Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/03/19 12:13 p.m.•31 views

Updated leptonica packages fix security vulnerabilities

Package leptonica has been updated to the current stable version 1.75.3 which fixes: CVE-2018-7186 - multiple stack-based buffer overflows in gplotRead and ptaReadStream CVE-2018-7247 - a buffer overflow in src/viewfiles.c with unsanitized input rootname...

9.8CVSS7.7AI score0.03466EPSS
Exploits0References1
Mageia
Mageia
•added 2018/03/01 9:27 p.m.•31 views

Updated leptonica packages fix a security vulnerability

Package leptonica has been updated to the current stable version 1.75.2 which fixes a security issue potential injection attack using gplot rootdir reported in CVE-2018-3836...

7.8CVSS4.3AI score0.01452EPSS
Exploits1References1
Mageia
Mageia
•added 2018/01/12 7:49 p.m.•31 views

Updated flash-player-plugin package fixes security vulnerability

Adobe Flash Player 28.0.0.137 addresses an important out-of-bounds read vulnerability that could lead to information exposure CVE-2018-4871...

7.5CVSS2.4AI score0.05509EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 6:52 p.m.•31 views

Updated gnome-shell packages fix security vulnerability

gnome-shell through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications but not interact with them, see information from the extensions e.g., what applications you have open...

8.1CVSS1.3AI score0.0294EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/21 5:43 p.m.•31 views

Updated rsync package fixes security vulnerability

The receivexattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact by sendi...

9.8CVSS6.9AI score0.05163EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/21 1:43 p.m.•31 views

Updated libwmf packages fix security vulnerability

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. CVE-2017-6362...

7.5CVSS5.2AI score0.05102EPSS
Exploits0References3
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•31 views

Updated mpg123 packages fix security vulnerabilities

mpg123 version 1.25.6 fix two buffer overflows, and several other non-security bugs...

5.5CVSS4.2AI score0.0119EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/28 10:48 p.m.•31 views

Updated libgxps packages fix security vulnerability

There is a NULL pointer dereference in the caselesshash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a denial of service attack CVE-2017-11590...

7.5CVSS3.5AI score0.01534EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/09 10:44 a.m.•31 views

Updated perl-SOAP-Lite packages fix security vulnerability

It was discovered that there was a "Billion Laughs" 0 XML expansion vulnerability in SOAP::Lite CVE-2015-8978...

7.5CVSS7.4AI score0.01555EPSS
Exploits0References2
Mageia
Mageia
•added 2017/06/08 9:39 p.m.•31 views

Updated libtasn1 packages fix security vulnerability

Jakub Jirasek of Secunia Research discovered that libtasn1 did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file CVE-2017-6891...

8.8CVSS3.8AI score0.05585EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/04 6:44 a.m.•31 views

Updated wget packages fix security vulnerability

Wget up untill version 1.19.1 does not ensure control characters are not used in the hostname part of a url. This security update rejects control characters in host part of a url...

6.1CVSS2.7AI score0.03086EPSS
Exploits1References3
Mageia
Mageia
•added 2017/03/27 9:27 p.m.•31 views

Updated putty packages fix security vulnerability

In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data CVE-2017-6542...

9.8CVSS2.2AI score0.21816EPSS
Exploits4References3
Mageia
Mageia
•added 2017/03/27 9:27 p.m.•31 views

Updated mbedtls packages fix security vulnerability

In mbedTLS before 1.3.19, if a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. Depending on the platform, this could result in a Denial of Service client crash or...

8.1CVSS2.5AI score0.0339EPSS
Exploits2References4
Mageia
Mageia
•added 2017/03/25 4:56 p.m.•31 views

Updated tnef packages fix security vulnerability

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can le...

7.8CVSS2AI score0.0154EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/26 10:2 p.m.•31 views

Updated php-tcpdf packages fix security vulnerability

A local file inclusion vulnerability in TCPDF allows to upload files from the server generating PDF files to an external FTP server CVE-2017-6100. The updated php-tcpdf-6.0.098-1.1.mga5 package fixes this issue by setting KTCPDFCALLSINHTML configuration parameter to false by default...

7.5CVSS1.6AI score0.0146EPSS
Exploits0References1
Mageia
Mageia
•added 2017/01/29 10:31 p.m.•31 views

Updated python-bottle packages fix security vulnerability

redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call. CVE-2016-9964...

6.5CVSS2.4AI score0.01761EPSS
Exploits0References2
Mageia
Mageia
•added 2017/01/22 5:2 p.m.•31 views

Updated libpng and libpng12 packages fix security vulnerability

This security update fixes a NULL pointer dereference bug in libpng and libpng12 CVE-2016-10087...

7.5CVSS1.9AI score0.05517EPSS
Exploits0References2
Mageia
Mageia
•added 2016/09/25 3:45 p.m.•31 views

Applications using libtorrent-rasterbar are vulnerable to denial of service

Applications using libtorrent-rasterbar are vulnerable to denial of service. An attacker-controlled torrent tracker can crash victim torrent clients by sending malformed GZIP responses CVE-2016-7164...

7.5CVSS2.3AI score0.0262EPSS
Exploits0References3
Mageia
Mageia
•added 2016/08/31 5:34 p.m.•31 views

Updated redis packages fix security vulnerability

It was discovered that redis did not properly protect redis-cli history files; they were created by default with world-readable permissions CVE-2013-7458...

3.3CVSS1.4AI score0.00484EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/26 10:11 p.m.•31 views

Updated mupdf packages fix security vulnerability

Use-after-free issue in mupdf in pdfloadxref can cause a denial of service CVE-2016-6265...

5.5CVSS3AI score0.0163EPSS
Exploits1References2
Mageia
Mageia
•added 2016/07/08 7:50 p.m.•31 views

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerability: Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication o...

9.8CVSS1.6AI score0.03623EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•31 views

Updated gimp packages fix security vulnerability

It was discovered that there was a use-after-free vulnerability in the channel and layer properties parsing process in GIMP CVE-2016-4994...

7.8CVSS2.6AI score0.03113EPSS
Exploits0References3
Mageia
Mageia
•added 2016/06/10 7:6 p.m.•31 views

Updated openslp packages fix security vulnerability

A null pointer dereference vulnerability was found in function xrealloc in xlspxmalloc.c in OpenSLP. A remote attacker could potentially crash the server when large number of packets are sent CVE-2016-4912...

7.5CVSS2.8AI score0.0536EPSS
Exploits1References2
Mageia
Mageia
•added 2016/05/29 1:55 p.m.•31 views

Updated botan packages fix security vulnerabilities

Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS 1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack CVE-2015-7827. ECDSA and DSA...

7.5CVSS7.5AI score0.02443EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/26 3:7 p.m.•31 views

Updated quagga packages fix security vulnerability

A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked CVE-2016-2342...

8.1CVSS3.1AI score0.1211EPSS
Exploits0References2
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•31 views

Updated thunar packages fix CVE-2013-7447

Updated thunar packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in thunargdkcairosetsurface, leading to a crash of thunar CVE-2013-7447...

6.5CVSS1.7AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
•added 2016/02/09 1:5 p.m.•31 views

Updated radicale packages fix CVE-2015-8748

Updated radicale package fixes security vulnerabilities: If an attacker is able to authenticate with a user name like .', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules ownerwrite' read for everybody, write for the calendar owner and owneronly' rea...

5.3CVSS6.3AI score0.02219EPSS
Exploits0References3
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•31 views

Updated cgit packages fix security vulnerability

Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...

9.8CVSS1.7AI score0.03791EPSS
Exploits1References2
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•31 views

Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...

7.5CVSS7.1AI score0.02532EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•31 views

Updated gnupg packages fix security vulnerabilities

Updated gnupg and gnupg2 packages fix security vulnerabilities: Hanno Böck discovered that GnuPG incorrectly handled certain malformed keyrings. If a user or automated system were tricked into opening a malformed keyring, a remote attacker could use this issue to cause GnuPG to crash, resulting i...

5.5CVSS7.3AI score0.02473EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•31 views

Updated squid packages fix CVE-2015-5400

Updated squid packages fix security vulnerability: Alex Rousskov discovered that Squid configured with cachepeer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses. In some configurations, it allows remote clients to bypass security in an explicit...

6.8CVSS8.6AI score0.16525EPSS
Exploits1References3
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•31 views

Updated jsoup package fixes security vulnerability

Jsoup before 1.8.3 was vulnerable to a possible XSS issue in the validator, related to how it handled tags without a closing '' when reaching EOF CVE-2015-6748...

6.1CVSS6.3AI score0.02207EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/24 4:36 p.m.•31 views

Updated libuser package fixes security vulnerabilities

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser for example, userhelper to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate the...

7.2CVSS9.1AI score0.06853EPSS
Exploits10References5
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•31 views

Updated p7zip package fixes security vulnerability

Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current...

5.8CVSS6.3AI score0.03291EPSS
Exploits1References2
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•31 views

Updated xbmc packages fix CVE-2015-3885

Updated xbmc package fixes security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously crafted raw ima...

4.3CVSS7.2AI score0.05434EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/18 8:21 a.m.•31 views

Updated perl-DBD-Firebird packages fix CVE-2015-2788

Updated perl-DBD-Firebird packages fix security vulnerability: Stefan Roas discovered a way to cause a buffer overflow in DBD::FireBird in certain error conditions, due to the use of the sprintf function to write to a fixed-size memory buffer CVE-2015-2788...

10CVSS6.9AI score0.04246EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•31 views

Updated shibboleth-sp packages fix CVE-2015-2684

Updated shibboleth-sp package fixes security vulnerability: A denial of service vulnerability was found in the Shibboleth Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash CVE-2015-2684...

4CVSS6.2AI score0.0195EPSS
Exploits0References3
Mageia
Mageia
•added 2015/04/09 10:44 p.m.•31 views

Updated xerces-c packages fix security vulnerabilities

Updated xerces-c packages fix security vulnerability: Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c. The parser mishandles certain kinds of malformed input documents, resulting in a...

5CVSS8.9AI score0.3969EPSS
Exploits4References3
Mageia
Mageia
•added 2015/04/03 1:11 p.m.•31 views

Updated libtasn1 packages fix CVE-2015-2806

Updated libtasn1 packages fix security vulnerability: The libtasn1 library before version 4.4 is vulnerable to a two-byte stack overflow in asn1derdecoding CVE-2015-2806...

10CVSS6.5AI score0.07801EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•31 views

Updated e2fsprogs packages fix CVE-2015-1572

Updated e2fsprogs packages fix security vulnerability: The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to...

4.6CVSS9.3AI score0.00596EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/19 4:37 p.m.•31 views

Updated tomcat packages fix CVE-2014-0227

Updated tomcat packages fix security vulnerability: In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request CVE-2014-0227...

6.4CVSS6.9AI score0.21045EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•31 views

Updated vorbis-tools package fixes security vulnerability

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted raw file CVE-2014-9640...

5CVSS5.5AI score0.03243EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/20 2:57 p.m.•31 views

Updated elfutils packages fix CVE-2014-9447

Updated elfutils packages fix security vulnerability: Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

6.4CVSS6.5AI score0.05018EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/01 5:57 p.m.•31 views

Updated gnome-shell and gnome-settings-daemon packages fix security vulnerability

The lock screen in gnome-shell does not disable taking screenshots via the Print Screen key, and several consecutive screenshot requests can trigger an out-of-memory situation, causing the lock screen to be killed, thus allowing it to be bypassed CVE-2014-7300...

7.2CVSS6.4AI score0.00473EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/29 8:46 p.m.•31 views

Updated geary package fixes security vulnerability

Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate CVE-2014-5444...

4.3CVSS6.2AI score0.01093EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•31 views

Updated graphicsmagick packages fix CVE-2014-1947

Updated graphicsmagick packages fix security vulnerability: A buffer overflow flaw was found in the way GraphicsMagick writes PSD images when the input data has a large number of layers. Due to the compilation options used in Mageia, the buffer overflow is reduced to a crash, making this a denial...

7.8CVSS7.8AI score0.07024EPSS
Exploits5References2
Mageia
Mageia
•added 2014/08/06 10:31 a.m.•31 views

Updated readline packages fix security vulnerability

Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when...

3.3CVSS8.9AI score0.00432EPSS
Exploits0References2
Mageia
Mageia
•added 2014/07/04 5:57 p.m.•31 views

Updated samba packages fix multiple vulnerabilities

Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled CVE-2014-0178. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial...

3.5CVSS8.9AI score0.20481EPSS
Exploits0References5
Mageia
Mageia
•added 2014/06/06 6:8 a.m.•31 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...

2.6CVSS5.9AI score0.02097EPSS
Exploits0References4
Mageia
Mageia
•added 2014/05/29 6:58 a.m.•31 views

Updated cifs-utils packages fix CVE-2014-2830

Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c CVE-2014-2830...

10CVSS6.8AI score0.05178EPSS
Exploits1References2
Total number of security vulnerabilities5000