Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2019/12/13 6:25 p.m.•33 views

Updated wireshark packages fix security vulnerability

Version 3.0.7 fixes the following security vulnerability: CMS dissector crash CVE-2019-19553. This update also brings the Mageia package from version 3.0.4 to 3.0.7...

7.5CVSS4.7AI score0.04128EPSS
Exploits0References8
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•33 views

Updated tnef packages fix security vulnerability

Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup CVE-2019-18849...

5.5CVSS3.2AI score0.01203EPSS
Exploits1References2
Mageia
Mageia
•added 2019/08/31 1:22 p.m.•33 views

Updated memcached packages fix security vulnerability

AUpdated memcached packages fix security vulnerability: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlrucommand in memcached.c CVE-2019-11596...

7.5CVSS3.9AI score0.02958EPSS
Exploits1References2
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•33 views

Updated libreswan packages fix security vulnerability

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects...

3.5CVSS4AI score0.00512EPSS
Exploits0References1
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•33 views

Updated cronie packages fix security vulnerabilities

Updated cronie packages fix security vulnerabilities: Cronie before 1.5.3 allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked CVE-2019-9704. Cronie before 1.5.3 allows local users to cause a denial of service memory...

5.5CVSS3.8AI score0.00354EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•33 views

Updated python-django packages fix security vulnerability

If django.utils.numberformat.format -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ':f'.format CVE-2019-6975...

7.5CVSS2.6AI score0.05399EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•33 views

Updated pdns-recursor package fixes security vulnerabilities

An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua CVE-2019-3806. An issue has been found in PowerDNS Recursor where records in the...

9.8CVSS4AI score0.0146EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/18 10:19 p.m.•33 views

Updated python-django16 package fixes security vulnerability

It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL CVE-2019-3498...

6.5CVSS2.3AI score0.03685EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/02 10:15 p.m.•33 views

Updated apache-mod_perl packages fix security vulnerability

A flaw was found in modperl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processi...

10CVSS3AI score0.08946EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•33 views

Updated tcpflow packages fix security vulnerability

pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handleprism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the functio...

9.1CVSS3.7AI score0.02753EPSS
Exploits1References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•33 views

Updated okular packages fix security vulnerability

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive..." in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular...

5.5CVSS5.1AI score0.0183EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•33 views

Updated libpam4j package fixes security vulnerability

It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pamacctmgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in CVE-2017-12197...

6.5CVSS2.8AI score0.01511EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/12 6:28 a.m.•33 views

Updated transmission packages fix a security vulnerability

Updated transmission packages fix security vulnerability: Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interfaces may result in the execution of arbitrary code if a user visits a malicious...

8.8CVSS2AI score0.11926EPSS
Exploits1References2
Mageia
Mageia
•added 2018/04/13 8:8 p.m.•33 views

Updated puppet packages fix security vulnerability

It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code CVE-2017-10689...

5.5CVSS2AI score0.00363EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•33 views

Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could...

9.8CVSS4.9AI score0.08751EPSS
Exploits3References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•33 views

Updated SDL_image packages fix security vulnerability

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

8.8CVSS4.2AI score0.02656EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/04 4:48 p.m.•33 views

Updated backintime packages fix security vulnerability

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

9.3CVSS3.6AI score0.01462EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•33 views

Updated fossil packages fix security vulnerability

Client-side code execution via crafted "ssh://" URLs CVE-2017-17459...

9.3CVSS3.4AI score0.02805EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•33 views

Updated openldap packages fix security vulnerability

A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query CVE-2017-9287. The openldap package ha...

6.5CVSS2.3AI score0.07143EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•33 views

Updated python-werkzeug packages fix security vulnerability

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message CVE-2016-10516...

3.9AI score
Exploits0References2
Mageia
Mageia
•added 2017/12/21 5:43 p.m.•33 views

Updated xrdp packages fix security vulnerability

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

8.4CVSS5.4AI score0.00408EPSS
Exploits0References2
Mageia
Mageia
•added 2017/10/13 7:33 p.m.•33 views

Updated pjproject packages fix security vulnerabilities

Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service CVE-2017-9359, CVE-2017-9372...

7.5CVSS3.1AI score0.03989EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/13 7:33 p.m.•33 views

Updated weechat packages fix security vulnerability

It was discovered that logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized CVE-2017-14727...

7.5CVSS4.6AI score0.02836EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/16 10:32 p.m.•33 views

Updated kauth and kdelibs4 packages fix security vulnerability

Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account CVE-2017-8422...

7.8CVSS4.6AI score0.01805EPSS
Exploits3References3
Mageia
Mageia
•added 2017/07/07 9:17 a.m.•33 views

Updated libffi packages fix security vulnerability

libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, such as t...

7CVSS2AI score0.00503EPSS
Exploits0References3
Mageia
Mageia
•added 2017/06/26 9:37 p.m.•33 views

Updated rpcbind/libtirpc packages fix security vulnerability

It was discovered that rpcbind and libtirpc contain a vulnerability that allows an attacker to allocate any amount of bytes up to 4 gigabytes per attack on a remote rpcbind host, and the memory is never freed unless the process crashes or the administrator halts or restarts the rpcbind service...

7.8CVSS2.2AI score0.81921EPSS
Exploits4References2
Mageia
Mageia
•added 2017/06/26 9:37 p.m.•33 views

Updated irssi packages fix security vulnerabilities

It was discovered that Irssi incorrectly handled certain DCC messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2017-9468. Joseph Bisch discovered that Irssi incorrectly handled receiving incorrectly quoted DCC files. A remote...

7.5CVSS2.7AI score0.06084EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/03 9:48 a.m.•33 views

Updated texlive packages fix security vulnerability

It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document...

9.8CVSS3.6AI score0.07146EPSS
Exploits1References2
Mageia
Mageia
•added 2017/03/12 8:33 p.m.•33 views

Updated flash-player-plugin packages fix security vulnerability

flash-player-plugin update fixes the following issues: A type confusion vulnerability that could lead to code execution CVE-2017-2995. An integer overflow vulnerability that could lead to code execution CVE-2017-2987. Use-after-free vulnerabilities that could lead to code execution CVE-2017-2982,...

9.3CVSS3AI score0.32676EPSS
Exploits10References2
Mageia
Mageia
•added 2017/02/20 10:19 p.m.•33 views

Updated ruby-archive-tar-minitar packages fix security vulnerability

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry. CVE-2016-10173 Moreover the updated packages replace deprecated requiregem by gem to make minitar wo...

7.5CVSS5.7AI score0.04742EPSS
Exploits1References3
Mageia
Mageia
•added 2017/01/14 9:5 p.m.•33 views

Updated irssi packages fix security vulnerabilities

In irssi before 0.8.21, a NULL pointer dereference in the nickcmp function CVE-2017-5193. In irssi before 0.8.21, use after free when receiving invalid nick message CVE-2017-5194. In irssi before 0.8.21, out of bounds read in certain incomplete control codes CVE-2017-5195. In irssi before 0.8.21,...

7.5CVSS3.5AI score0.05595EPSS
Exploits1References4
Mageia
Mageia
•added 2016/11/26 10:41 a.m.•33 views

Updated bzip2 packages fix security vulnerability

A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. An attacker could use this flaw by sending a specially crafted bzip2 file to recover and force the program to crash CVE-2016-3189...

6.5CVSS1.3AI score0.15685EPSS
Exploits0References3
Mageia
Mageia
•added 2016/11/03 10:53 p.m.•33 views

Updated php-adodb packages fix security vulnerabilities

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. CVE-2016-7405 Cross Site Scripting vulnerability in test script CVE-2016-4855...

9.8CVSS4.3AI score0.02984EPSS
Exploits0References4
Mageia
Mageia
•added 2016/10/18 6:43 p.m.•33 views

Updated mailman package fixes security vulnerability

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

8.8CVSS6.9AI score0.01613EPSS
Exploits0References2
Mageia
Mageia
•added 2016/09/28 5:59 a.m.•33 views

Updated autotrace packages fix security vulnerability

autotrace failed to allocate sufficient memory to store the terminating NULL pointer in an array, causing an out of bounds write. CVE-2016-7392...

5.5CVSS3.4AI score0.01903EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•33 views

Updated libupnp packages fix security vulnerability

libupnp's default behavior allows an unauthenticated user access to a server's filesystem through POST and GET requests CVE-2016-6255...

7.5CVSS3.6AI score0.26818EPSS
Exploits4References2
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•33 views

Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker CVE-2016-4464...

9.8CVSS4.8AI score0.03986EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•33 views

Updated libksba packages fix security vulnerabilities

Updated libksba packages fix security vulnerabilities: An out-of-bounds read access in ksbadntostr in libksba 1.3.3, due to an incomplete fix for CVE-2016-4356, could result in denial of service CVE-2016-4574. In liksba 1.3.3, the returned length of the object from ksbaberparsetl ti.length was no...

7.5CVSS3.2AI score0.03205EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•33 views

Updated quassel packages fix CVE-2016-4414

Updated quassel packages fix security vulnerability: It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match in handshake data, in which case PeerFactory::createPeer returns a nullptr,...

7.5CVSS3.1AI score0.02934EPSS
Exploits0References2
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•33 views

Updated cyrus-imapd packages fix security vulnerability

Cyrus-imapd versions 2.4.18 and earlier are vulnerable to potential integer and buffer overflows CVE-2015-8077, CVE-2015-8078...

7.5CVSS5AI score0.03261EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•33 views

Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...

7.5CVSS7.1AI score0.02554EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•33 views

Updated cups-filters packages fix CVE-2015-8560

Updated cups-filters package fixes security vulnerability: Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands CVE-2015-8560...

7.5CVSS7.8AI score0.05251EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•33 views

Updated tigervnc packages fix security vulnerabilities

Updated tigervnc packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the clien...

9.8CVSS9.6AI score0.03547EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•33 views

Updated putty packages fix security vulnerability

Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator CVE-2015-5309...

4.3CVSS9.3AI score0.03467EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/04 6:3 p.m.•33 views

Updated drupal package fixes security vulnerability

The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...

6.1CVSS6.2AI score0.01774EPSS
Exploits0References7
Mageia
Mageia
•added 2015/10/30 8:11 p.m.•33 views

Updated phpmyadmin package fixes security vulnerability

Content spoofing vulnerability when redirecting user to an external site CVE-2015-7873...

5CVSS6.4AI score0.02624EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/17 7:49 a.m.•33 views

Updated ganglia-web packages fix CVE-2015-6816

An issue with the use of unserialize in ganglia-web allows authentication to be bypassed CVE-2015-6816...

9.8CVSS9.2AI score0.03562EPSS
Exploits1References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•33 views

Updated libidn packages fix CVE-2015-2059

Updated libidn packages fix security vulnerability: In libidn before 1.31, stringpreputf8toucs4 did not validate that the input UTF-8 string was actually valid UTF-8, which could lead to out-of-bounds reads CVE-2015-2059...

7.5CVSS7.7AI score0.03185EPSS
Exploits0References5
Mageia
Mageia
•added 2015/05/05 1:36 p.m.•33 views

Updated pdns & pdns-recursor packages fix CVE-2015-1868

Updated pdns and pdns-recursor packages fix security vulnerability: A bug was discovered in the label decompression code in PowerDNS and PowerDNS Recursor, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to...

7.8CVSS6.5AI score0.81834EPSS
Exploits0References5
Mageia
Mageia
•added 2015/04/30 9:57 p.m.•33 views

Updated quassel packages fix CVE-2015-3427

Updated quassel packages fix security vulnerability: Quassel is vulnerable to SQL injection through its use of Qt's postgres driver. If the PostgreSQL server is restarted or the connection is lost at any point, other IRC users may be able to trick the Quassel core into executing SQL queries upon...

7.5CVSS7.4AI score0.02003EPSS
Exploits0References2
Total number of security vulnerabilities5000