Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2015/07/09 8:9 a.m.•42 views

Updated bind package fixes security vulnerability

A recursive resolver that is performing DNSSEC validation can be deliberately terminated by any attacker who can cause a query to be performed against a maliciously constructed zone. This will result in a denial of service to clients who rely on that resolver CVE-2015-4620. Note that DNSSEC...

7.8CVSS8.2AI score0.37872EPSS
Exploits0References4
Mageia
Mageia
•added 2015/07/09 8:9 a.m.•38 views

Updated openssh package fixes security vulnerability

In Portable OpenSSH before 6.9p1, when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh CVE-2015-5352...

4.3CVSS7.2AI score0.05445EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/09 8:9 a.m.•60 views

Updated flash-player-plugin package fixes critical security vulnerabilities

Adobe Flash Player 11.2.202.481 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published. This updat...

10CVSS7.7AI score0.99344EPSS
Exploits6References2
Mageia
Mageia
•added 2015/07/08 10:3 p.m.•24 views

Updated virtuoso-opensource package fixes security vulnerabilities

The virtuoso-opensource package has been updated to version 6.1.8 and two additional upstream patches from versions 7.1.0 and 7.2.0 with additional fixes for unspecified security issues have been added...

4.1AI score
Exploits0References4
Mageia
Mageia
•added 2015/07/08 10:3 p.m.•43 views

Updated cups-filters package fixes security vulnerability

A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of...

7.5CVSS7.5AI score0.08295EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•63 views

Updated filezilla package fixes security vulnerability

The filezilla package has been updated to version 3.11.0.2, fixing multiple bugs and one security issue, related to the LOGJAM TLS issue when using FTP...

4.3CVSS6.1AI score0.9986EPSS
Exploits1References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•41 views

Updated libwmf package fixes security vulnerability

It was discovered that libwmf did not correctly process certain WMF Windows Metafiles containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges ...

6.8CVSS7.6AI score0.09221EPSS
Exploits3References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•16 views

Updated tidy package fixes security vulnerability

A heap-based buffer overflow in tidy could have unspecified impact when processing user-supplied input...

5.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•90 views

Updated php package fixes security vulnerability

Incorrect handling of paths with NULs CVE-2015-4598. OS command injection vulnerability in escapeshellarg CVE-2015-4642. Integer overflow in ftpgenlist resulting in heap overflow CVE-2015-4643. Segfault in phppgsqlmetadata CVE-2015-4644. PHP has been updated to version 5.5.26, which fixes multipl...

10CVSS9.3AI score0.16948EPSS
Exploits3References4
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•44 views

Updated curl package fixes security vulnerability

libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests CVE-2015-3236. libcurl can get tricked by a malicious SMB server to send of...

6.4CVSS9.1AI score0.09334EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•37 views

Updated polkit package fixes security vulnerabilities

Local privilege escalation in polkit before 0.113 due to predictable authentication session cookie values CVE-2015-4625. Various memory corruption vulnerabilities in polkit before 0.113 in the use of the JavaScript interpreter, possibly leading to local privilege escalation CVE-2015-3256. Memory...

4.6CVSS6.5AI score0.00415EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•54 views

Updated chromium-browser package fixes security vulnerability

A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...

5CVSS9.2AI score0.02306EPSS
Exploits1References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•47 views

Updated mysql-connector-java package fixes security vulnerability

Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL...

4.9CVSS8AI score0.0359EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•38 views

Updated owncloud-client package fixes security vulnerability

ownCloud Desktop Client before 1.8.2 was vulnerable against MITM attacks when used in combination with self-signed certificates CVE-2015-4456. The owncloud-client package has been updated to version 1.8.3, which fixes this issue as well as several other bugs...

2.6CVSS6.4AI score0.00825EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•50 views

Updated coreutils package fixes security vulnerability

Buffer overflows in sort related to the usage of UTF-8 characters CVE-2015-4041, CVE-2015-4042...

9.8CVSS8.6AI score0.02323EPSS
Exploits2References2
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•62 views

Updated pam package fixes security vulnerability

If SELinux is enabled, the unixrunhelperbinary function in Linux-PAM 1.1.8 and earlier hangs indefinitely when verifying a password of 65536 characters, which allows attackers to conduct username enumeration and denial of service attacks CVE-2015-3238...

6.5CVSS6.8AI score0.02705EPSS
Exploits1References2
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•44 views

Updated wireshark package fixes security vulnerability

WCCP dissector crash CVE-2015-4651. GSM DTAP dissector crash CVE-2015-4652...

5CVSS5.8AI score0.03525EPSS
Exploits0References5
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•42 views

Updated pcre package fixes security vulnerability

PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed CVE-2015-5073...

9.1CVSS7.6AI score0.07673EPSS
Exploits1References2
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•53 views

Updated firefox package fixes security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...

10CVSS6.9AI score0.9986EPSS
Exploits2References15
Mageia
Mageia
•added 2015/07/01 1:23 p.m.•36 views

Updated apache-mod_jk package fixes security vulnerability

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...

5CVSS5.7AI score0.07109EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•29 views

Updated python-tornado package fixes security vulnerability

Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...

6.5CVSS6.4AI score0.02489EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•37 views

Updated libvpx package fixes security vulnerability

libvpx before 1.4.0 allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data CVE-2015-1258...

7.5CVSS6.9AI score0.024EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•31 views

Updated p7zip package fixes security vulnerability

Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current...

5.8CVSS6.3AI score0.03291EPSS
Exploits1References2
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•51 views

Updated postgresql package fixes security vulnerability

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

9.8CVSS9.1AI score0.08565EPSS
Exploits0References5
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•32 views

Updated drupal package fixes security vulnerability

Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users CVE-2015-3231. A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites CVE-2015-3232. Due to insufficient URL validation, the Overlay module could be...

5.8CVSS6.2AI score0.02763EPSS
Exploits0References9
Mageia
Mageia
•added 2015/06/24 5:58 a.m.•47 views

Updated flash-player-plugin package fixes security vulnerability

Adobe Flash Player 11.2.202.468 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via...

10CVSS7.9AI score0.9994EPSS
Exploits9References3
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•41 views

Updated redis package fixes security vulnerability

It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...

10CVSS8.1AI score0.09636EPSS
Exploits2References2
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•38 views

Updated cups package fixes security vulnerabilities

It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code CVE-2015-1158. It was discovered that the CUPS templating...

10CVSS6AI score0.29913EPSS
Exploits9References4
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•63 views

Updated ffmpeg package fixes security vulnerability

The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file CVE-2014-9316. The decodeihdrchunk function in...

7.5CVSS8.2AI score0.02568EPSS
Exploits0References5
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•68 views

Updated openssl package fixes security vulnerabilities

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...

7.5CVSS6.2AI score0.9986EPSS
Exploits1References3
Mageia
Mageia
•added 2015/06/08 9:17 p.m.•26 views

Updated ipsec-tools packages fix CVE-2015-4047

Updated ipsec-tools packages fix security vulnerability: Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of...

7.8CVSS6.2AI score0.09877EPSS
Exploits1References2
Mageia
Mageia
•added 2015/06/08 9:17 p.m.•36 views

Updated php-ZendFramework packages fix security vulnerabilities

Updated php-ZendFramework packages fix security vulnerability: Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in mail and HTTP headers in ZendFramework before 1.2.12 CVE-2015-3154...

6.1CVSS7.1AI score0.01009EPSS
Exploits1References7
Mageia
Mageia
•added 2015/06/08 9:17 p.m.•34 views

Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server package fixes security vulnerabilities: RabbitMQ before 3.4.1 does not prevent /api/ from returning text/html error messages which could act as an XSS vector CVE-2014-9649. RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads CVE-2014-9650. In...

10CVSS6.6AI score0.04254EPSS
Exploits2References4
Mageia
Mageia
•added 2015/06/08 9:17 p.m.•34 views

Updated jackrabbit packages fix CVE-2015-1833

Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...

6.4CVSS6.2AI score0.51488EPSS
Exploits6References3
Mageia
Mageia
•added 2015/05/27 4:57 p.m.•52 views

Updated kernel-linus packages fix security vulnerabilities and bugs

Updated kernel-linus fixes security, critical data corruption and pdata loss issues This kernel-linus update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4...

7.2CVSS8AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/27 4:57 p.m.•36 views

Updated kernel-tmb packages fix security vulnerabilities and bugs

Updated kernel-tmb fixes security, critical data corruption and pdata loss issues This kernel-tmb update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4...

7.2CVSS8AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/27 4:57 p.m.•42 views

Updated fuse packages fix CVE-2015-3202

Updated fuse packages fix security vulnerability: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges CVE-2015-3202...

3.6CVSS6.5AI score0.01008EPSS
Exploits5References2
Mageia
Mageia
•added 2015/05/23 6:53 p.m.•40 views

Updated kernel packages fix security vulnerabilities and bugs

Updated kernel fixes security, critical data corruption and pdata loss issues This kernel update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4 filesystem ha...

7.2CVSS7.9AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/23 6:53 p.m.•49 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 43.0.2357.65 fixes a number of security issues: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1251...

7.5CVSS10.1AI score0.07855EPSS
Exploits4References2
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•49 views

Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities

Updated firefox, thunderbird, and sqlite3 packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of...

7.5CVSS10AI score0.07417EPSS
Exploits0References15
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•31 views

Updated xbmc packages fix CVE-2015-3885

Updated xbmc package fixes security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously crafted raw ima...

4.3CVSS7.2AI score0.05434EPSS
Exploits0References2
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•45 views

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup CVE-2015-3902. In phpMyAdmin before 4.2.13.3, a vulnerability in the API ca...

6.8CVSS6.2AI score0.01597EPSS
Exploits1References4
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•43 views

Updated avidemux packages fix security vulnerabilities

Updated avidemux packages fix security vulnerabilities: The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJP...

7.5CVSS8.4AI score0.02568EPSS
Exploits0References5
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•42 views

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.11, leaving gradebook feedback is a trusted action and such capabilities in other modules already have an XSS mask, 'mod/quiz:grade' was missing this flag CVE-2015-3174. In Moodle before 2.6.11, some error messages displa...

5.8CVSS7.2AI score0.01893EPSS
Exploits0References10
Mageia
Mageia
•added 2015/05/18 7:8 p.m.•80 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Memory Corruption in pharparsetarfile when entry filename starts with null CVE-2015-4021. Integer overflow in ftpgenlist resulting in heap overflow, potentially exploitable by a hostile FTP server CVE-2015-4022. PHP Multipart/form-data parsing...

7.5CVSS8.7AI score0.50129EPSS
Exploits4References3
Mageia
Mageia
•added 2015/05/15 6:23 p.m.•53 views

Updated ruby-rest-client packages fix security vulnerabilities

Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...

9.8CVSS9.3AI score0.04345EPSS
Exploits0References4
Mageia
Mageia
•added 2015/05/15 6:23 p.m.•36 views

Updated virtualbox packages fix security vulnerabilities

Updated virtualbox packages fixes security vulnerability This update provides the 4.3.28 maintenance release fixing the following security issue: The Floppy Disk Controller FDC in QEMU, XEN, KVM and virtualbox allows local guest users to cause a denial of service out-of-bounds write and guest cra...

7.7CVSS8.1AI score0.15275EPSS
Exploits1References2
Mageia
Mageia
•added 2015/05/13 5:18 p.m.•58 views

Updated kernel-linus packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite...

5CVSS6.4AI score0.05489EPSS
Exploits7References3
Mageia
Mageia
•added 2015/05/13 5:18 p.m.•42 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The WCP dissector could crash while decompressing data CVE-2015-3811. The X11 dissector could leak memory CVE-2015-3812. The IEEE 802.11 dissector could go into an infinite loop CVE-2015-3814...

7.8CVSS6.2AI score0.03731EPSS
Exploits0References6
Mageia
Mageia
•added 2015/05/13 5:18 p.m.•38 views

Updated rawtherapee packages fix CVE-2015-3885

Updated rawtherapee package fixes security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A maliciously crafted...

4.3CVSS7.2AI score0.05434EPSS
Exploits0References2
Total number of security vulnerabilities6011