Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2019/09/12 7:9 p.m.34 views

Updated tcpflow packages fix security vulnerability

Updated tcpflow package fixes security vulnerability: A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an addresshistogram call or a gethistogram call CVE-2018-18409...

5.5CVSS3.5AI score0.01302EPSS
Exploits1References1
Mageia
Mageia
added 2019/04/10 10:7 p.m.34 views

Updated mumble packages fix security vulnerability

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service CVE-2018-20743...

7.5CVSS1.9AI score0.03625EPSS
Exploits0References3
Mageia
Mageia
added 2019/04/10 10:7 p.m.34 views

Updated gpac packages fix security vulnerability

It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...

9.8CVSS3.8AI score0.02521EPSS
Exploits5References2
Mageia
Mageia
added 2019/01/10 10:53 a.m.34 views

Updated mbedtls packages fix security vulnerability

A vulnerability was found in mbedTLS which allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-ECDHE cipher suites CVE-2018-19608...

4.7CVSS4.6AI score0.00336EPSS
Exploits0References5
Mageia
Mageia
added 2018/11/17 10:23 p.m.34 views

Updated jhead package fixes security vulnerabilities

The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling CVE-2018-16554. The ProcessGpsInfo...

7.8CVSS4.2AI score0.01766EPSS
Exploits2References3
Mageia
Mageia
added 2018/09/21 4:26 p.m.34 views

Updated lcms2 packages fix security vulnerability

Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. CVE-2018-16435...

5.5CVSS3.7AI score0.01746EPSS
Exploits1References2
Mageia
Mageia
added 2018/09/21 4:26 p.m.34 views

Updated libcgroup packages fix security vulnerability

The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...

8.1CVSS3AI score0.02316EPSS
Exploits0References2
Mageia
Mageia
added 2018/09/13 8:38 p.m.34 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin packages fix security vulnerability: Successful exploitation of the currently un-disclosed vulerability could lead to information disclosure CVE-2018-15967...

7.5CVSS1.5AI score0.076EPSS
Exploits0References2
Mageia
Mageia
added 2018/07/23 10:27 p.m.34 views

Updated rust packages fix security vulnerability

The Rust Programming Language rustdoc version before version 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

7.8CVSS3.1AI score0.01819EPSS
Exploits0References3
Mageia
Mageia
added 2018/06/19 11:42 p.m.34 views

Updated roundcubemail packages fix security vulnerability

Updated roundcubemail package fixes security vulnerability: This update fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. CVE-2018-9846...

8.8CVSS2.4AI score0.02289EPSS
Exploits0References2
Mageia
Mageia
added 2018/05/19 8:56 p.m.34 views

Updated miniupnpc packages fix security vulnerability

It was discovered that miniupnpc contained a heap buffer overflow in parseelt minixml.c - no CVE assigned. It was discovered that miniupnpc also contained a memory corruption invalid read, SIGSEGV in NameValueParserEndElt upnpreplyparse.c while handling two consecutive malformed SOAP requests...

7.8CVSS3.3AI score0.00466EPSS
Exploits1References3
Mageia
Mageia
added 2018/05/12 7:57 a.m.34 views

Updated qpdf packages fix security vulnerability

A flaw was found in QPDF through 8.0.2. libqpdf.a mishandles certain 'expected dictionary key but found non-name object' cases, allowing remote attackers to cause a denial of service stack exhaustion, related to the QPDFObjectHandle and QPDFDictionary classes CVE-2018-9918...

7.8CVSS5.6AI score0.01717EPSS
Exploits1References2
Mageia
Mageia
added 2018/05/12 6:28 a.m.34 views

Updated transmission packages fix a security vulnerability

Updated transmission packages fix security vulnerability: Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interfaces may result in the execution of arbitrary code if a user visits a malicious...

8.8CVSS2AI score0.11926EPSS
Exploits1References2
Mageia
Mageia
added 2018/04/06 10:54 p.m.34 views

Updated 389-ds-base packages fix security vulnerability

It was discovered that a lack of size check in slapictmemcmp function may lead to authentication bypass through pre-hashed userPassword attributes under highly specific circumstances CVE-2017-15135...

8.1CVSS1.9AI score0.03828EPSS
Exploits0References3
Mageia
Mageia
added 2018/03/26 8:21 p.m.34 views

Updated jupyter-notebook packages fix security vulnerability

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS1.2AI score0.011EPSS
Exploits0References2
Mageia
Mageia
added 2018/03/14 4:21 p.m.34 views

Updated zsh packages fix security vulnerabilities

Zsh has been updated to fix 4 security issues. In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 In utils.c in zsh before 5.4, symlink expansion had a buff...

9.8CVSS0.5AI score0.03173EPSS
Exploits0References2
Mageia
Mageia
added 2018/02/22 7:49 p.m.34 views

Updated irssi packages fix security vulnerability

Null pointer dereference when an "empty" nick has been observed by Irssi CVE-2018-7050. Certain nick names could result in out of bounds access when printing theme strings CVE-2018-7051. When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference...

9.8CVSS1.6AI score0.02494EPSS
Exploits0References2
Mageia
Mageia
added 2018/01/11 7:36 p.m.34 views

Updated poppler packages fix security vulnerability

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. CVE-2017-1000456...

8.8CVSS2.3AI score0.01968EPSS
Exploits1References2
Mageia
Mageia
added 2018/01/04 4:48 p.m.34 views

Updated backintime packages fix security vulnerability

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

9.3CVSS3.6AI score0.01462EPSS
Exploits0References2
Mageia
Mageia
added 2018/01/01 10:38 a.m.34 views

Updated ipsec-tools packages fix security vulnerability

It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain ISAKMP fragments. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service CVE-2016-10396...

9.9CVSS2.5AI score0.01211EPSS
Exploits0References2
Mageia
Mageia
added 2017/12/31 12:10 a.m.34 views

Updated emacs packages fix security vulnerability

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients CVE-2017-14482...

8.8CVSS2.8AI score0.04042EPSS
Exploits1References2
Mageia
Mageia
added 2017/12/21 5:43 p.m.34 views

Updated xrdp packages fix security vulnerability

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

8.4CVSS5.4AI score0.00408EPSS
Exploits0References2
Mageia
Mageia
added 2017/12/06 11:43 a.m.34 views

Updated libxcursor packages fix security vulnerability

Heap overflows when parsing malicious files. CVE-2017-16612...

7.5CVSS3.2AI score0.05173EPSS
Exploits1References2
Mageia
Mageia
added 2017/10/09 9:51 a.m.34 views

Updated libidn packages fix security vulnerability

Integer overflow in the decodedigit function in punydecode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVE-2017-14062...

9.8CVSS7.5AI score0.03965EPSS
Exploits0References2
Mageia
Mageia
added 2017/09/07 9:7 a.m.34 views

Updated groovy18 packages fix security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whi...

9.8CVSS9.2AI score0.42983EPSS
Exploits4References3
Mageia
Mageia
added 2017/08/28 8:14 a.m.34 views

Updated postgresql9.3/4/6 packages fix security vulnerabilities

libpq, and by extension any connection driver that utilizes libpq, ignores empty passwords and does not transmit them to the server. When using libpq or a libpq-based connection driver to perform password-based authentication methods, it would appear that setting an empty password would be the...

9.8CVSS0.9AI score0.61566EPSS
Exploits0References5
Mageia
Mageia
added 2017/08/26 9:17 p.m.34 views

Updated flash-player-plugin packages fix security vulnerabilities

This update upgrades Flash Player to version 26.0.0.151. Security Fixes: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF fil...

9.3CVSS2.1AI score0.22311EPSS
Exploits3References1
Mageia
Mageia
added 2017/08/23 3:43 p.m.34 views

Updated graphicsmagick packages fix security vulnerability

Invalid memory read in SetImageColorCallBack in image.c CVE-2017-12935. Use-after-free in ReadWMFImage in wmf.c CVE-2017-12936. Heap-based buffer overflow in ReadSUNImage in sun.c CVE-2017-12937...

8.8CVSS3.8AI score0.25065EPSS
Exploits0References4
Mageia
Mageia
added 2017/08/15 9:57 a.m.34 views

Updated phpldapadmin packages fix security vulnerability

phpLDAPadmin through 1.2.3 has XSS in htdocs/entrychooser.php via the form, element, rdn, or container parameter CVE-2017-11107...

6.1CVSS3.1AI score0.02069EPSS
Exploits1References2
Mageia
Mageia
added 2017/08/08 8:24 p.m.34 views

Updated mpg123 packages fix security vulnerabilities

The nexttext function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service buffer over-read via a crafted mp3 file CVE-2017-9545. Invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes CVE-2017-10683. Extend pow tables for...

5.5CVSS3.9AI score0.01167EPSS
Exploits1References2
Mageia
Mageia
added 2017/07/25 10:7 p.m.34 views

Updated libquicktime packages fix security vulnerabilities

A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...

7.1CVSS4.3AI score0.06487EPSS
Exploits3References2
Mageia
Mageia
added 2017/07/22 8:42 a.m.34 views

Updated sane packages fix security vulnerability

saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory CVE-2017-6318...

7.5CVSS4.6AI score0.02963EPSS
Exploits0References2
Mageia
Mageia
added 2017/01/27 9:19 a.m.34 views

Updated gstreamer packages fix security vulnerability

Out of bounds heap read in windowsicontypefind in gst/typefind/gsttypefindfunctions.c CVE-2016-9811...

4.7CVSS0.9AI score0.02344EPSS
Exploits0References3
Mageia
Mageia
added 2016/11/17 11:40 p.m.34 views

Updated tar packages fix security vulnerability

Harry Sintonen discovered that GNU tar does not properly handle member names containing '..', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory CVE-2016-6321...

7.5CVSS1.5AI score0.15155EPSS
Exploits3References2
Mageia
Mageia
added 2016/11/11 10:9 p.m.34 views

Updated quagga packages fix security vulnerability

It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages CVE-2016-1245...

9.8CVSS3.4AI score0.03656EPSS
Exploits0References3
Mageia
Mageia
added 2016/11/03 10:53 p.m.34 views

Updated php-adodb packages fix security vulnerabilities

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. CVE-2016-7405 Cross Site Scripting vulnerability in test script CVE-2016-4855...

9.8CVSS4.3AI score0.02984EPSS
Exploits0References4
Mageia
Mageia
added 2016/10/21 2:48 p.m.34 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...

9.8CVSS3.9AI score0.04124EPSS
Exploits1References3
Mageia
Mageia
added 2016/10/18 6:46 p.m.34 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.637 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2016-6992. This...

9.3CVSS2.7AI score0.19899EPSS
Exploits4References2
Mageia
Mageia
added 2016/09/16 9:27 a.m.34 views

Updated jasper packages fix security vulnerability

A double-free issue in JasPer 1.900.1 in the jasperimagestopload function can cause a denial of service if a specially crafted JPEG image is loaded CVE-2015-5203. A use-after-free which leads to double-free vulnerability was found in Jasper JPEG-2000 library, in src/libjasper/mif/mifcod.c file...

5.5CVSS6.4AI score0.0219EPSS
Exploits0References2
Mageia
Mageia
added 2016/05/20 11:38 a.m.34 views

Updated dhcpcd packages fix security vulnerability

The printoption function in dhcp-common.c in dhcpcd through 6.10.2 misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory corruption via a crafted message CVE-2014-7913. The dhcpcd package has been...

6.8CVSS8AI score0.01841EPSS
Exploits0References5
Mageia
Mageia
added 2016/04/25 7:57 a.m.34 views

Updated varnish packages fix CVE-2015-8852

Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies CVE-2015-8852...

7.5CVSS7.7AI score0.03524EPSS
Exploits0References2
Mageia
Mageia
added 2016/03/25 6:38 a.m.34 views

Updated moodle packages fix security vulnerability

In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...

8.8CVSS1.6AI score0.01931EPSS
Exploits0References13
Mageia
Mageia
added 2015/10/30 8:11 p.m.34 views

Updated phpmyadmin package fixes security vulnerability

Content spoofing vulnerability when redirecting user to an external site CVE-2015-7873...

5CVSS6.4AI score0.02624EPSS
Exploits0References3
Mageia
Mageia
added 2015/08/17 10:47 p.m.34 views

Updated kdepim package fixes security vulnerability

This update fixes a security vulnerability in kdepim : kmail doesn't encrypt attachments when "automatic encryption" is selected CVE-2014-8878...

5.9CVSS5.9AI score0.0121EPSS
Exploits0References3
Mageia
Mageia
added 2015/06/08 9:17 p.m.34 views

Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server package fixes security vulnerabilities: RabbitMQ before 3.4.1 does not prevent /api/ from returning text/html error messages which could act as an XSS vector CVE-2014-9649. RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads CVE-2014-9650. In...

10CVSS6.6AI score0.04254EPSS
Exploits2References4
Mageia
Mageia
added 2015/06/08 9:17 p.m.34 views

Updated jackrabbit packages fix CVE-2015-1833

Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...

6.4CVSS6.2AI score0.51488EPSS
Exploits6References3
Mageia
Mageia
added 2015/05/05 1:36 p.m.34 views

Updated pdns & pdns-recursor packages fix CVE-2015-1868

Updated pdns and pdns-recursor packages fix security vulnerability: A bug was discovered in the label decompression code in PowerDNS and PowerDNS Recursor, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to...

7.8CVSS6.5AI score0.81834EPSS
Exploits0References5
Mageia
Mageia
added 2015/04/15 9:1 a.m.34 views

Updated quassel packages fix security vulnerabilities

Updated quassel packages fix security vulnerabilities: Quassel could crash when receiving an overlength CTCP query containing only multibyte characters CVE-2015-2778. Quassel could incorrectly split a message in the middle of a multibyte character, leading to a denial of service CVE-2015-2779...

5CVSS6.2AI score0.02795EPSS
Exploits0References2
Mageia
Mageia
added 2015/04/09 10:44 p.m.34 views

Updated less packages fix CVE-2014-9488

Updated less package fixes security vulnerability: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access CVE-2014-9488...

10CVSS6.2AI score0.04017EPSS
Exploits0References2
Mageia
Mageia
added 2014/11/14 12:57 a.m.34 views

Updated ruby packages fix CVE-2014-8080

Updated ruby packages fix security vulnerability: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of servic...

5CVSS5.9AI score0.05538EPSS
Exploits1References4
Total number of security vulnerabilities5000