Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2017/11/26 9:18 p.m.•30 views

Updated vlc packages fix security vulnerability

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution CVE-2017-10699. The VLC packages have been updated to version 2.2.8, which...

9.8CVSS3.9AI score0.04476EPSS
Exploits0References3
Mageia
Mageia
•added 2017/09/14 6:21 p.m.•30 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 27.0.0.130 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update addresses two memory corruption vulnerabilities that could lead to code execution CVE-2017-11281...

9.8CVSS5.7AI score0.34848EPSS
Exploits8References2
Mageia
Mageia
•added 2017/08/08 8:24 p.m.•30 views

Updated atril packages fix security vulnerability

It was discovered that Atril made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely CVE-2017-1000083...

7.8CVSS2.5AI score0.50826EPSS
Exploits9References2
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•30 views

Updated freeradius packages fix security vulnerabilities

Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service except for CVE-2017-10988 which was later determined to not actually result in any vulnerability...

9.8CVSS2.6AI score0.22202EPSS
Exploits0References2
Mageia
Mageia
•added 2017/06/28 10:1 a.m.•30 views

Updated weechat packages fix security vulnerability

It was discovered that weechat is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC CVE-2017-8073...

7.5CVSS3.7AI score0.03107EPSS
Exploits0References2
Mageia
Mageia
•added 2017/06/14 3:52 p.m.•30 views

Updated tor packages fix security vulnerability

A remotely triggerable assertion failure caused by receiving a BEGINDIR cell on a hidden service rendezvous circuit CVE-2017-0376...

7.5CVSS2.3AI score0.02176EPSS
Exploits1References2
Mageia
Mageia
•added 2017/06/10 7:1 a.m.•30 views

Updated gajim packages fix security vulnerability

Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions CVE-2016-10376...

4.5CVSS3.7AI score0.01153EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/06 12:17 p.m.•30 views

Updated audiofile packages fix security vulnerabilities

Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,...

7.8CVSS3.9AI score0.03241EPSS
Exploits1References2
Mageia
Mageia
•added 2017/03/17 11:12 a.m.•30 views

Updated wavpack packages fix security vulnerability

Hanno Böck discovered a global buffer overread vulnerability in WavPack's word parsing logic CVE-2016-10169, this update fixes it...

5.5CVSS2.3AI score0.02123EPSS
Exploits1References3
Mageia
Mageia
•added 2017/02/20 1:0 p.m.•30 views

Updated lynx packages fix security vulnerability

Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. CVE-2016-9179...

7.5CVSS2.8AI score0.01987EPSS
Exploits0References2
Mageia
Mageia
•added 2017/02/18 4:29 p.m.•30 views

Updated viewvc packages fix security vulnerability

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...

6.1CVSS3.5AI score0.01318EPSS
Exploits0References2
Mageia
Mageia
•added 2016/11/17 11:40 p.m.•30 views

Updated sudo packages fix security vulnerability

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

7.8CVSS4.1AI score0.00493EPSS
Exploits0References4
Mageia
Mageia
•added 2016/11/14 7:8 a.m.•30 views

Updated python-cryptography package fixes security vulnerability

Fixed a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digestsize. CVE-2016-9243...

7.5CVSS1.4AI score0.03399EPSS
Exploits0References3
Mageia
Mageia
•added 2016/09/28 5:59 a.m.•30 views

Updated zookeeper packages fix security vulnerability

Lyon Yang discovered that the C client shells clist and climt of Apache Zookeeper were affected by a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur...

8.1CVSS4.8AI score0.07821EPSS
Exploits1References2
Mageia
Mageia
•added 2016/09/25 3:45 p.m.•30 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

A write out-of-bounds parsing an ico file was found in gdk-pixbuf. A maliciously crafted file can cause the application to crash CVE-2016-6352. The gdk-pixbuf2.0 package has been updated to version 2.32.3 and patched to fix this issue, and a few other possible security issues...

7.5CVSS2.9AI score0.03855EPSS
Exploits1References4
Mageia
Mageia
•added 2016/09/21 8:38 p.m.•30 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.635 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an integer overflow vulnerability that could lead to code execution CVE-2016-4287. Th...

9.3CVSS3.1AI score0.19443EPSS
Exploits2References2
Mageia
Mageia
•added 2016/09/16 9:27 a.m.•30 views

Updated krb5 packages fix security vulnerability

The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NULL pointer dereference a...

6.5CVSS5.6AI score0.0462EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•30 views

Updated iperf packages fix security vulnerability

A malicious process can connect to an iperf server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf server. A malicious iperf...

9.8CVSS2.3AI score0.06963EPSS
Exploits2References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•30 views

Updated libtorrent-rasterbar packages fix security vulnerability

A specially crafted HTTP response from a tracker or potentially a UPnP broadcast can crash libtorrent-rasterbar in the parsechunkheader function. Although this function is not present in this version, upstream's additional sanity checks were added to abort the program if necessary instead of...

7.5CVSS1.4AI score0.01948EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•30 views

Updated jansson packages fix CVE-2016-4425

Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...

7.5CVSS4.9AI score0.01894EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•30 views

Updated networkmanager packages fix CVE-2016-0764

Updated networkmanager package fixes security vulnerability: NetworkManager before 1.0.12 is vulnerable to a race condition that could lead to a local information leak CVE-2016-0764. The networkmanager package has been updated to version 1.0.12, which fixes this issue and several other bugs. See...

6.2CVSS3.1AI score0.00264EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•30 views

Updated libreoffice packages fix security vulnerabilities

Updated libreoffice packages fix security vulnerabilities: The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted LotusWordPro lwp document CVE-2016-0794. LibreOffice before 5.0.5...

9.3CVSS6.4AI score0.02826EPSS
Exploits0References4
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•30 views

Updated python-pillow packages fix CVE-2016-3076

This update fixes an integer overflow in Jpeg2KEncode.c causing a buffer overflow CVE-2016-3076...

5.5CVSS4.6AI score0.02561EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•30 views

Updated krb5 packages fix security vulnerability

It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modifyprincipal command, if kadmind is configured to use the LDAP KDB module...

5.3CVSS3.2AI score0.39969EPSS
Exploits0References3
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•30 views

Updated phpmyadmin/phpseclib packages fix security vulnerability

Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...

7.5CVSS0.7AI score0.02688EPSS
Exploits0References10
Mageia
Mageia
•added 2015/12/17 8:19 p.m.•30 views

Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

9.3CVSS9AI score0.06664EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/25 6:17 p.m.•30 views

Updated vlc packages fix security vulnerability

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

6.8CVSS9.5AI score0.13337EPSS
Exploits0References3
Mageia
Mageia
•added 2015/05/06 4:44 p.m.•30 views

Updated dpkg packages fix CVE-2015-0840

Updated dpkg packages fix security vulnerability: The dpkg-source command in Debian dpkg before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc CVE-2015-0840...

4.3CVSS6.4AI score0.0184EPSS
Exploits0References3
Mageia
Mageia
•added 2015/05/05 4:38 p.m.•30 views

Updated erlang packages fix CVE-2015-2774

Updated erlang packages fix security vulnerability: Erlang's TLS-1.0 implementation failed to check padding bytes, leaving it vulnerable to an issue similar to POODLE CVE-2015-2774...

5.9CVSS6.4AI score0.01899EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/03 12:19 a.m.•30 views

Updated ruby packages fix CVE-2015-1855

Updated ruby packages fix security vulnerability: Ruby OpenSSL hostname matching implementation violates RFC 6125 CVE-2015-1855. The ruby package has been updated to version 2.0.0-p645, which fixes this issue...

5.9CVSS6.4AI score0.02815EPSS
Exploits0References4
Mageia
Mageia
•added 2015/05/03 12:19 a.m.•30 views

Updated fcgi packages fix CVE-2012-6687

Updated fcgi packages fix security vulnerability: FCGI does not perform range checks for file descriptors before use of the FDSET macro. This FDSET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial o...

5CVSS2.8AI score0.06086EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•30 views

Updated socat packages fix CVE-2015-1379

Updated socat package fixes security vulnerability: In socat before 2.0.0-b8, signal handler implementations are not async-signal-safe and can cause crash or freeze of socat processes. Mostly this issue occurs when socat is in listening mode with fork option and a couple of child processes...

7.5CVSS7.4AI score0.0393EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•30 views

Updated librsync packages fix security vulnerabilities

Updated librsync packages fix security vulnerability: librsync before 1.0.0 used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other region...

5.8CVSS6.4AI score0.02939EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•30 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-815...

7.5CVSS6.9AI score0.16855EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/23 8:35 p.m.•30 views

Updated libjpeg packages fix security vulnerability

Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing CVE-2014-9092...

6.5CVSS6.8AI score0.03235EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/05 4:59 p.m.•30 views

Updated openvpn package fixes CVE-2014-8104

Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service CVE-2014-8104...

6.8CVSS6.2AI score0.03478EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•30 views

Updated libksba packages fix security vulnerability

By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service CVE-2014-9087...

7.5CVSS6.4AI score0.05167EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 1:38 p.m.•30 views

Updated kdebase4-workspace packages fix security vulnerability and various bugs

This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14578, and fixes some additional issues: - fix foreground color for GTK2 menus bko127861, - improve contrast for rendering checkbox marks, arrows, etc. bko337433,...

7.2CVSS6.3AI score0.00388EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/12 9:56 a.m.•30 views

Updated apt packages fix security vulnerability

The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the "http" apt method binary, or potentially to arbitrary cod...

6.8CVSS9.7AI score0.02437EPSS
Exploits0References2
Mageia
Mageia
•added 2014/10/23 1:27 p.m.•30 views

Updated ctags package fixes security vulnerability

A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop CVE-2014-7204...

5CVSS6.2AI score0.04276EPSS
Exploits1References2
Mageia
Mageia
•added 2014/10/09 2:6 p.m.•30 views

Updated perl package fixes CVE-2014-4330

Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which trigge...

2.1CVSS7.3AI score0.00554EPSS
Exploits3References3
Mageia
Mageia
•added 2013/12/23 5:20 p.m.•30 views

Updated libkdcraw packages fix CVE-2013-1438 & CVE-2013-1439

Updated libkdcraw packages fix libraw security vulnerabilities: It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denia...

4.3CVSS1.4AI score0.02059EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/25 9:10 p.m.•30 views

Updated dropbear packages fix CVE-2013-4421

Updated dropbear package fixes security vulnerability: Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 CVE-2013-4421. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in...

5CVSS2.9AI score0.06424EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 7:49 p.m.•30 views

Updated quassel packages fix CVE-2013-4422

Updated quassel packages fix security vulnerability: Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt 4.8.5, due to a change in Qt's postgres driver, allowing other IRC users to trick the Quassel core into executing SQL queries CVE-2013-4422. This update provides Quassel...

6.8CVSS3.7AI score0.0211EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 7:37 p.m.•30 views

Updated libtar packages fixes security vulnerability

Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code CVE-2013-4397...

6.8CVSS4AI score0.05485EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/11 5:35 p.m.•30 views

Updated davfs2 packages fix CVE-2013-4362

Updated davfs2 package fixes security vulnerability: Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. CVE-2013-4362...

7.2CVSS2.9AI score0.01168EPSS
Exploits2References2
Mageia
Mageia
•added 2013/08/11 12:20 p.m.•30 views

Updated xymon package fixes security vulnerability.

A security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymondrrd". File deletion is done with the privileges of the user that Xymon is running with, s...

5CVSS2.2AI score0.02829EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/26 11:29 a.m.•30 views

Updated ruby packages fix CVE-2013-4073

A vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority CVE-2013-4073...

6.8CVSS5.4AI score0.02767EPSS
Exploits0References3
Mageia
Mageia
•added 2013/06/19 10:30 a.m.•30 views

Updated flash-player-plugin package fixes memory corruption vulnerability

Advisory: Adobe Flash Player 11.2.202.291 contains a fix to a critical security vulnerability found in earlier versions. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a memory corruption vulnerability that cou...

10CVSS5.5AI score0.05209EPSS
Exploits0References2
Mageia
Mageia
•added 2025/12/04 11:29 p.m.•29 views

Updated libraw, digikam & darktable packages fix security vulnerabilities

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult...

9.8CVSS6.9AI score0.00367EPSS
Exploits0References4
Total number of security vulnerabilities5000