Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2021/03/18 10:52 a.m.•29 views

Updated discover package fixes a security vulnerability

Discover fetches the description and related texts of some applications/plugins from store.kde.org. That text is displayed to the user, after turning into a clickable link any part of the text that looks like a link. This is done for any kind of link, be it smb:// nfs:// etc. when in fact it only...

7.5CVSS0.9AI score0.01563EPSS
Exploits0References2
Mageia
Mageia
•added 2020/11/13 9:20 p.m.•29 views

Updated tpm2-tss packages fix a security vulnerability

FAPI PolicyPCR not instatiating correctly CVE-2020-24455. Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated. The tpm2-tss package has been...

6.7CVSS2.8AI score0.00588EPSS
Exploits0References4
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•29 views

Updated libupnp packages fix security vulnerability

The updated packages fix a security vulnerability: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in...

7.5CVSS4.7AI score0.03469EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•29 views

Updated libntlm packages fix security vulnerability

Updated libntlm packages fix security vulnerability: It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in...

9.8CVSS2.3AI score0.03107EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/15 3:48 p.m.•29 views

Updated jbig2dec packages fix security vulnerability

Updated jbig2dec packages fix security vulnerability: jbig2imagecompose in jbig2image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow CVE-2020-12268...

9.8CVSS3.7AI score0.02622EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•29 views

Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...

5.3CVSS3.1AI score0.03065EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/13 10:49 a.m.•29 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code execution in the context of the current user. CVE-2020-3757...

9.3CVSS3AI score0.0978EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•29 views

Updated libqb packages fix security vulnerability

Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files CVE-2019-12779...

7.1CVSS3.9AI score0.00655EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•29 views

Updated makepasswd fix insecure default length of password

Updated makepasswd fix insecure default length of password By default, makepasswd generates password with a length between 6 to 8 characters 48 to 64bits. This update raise the default to 16 characters 128 bits. The length can be changed at runtime with the -l option...

7.5CVSS3.5AI score0.01331EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•29 views

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks CVE-2019-19783...

6.5CVSS1.7AI score0.01655EPSS
Exploits0References7
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•29 views

Updated jss packages fix security vulnerability

Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...

7.4CVSS1.8AI score0.00859EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•29 views

Updated libidn2 packages fix security vulnerabilities

Updated libidn2 packages fix security vulnerabilities: It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains CVE-2019-12290. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly u...

9.8CVSS3.9AI score0.03708EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•29 views

Updated xpdf packages fix security vulnerability

The updated packages fix a security vulnerability: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. CVE-2019-17064...

5.5CVSS2.9AI score0.01413EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/24 12:24 p.m.•29 views

Updated spamassassin packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that...

7.5CVSS1.4AI score0.07234EPSS
Exploits0References5
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•29 views

Updated qbittorrent packages fix security vulnerability

In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...

9.8CVSS6.2AI score0.07913EPSS
Exploits1References3
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•29 views

Updated gnutls packages fix security vulnerability

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVE-2019-3829...

7.5CVSS3.7AI score0.58969EPSS
Exploits1References4
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•29 views

Updated python-marshmallow packages fix security vulnerability

In the marshmallow library before 2.15.1 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the "only" option, and there...

5.3CVSS3.3AI score0.01858EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/03 11:55 a.m.•29 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...

6.5CVSS1.8AI score0.02797EPSS
Exploits1References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•29 views

Updated mailman packages fix security vulnerability

Updated mailman package fixes security vulnerability: It was discovered that mailman prior to 2.1.29 mishandled URLs in Utils.py:GetPathPieces which allowed attackers to display arbitrary text on trusted sites CVE-2018-13796...

6.5CVSS4.7AI score0.02541EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/19 6:36 p.m.•29 views

Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin packages fix security vulnerabilities: Out-of-bounds read that can lead to Information Disclosure CVE-2018-12824, CVE-2018-12826, CVE-2018-12827 Security bypass that can lead to Security Mitigation Bypass CVE-2018-12825 Use of a component with a known vulnerability can...

9.8CVSS2.5AI score0.32032EPSS
Exploits2References2
Mageia
Mageia
•added 2018/05/09 6:33 p.m.•29 views

Updated flac packages fix security vulnerability

Memory leak in readmetadatavorbiscomment function could lead to denial of service CVE-2017-6888...

5.5CVSS3.1AI score0.01372EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/15 9:17 p.m.•29 views

Updated freetype2 packages fix security vulnerability

Updated freetype2 packages fix security vulnerability: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the ttsizereset function in truetype/ttobjs.c CVE-2017-7864...

9.8CVSS3.7AI score0.03771EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/06 3:35 p.m.•29 views

Updated php-smarty packages fix security vulnerability

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...

9.8CVSS1.4AI score0.03124EPSS
Exploits0References1
Mageia
Mageia
•added 2018/01/16 6:4 p.m.•29 views

Updated gifsicle package fixes security vulnerability

It was discovered that gifsicle contained a flaw that could lead to arbitrary code execution CVE-2017-1000421...

9.8CVSS2.4AI score0.02665EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•29 views

Updated git packages fix security vulnerability

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

5.5CVSS4.7AI score0.01641EPSS
Exploits1References2
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•29 views

Updated bchunk package fixes security vulnerabilities

bchunk related to BinChunker 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE .cue file. CVE-2017-15953 bchunk related to BinChunker 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow with a resultant invalid free and crash when...

5.5CVSS3AI score0.01EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/06 8:22 a.m.•29 views

Updated x11-server packages fix security vulnerabilities & bugs

The upstream 1.19.4 update we pushed as: http://advisories.mageia.org/MGASA-2017-0366.html introduced a regression in PRIME syncronization. Upstream released a 1.19.5 that fixes that and a lot of security fixes: CVE-2017-12176 to CVE-2017-12187 Also added a fix for "XShmGetImage: fix censoring"...

9.8CVSS0.7AI score0.0437EPSS
Exploits1References4
Mageia
Mageia
•added 2017/10/27 7:16 a.m.•29 views

Updated upx package fixes security vulnerability

plxelf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack CVE-2017-15056...

7.8CVSS7.2AI score0.00958EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/03 2:31 p.m.•29 views

Updated samba packages fix security vulnerability

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks CVE-2017-11103. The samba package has been updated...

8.1CVSS3.9AI score0.05118EPSS
Exploits0References5
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•29 views

Updated freeradius packages fix security vulnerabilities

Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service except for CVE-2017-10988 which was later determined to not actually result in any vulnerability...

9.8CVSS2.6AI score0.22202EPSS
Exploits0References2
Mageia
Mageia
•added 2017/06/14 1:50 p.m.•29 views

Updated smb4k packages fix security vulnerability

Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. This allows calling any other binary as root since the mount helper is typically installed as suid CVE-2017-8849...

7.8CVSS2.7AI score0.01948EPSS
Exploits3References2
Mageia
Mageia
•added 2017/05/06 12:17 p.m.•29 views

Updated audiofile packages fix security vulnerabilities

Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,...

7.8CVSS3.9AI score0.03241EPSS
Exploits1References2
Mageia
Mageia
•added 2017/04/21 7:24 a.m.•29 views

Updated flash-player-plugin package fixes security vulnerability

This update fixes the following critical security issues: use-after-free vulnerabilities that could lead to code execution CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063. memory corruption vulnerabilities that could lead to code execution CVE-2017-3060, CVE-2017-3061, CVE-2017-3064...

10CVSS3AI score0.24728EPSS
Exploits2References2
Mageia
Mageia
•added 2016/11/30 8:7 a.m.•29 views

Updated teeworlds package fixes security vulnerability

A security vulnerability was found in the Teeworlds client logic that could enable remote code execution on the client by malicious servers CVE-2016-9400. This maintenance release fixes it...

9.8CVSS3.9AI score0.03646EPSS
Exploits0References3
Mageia
Mageia
•added 2016/10/20 10:35 p.m.•29 views

Updated openslp packages fix security vulnerability

A memory corruption bug was present in openslp due to lack of bounds checking in SLPFoldWhiteSpace CVE-2016-7567...

9.8CVSS1.6AI score0.12364EPSS
Exploits4References2
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•29 views

Updated squidguard packages fix security vulnerability

The squidGuard.cgi program is vulnerable to a reflected cross site scripting vulnerability in the blocking script squidGuard.cgi. The vulnerability is triggered when a user clicks a link to a blocked site where the url has scripting instructions added CVE-2015-8936. In Mageia's squidguard package...

6.1CVSS6AI score0.01022EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•29 views

Updated iperf packages fix security vulnerability

A malicious process can connect to an iperf server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf server. A malicious iperf...

9.8CVSS2.3AI score0.06963EPSS
Exploits2References3
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•29 views

Updated networkmanager packages fix CVE-2016-0764

Updated networkmanager package fixes security vulnerability: NetworkManager before 1.0.12 is vulnerable to a race condition that could lead to a local information leak CVE-2016-0764. The networkmanager package has been updated to version 1.0.12, which fixes this issue and several other bugs. See...

6.2CVSS3.1AI score0.00264EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•29 views

Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

7.5CVSS7.5AI score0.01356EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•29 views

Updated dosfstools packages fix security vulnerabilities

Updated dosfstools package fixes security vulnerabilities: In dosfstools before 4.0, if the third to last entry was written on a FAT12 filesystem with an odd number of clusters, the second to last entry would be corrupted. This corruption may also lead to invalid memory accesses when the corrupte...

6.2CVSS6.8AI score0.00448EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•29 views

Updated asterisk packages fix CVE-2016-2316

Updated asterisk packages fix security vulnerability: chansip in Asterisk Open Source 11.x before 11.21.1, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service file descriptor consumption via vectors related to large...

7.1CVSS5.2AI score0.04973EPSS
Exploits1References2
Mageia
Mageia
•added 2016/02/09 1:5 p.m.•29 views

Updated privoxy packages fix security vulnerabilities

This update fixes two denial-of-service vulnerabilities that have been discovered in privoxy 3.0.23: The removechunkedtransfercoding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via crafted chunk-encoded content...

7.5CVSS4.9AI score0.02867EPSS
Exploits0References1
Mageia
Mageia
•added 2016/01/29 11:2 a.m.•29 views

Updated chrony packages fix security vulnerability

In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack CVE-2016-1567...

8.1CVSS3.8AI score0.0264EPSS
Exploits1References3
Mageia
Mageia
•added 2015/11/02 8:21 p.m.•29 views

Updated openafs packages fix security vulnerabilities

Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...

5CVSS6.3AI score0.02133EPSS
Exploits0References6
Mageia
Mageia
•added 2015/08/25 6:17 p.m.•29 views

Updated vlc packages fix security vulnerability

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

6.8CVSS9.5AI score0.13337EPSS
Exploits0References3
Mageia
Mageia
•added 2015/08/10 2:31 p.m.•29 views

Updated libunwind package fixes security vulnerability

An invalid DWOPbregXX opcodes can access dwarftounwregnummap one item past the end CVE-2015-3239...

3.3CVSS6.5AI score0.00498EPSS
Exploits1References2
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•29 views

Updated python-tornado package fixes security vulnerability

Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...

6.5CVSS6.4AI score0.02489EPSS
Exploits0References3
Mageia
Mageia
•added 2015/04/04 10:45 a.m.•29 views

Updated novnc packages fix CVE-2013-7436

Updated novnc package fixes security vulnerability: noVNC before 0.5.1 allows an attacker to steal insecurely set session token cookies, hijacking active or inactive VNC sessions CVE-2013-7436...

4.3CVSS3AI score0.02183EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•29 views

Updated sympa packages fix CVE-2015-1306

Updated sympa packages fix security vulnerability: A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Symp...

6.4AI score
Exploits0References3
Mageia
Mageia
•added 2014/12/23 8:35 p.m.•29 views

Updated libjpeg packages fix security vulnerability

Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing CVE-2014-9092...

6.5CVSS6.8AI score0.03235EPSS
Exploits0References2
Total number of security vulnerabilities5000