doesn't encrypt attachments when "automatic encryption" is selected CVE-2014-8878...

5.9CVSS5.9AI score0.0121EPSS
Exploits0References3
Mageia
Mageia
•added 2015/06/08 9:17 p.m.•34 views

Updated jackrabbit packages fix CVE-2015-1833

Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...

6.4CVSS6.2AI score0.51488EPSS
Exploits6References3
Mageia
Mageia
•added 2015/06/08 9:17 p.m.•34 views

Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server package fixes security vulnerabilities: RabbitMQ before 3.4.1 does not prevent /api/ from returning text/html error messages which could act as an XSS vector CVE-2014-9649. RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads CVE-2014-9650. In...

10CVSS6.6AI score0.04254EPSS
Exploits2References4
Mageia
Mageia
•added 2015/05/13 5:18 p.m.•34 views

Updated darktable packages fix CVE-2015-3885

Updated darktable package fixes security vulnerability The dcraw tool bundled in darktable's libraw copy suffers from an integer overflow condition which leads to a buffer overflow. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service conditio...

4.3CVSS7.2AI score0.05434EPSS
Exploits0References4
Mageia
Mageia
•added 2015/05/06 3:16 p.m.•34 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: This update provides MariaDB 5.5.43, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References4
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•34 views

Updated quassel packages fix security vulnerabilities

Updated quassel packages fix security vulnerabilities: Quassel could crash when receiving an overlength CTCP query containing only multibyte characters CVE-2015-2778. Quassel could incorrectly split a message in the middle of a multibyte character, leading to a denial of service CVE-2015-2779...

5CVSS6.2AI score0.02795EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/09 10:44 p.m.•34 views

Updated less packages fix CVE-2014-9488

Updated less package fixes security vulnerability: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access CVE-2014-9488...

10CVSS6.2AI score0.04017EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/14 12:57 a.m.•34 views

Updated ruby packages fix CVE-2014-8080

Updated ruby packages fix security vulnerability: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of servic...

5CVSS5.9AI score0.05538EPSS
Exploits1References4
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•34 views

Updated php-ZendFramework packages fix security vulnerabilities

Due to a bug in PHP's LDAP extension, when ZendFramework's Zendldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind CVE-2014-8088. The sqlsrv PHP extension, which provides the ability to...

9.8CVSS10.1AI score0.0255EPSS
Exploits1References5
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•34 views

Updated konversation package fixes security vulnerability

Due to and out-of-bounds read issue in Konversation in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...

5CVSS6.1AI score0.0355EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/23 1:27 p.m.•34 views

Updated phpmyadmin package fixes security vulnerability

In phpMyAdmin before 4.1.14.6, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries CVE-2014-8326...

3.5CVSS6.3AI score0.01519EPSS
Exploits1References2
Mageia
Mageia
•added 2014/10/07 9:22 a.m.•34 views

Updated phpmyadmin package fixes security vulnerability

In phpMyAdmin before 4.1.14.4, with a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages CVE-2014-7217...

3.5CVSS5.8AI score0.01617EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/01 10:44 a.m.•34 views

Updated blender package fixes CVE-2014-4607

Updated blender package fixes security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The blender package ...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•34 views

Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS7.5AI score0.0315EPSS
Exploits0References2
Total number of security vulnerabilities5000