Lucene search
K
MageiaMost viewed

6011 matches found

Mageia
Mageia
•added 2021/02/10 6:41 p.m.•27 views

Updated perl-Email-MIME and perl-Email-MIME-ContentType packages fix security vulnerability

Messages with too many tiny nested MIME parts can lead to memory exhaustion on split, resulting in denial of service rhbz1835353 This update limits the number of nested MIME parts to 10 by default, to avoid a possible memory exhaustion issue with lots of tiny MIME parts...

2.3AI score
Exploits0References3
Mageia
Mageia
•added 2021/01/29 7:5 p.m.•27 views

Updated db53 packages fix a security vulnerability

Vulnerability in the Data Store component of Oracle Berkeley DB. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in...

3.3CVSS5.3AI score0.00604EPSS
Exploits0References3
Mageia
Mageia
•added 2021/01/14 8:10 p.m.•27 views

Updated nvidia-current packages fix security vulnerabilities

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer nvidia.ko IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure CVE‑2021‑1052. NVIDIA GPU Display Driver for...

7.8CVSS3.3AI score0.01777EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•27 views

Updated mbedtls packages fix security vulnerabilities

This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2020/08/29 6:40 a.m.•27 views

Updated ark packages fix security vulnerability

A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction CVE-2020-24654...

4.3CVSS1.3AI score0.01496EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•27 views

Updated viewvc packages fix security vulnerability

Updated viewvc package fixes security vulnerability: ViewVC before versions 1.1.28 has an XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted...

3.5CVSS1.9AI score0.01216EPSS
Exploits1References5
Mageia
Mageia
•added 2019/08/31 1:22 p.m.•27 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: ASN.1 BER and related dissectors crash CVE-2019-13619...

7.5CVSS3AI score0.06079EPSS
Exploits1References4
Mageia
Mageia
•added 2018/12/28 10:16 a.m.•27 views

Updated tcpdump package fixes security vulnerability

Fixed a stack-based buffer over-read in the printprefix function CVE-2018-19519...

5.5CVSS2.1AI score0.02364EPSS
Exploits1References2
Mageia
Mageia
•added 2018/11/20 11:11 a.m.•27 views

Updated soundtouch packages fix security vulnerabilities

Assertion failure in BPMDetect class in BPMDetect.cpp CVE-2018-17096. Out-of-bounds heap write in WavOutFile::write CVE-2018-17097. Heap corruption in WavFileBase class in WavFile.cpp CVE-2018-17098...

8.8CVSS1.2AI score0.02838EPSS
Exploits3References4
Mageia
Mageia
•added 2018/05/19 8:56 p.m.•27 views

Updated librelp packages fix security vulnerability

librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending ...

9.8CVSS7.1AI score0.09662EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•27 views

Updated graphite2 packages fix security vulnerability

NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of service CVE-2018-7999...

8.8CVSS2.8AI score0.02324EPSS
Exploits1References2
Mageia
Mageia
•added 2018/04/22 7:59 p.m.•27 views

Updated freeplane packages fix security vulnerability

Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened CVE-2018-1000069...

5.5CVSS3.3AI score0.02297EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 10:32 a.m.•27 views

Updated libplist packages fix security vulnerability

The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data CVE-2017-5209. The main function in plistutil.c in libimobiledevice libplist allowed attackers to...

9.1CVSS4.7AI score0.03799EPSS
Exploits6References3
Mageia
Mageia
•added 2017/12/31 3:14 p.m.•27 views

Updated heimdal packages fix security vulnerability

Michael Eder and Thomas Kittel discovered that Heimdal did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service crash of the KDC daemon by sending maliciously crafted packets CVE-2017-17439...

7.5CVSS2.9AI score0.03427EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/16 11:20 p.m.•27 views

Updated evince packages fix security vulnerability

It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code CVE-2017-1000159...

7.8CVSS2.8AI score0.01406EPSS
Exploits0References3
Mageia
Mageia
•added 2017/10/09 9:51 a.m.•27 views

Updated flightgear packages fix security vulnerability

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Mageia provides 2017.3.1 version as a security and bugfix update, allowing to connect to latest multiplayer serve...

7.5CVSS4AI score0.01058EPSS
Exploits1References4
Mageia
Mageia
•added 2017/09/10 12:36 p.m.•27 views

Updated libgcrypt packages fix security vulnerability

It was discovered that libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key...

7.5CVSS3.1AI score0.0351EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•27 views

Updated R-base packages fix security vulnerability

Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation CVE-2016-8714...

8.8CVSS3.7AI score0.02403EPSS
Exploits2References2
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•27 views

Updated sudo packages fix security vulnerability

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367...

6.9CVSS4.2AI score0.08018EPSS
Exploits8References2
Mageia
Mageia
•added 2017/06/29 9:40 p.m.•27 views

Updated libsndfile packages fix security vulnerability

In libsndfile, an error in the "aiffreadchanmap" function aiff.c can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file CVE-2017-6892...

8.8CVSS4.2AI score0.02485EPSS
Exploits1References2
Mageia
Mageia
•added 2017/06/03 11:35 p.m.•27 views

Updated pcmanfm packages fix security vulnerability

PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service application unavailability. CVE-2017-8934...

5.5CVSS2.9AI score0.00334EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/10 8:47 p.m.•27 views

Updated lxterminal package fixes security vulnerability

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control. CVE-2016-10369...

7.8CVSS3.6AI score0.00319EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•27 views

Updated 389-ds-base packages fix security vulnerability

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. CVE-2017-2668...

6.5CVSS1.9AI score0.02627EPSS
Exploits0References3
Mageia
Mageia
•added 2017/03/12 8:33 p.m.•27 views

Updated potrace packages fix security vulnerability

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service invalid memory access and crash via a crafted BMP image. CVE-2016-8685 The bmnew function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image,...

7.8CVSS6.7AI score0.01514EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/11 11:47 p.m.•27 views

Updated calibre packages fix security vulnerability

Newer devices like Kobo Aura HD requires newer versions of calibre for their new firmwares. Current calibre package does not support them. Also, our current calibre packages in both core and backports repositories have a security issue CVE-2016-10187. Newer versions of calibre 2.75.0 + fixes this...

5.5CVSS3.2AI score0.02793EPSS
Exploits1References2
Mageia
Mageia
•added 2017/02/02 7:17 p.m.•27 views

Updated openafs packages fix security vulnerability

Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is...

5.3CVSS1.7AI score0.01685EPSS
Exploits0References8
Mageia
Mageia
•added 2017/01/07 9:39 p.m.•27 views

Updated libcryptopp packages fix security vulnerability

When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized even if unused, which...

7.5CVSS3.3AI score0.04202EPSS
Exploits0References4
Mageia
Mageia
•added 2016/11/14 7:8 a.m.•27 views

Updated monit packages fix security vulnerability

The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service CVE-2016-7067...

6.5CVSS2.3AI score0.00882EPSS
Exploits1References2
Mageia
Mageia
•added 2016/10/12 1:46 p.m.•27 views

Updated python-twisted-web packages fix a security vulnerability

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...

5.3CVSS0.3AI score0.02406EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/26 10:11 p.m.•27 views

Updated libidn packages fix security vulnerability

Out-of-bounds stack read in libidn before 1.33 in idnatoascii4i CVE-2016-6261. Out-of-bounds-read in libidn when reading one zero byte as input CVE-2015-8948, CVE-2016-6262. In libidn before 1.33, stringpreputf8nfkcnormalize would crash when presented with invalid UTF-8 CVE-2016-6263...

7.5CVSS7.7AI score0.06721EPSS
Exploits0References4
Mageia
Mageia
•added 2016/06/22 4:36 p.m.•27 views

Updated libimobiledevice packages fix CVE-2016-5104

Updated libimobiledevice and usbmuxd package fixes security vulnerability: The libimobiledevice and libusbmuxd libraries open a socket that listens on all available network interfaces, rather than just the loopback interface as was intended CVE-2016-5104...

5.3CVSS3.1AI score0.02994EPSS
Exploits0References2
Mageia
Mageia
•added 2016/06/10 7:6 p.m.•29 views

Updated vlc/mad packages fix security vulnerability

A vulnerability was found in processing QuickTime IMA files. VLC does not check that the number of channels in the input stream is less than or equal to the size of the buffer, resulting in an out-of-bounds write potential for remote code execution via a malicious media file CVE-2016-5108. The vl...

9.8CVSS2.1AI score0.24748EPSS
Exploits1References3
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•27 views

Updated libcryptopp packages fix CVE-2016-3995

Updated libcryptopp packages fix security vulnerability: In libcryptopp, for both Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock there is some code to avoid timing attacks, however it is removed by the compiler due to optimizations, making the binary vulnerable to timing...

7.5CVSS2.5AI score0.01858EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•27 views

Updated openafs packages fix security vulnerability

In OpenAFS before 1.6.17, users from foreign Kerberos realms can create groups as if they were administrators CVE-2016-2860. In OpenAFS before 1.6.17, information leakage over the network due to uninitialized memory CVE-2016-4536...

6.5CVSS4.1AI score0.01501EPSS
Exploits0References8
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•27 views

Updated claws-mail packages fix CVE-2015-8708

Updated claws-mail fix security vulnerabilities A stack-based buffer overflow has been found in conveuctojis after applying incomplete patch for CVE-2015-8614. In conveuctojis the comparison is with outlen - 3, but each pass through the loop uses up to 5 bytes and the rest of the function may add...

7.5CVSS7.6AI score0.01539EPSS
Exploits0References4
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•27 views

Updated python-rsa packages fix security vulnerability

A signature forgery vulnerability in python-rsa allows an attacker to fake signatures for arbitrary messages for any key with a low exponent "e", such as the common value of 3 CVE-2016-1494...

5.3CVSS4AI score0.07054EPSS
Exploits1References3
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•27 views

Updated perl-HTML-Scrubber packages fix CVE-2015-5667

Updated perl-HTML-Scrubber package fixes security vulnerability: Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

2.6CVSS5.6AI score0.02092EPSS
Exploits0References1
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•27 views

Updated python-curl packages fix security vulnerability

A use-after-free vulnerability was found in Curl object's HTTPPOST setopt when a Unicode value is passed as a value with a FORMBUFFERPTR. The str object created from the passed in unicode object would have its buffer used but the unicode object would be stored instead of the str object rhbz127748...

0.5AI score
Exploits0References3
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•27 views

Updated libvdpau packages fix security vulnerabilities

Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files CVE-2015-5198...

7.2CVSS7.3AI score0.00505EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•27 views

Updated screen packages fix CVE-2015-6806

Updated screen package fixes security vulnerability: A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service CVE-2015-6806...

5CVSS6.5AI score0.04148EPSS
Exploits1References2
Mageia
Mageia
•added 2015/03/05 7:34 p.m.•27 views

Updated maradns packages fix a security vulnerability

maradns versions prior to 1.4.16 are vulnerable to a DoS-vulnerability through which a malicious authorative DNS-server can cause an infinite chain of referrals. For further details on the vulnerability, see references...

2.9AI score
Exploits0References2
Mageia
Mageia
•added 2015/03/05 7:34 p.m.•27 views

Updated vorbis-tools packages fix security vulnerabilities

Updated vorbis-tools package fixes security vulnerabilities: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service divide-by-zero error and crash via a WAV file with the number of channels set to zero CVE-2014-9638. Integer overflow in oggenc in vorbis-tools 1.4.0 allo...

5CVSS5.7AI score0.03579EPSS
Exploits2References2
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•27 views

Updated coreutils packages fix CVE-2014-9471

Updated coreutils packages fix security vulnerability: Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code CVE-2014-9471...

7.5CVSS6.8AI score0.07087EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•27 views

Updated pwgen package fixes security vulnerabilities

Updated pwgen package fixes security vulnerabilities: Pwgen was found to generate weak non-tty passwords by default, which could be brute-forced with a commendable success rate, which could raise security concerns CVE-2013-4440. Pwgen was found to silently falling back to use standard pseudo...

5CVSS2.6AI score0.02166EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/14 11:50 a.m.•27 views

Updated getmail package fixes security vulnerabilities

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate CVE-2014-7273. The IMAP-over-SSL implementation in getmai...

6.8CVSS5.7AI score0.00928EPSS
Exploits0References2
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•27 views

Updated quassel packages fix security vulnerability

Due to and out-of-bounds read issue in Quassel core in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...

5CVSS6.1AI score0.0355EPSS
Exploits0References3
Mageia
Mageia
•added 2014/09/24 4:44 p.m.•27 views

Updated php-pear-CAS packages fix CVE-2014-4172

Updated php-pear-CAS packages fix security vulnerabilities: A flaw in php-pear-CAS before 1.3.3, utilized by Moodle, has been found which could potentially allow unauthorised access and privilege escalation CVE-2014-4172...

9.8CVSS9.3AI score0.06057EPSS
Exploits0References1
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•27 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.8AI score0.05584EPSS
Exploits0References7
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•27 views

Updated tor package fixes security vulnerability

Tor before 0.2.4.23 maintains a circuit after an inbound RELAYEARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAYEARLY cells as a means of communicating information about hidden service name...

5.8CVSS6.3AI score0.02094EPSS
Exploits0References4
Mageia
Mageia
•added 2014/05/03 4:34 p.m.•27 views

Updated couchdb packages fix CVE-2014-2668

Updated couchdb packages fix security vulnerability: Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via the count parameter to /uuids CVE-2014-2668...

5CVSS6.3AI score0.22289EPSS
Exploits1References2
Total number of security vulnerabilities5000