Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2015/02/17 6:38 p.m.•37 views

Updated dbus packages fix security vulnerabilities

non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester, causing a local denial of service CVE-2015-0245...

1.9CVSS6.2AI score0.00273EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•46 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2014-8161. The function tochar might read/write past the end of a buffer. This might crash the...

9.8CVSS7.9AI score0.05533EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•36 views

Updated x11-server packages fix CVE-2015-0255

Updated x11-server packages fix security vulnerability: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengt...

6.4CVSS4.8AI score0.04502EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•45 views

Updated glibc packages fix security vulnerabilities

Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer CVE-2015-1472. The incorrect use of "libcusealloca newsize" caused a different and weaker policy to be enforced which could allow a denial of service attack CVE-2015-14...

7.5CVSS7.8AI score0.04688EPSS
Exploits2References2
Mageia
Mageia
•added 2015/02/15 3:57 p.m.•42 views

Updated rsync package fixes security vulnerability

Updated rsync package fixes security vulnerability: Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption CVE-2014-2855. The...

7.8CVSS6.2AI score0.04119EPSS
Exploits1References3
Mageia
Mageia
•added 2015/02/15 3:57 p.m.•36 views

Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code CVE-2014-5352. Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the...

9CVSS9.1AI score0.06213EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/15 3:57 p.m.•43 views

Updated cups packages fix CVE-2014-9679

Updated cups packages fix security vulnerability: A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels CVE-2014-9679...

6.8CVSS6.9AI score0.04633EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•17 views

Updated perl-Gtk2 packages fix a security vulnerability

Updated perl-Gtk2 packages fix security vulnerability: Incorrect memory management in Gtk2::Gdk::Display::listdevices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The perl-Gtk2 package has been updated to version 1.2495 to fix...

2.5AI score
Exploits0References3
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•36 views

Updated xdg-utils packages fix CVE-2014-9622

Updated xdg-utils package fixes security vulnerability: John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely CVE-2014-9622. The xdg-utils has been updated to a much more recent snapshot, and...

6.8CVSS9AI score0.03256EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•38 views

Updated e2fsprogs packages fix CVE-2015-0247

Updated e2fsprogs packages fix security vulnerability: The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to...

4.6CVSS9.2AI score0.00897EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•51 views

Updated owasp-esapi-java packages fix CVE-2013-5679

Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...

2.6CVSS3.5AI score0.02426EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•36 views

Updated hivex packages fix CVE-2014-9273

Updated hivex packages fix security vulnerability: lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write CVE-2014-9273...

4.6CVSS7.1AI score0.00625EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•49 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in...

0.6AI score
Exploits0References3
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•53 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 allows remote attacke...

7.5CVSS7.5AI score0.02854EPSS
Exploits0References4
Mageia
Mageia
•added 2015/02/09 9:44 p.m.•33 views

Updated moodle packages fix CVE-2015-1493

Updated moodle package fixes security vulnerability: In Moodle before 2.6.8, parameter "file" passed to scripts serving JS was not always cleaned from including "../" in the path, allowing to read files located outside of moodle directory. All OS's are affected, but especially vulnerable are...

6.8CVSS6.3AI score0.02638EPSS
Exploits0References5
Mageia
Mageia
•added 2015/02/09 9:44 p.m.•45 views

Updated clamav packages fix security vulnerabilities

ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...

7.5CVSS6.4AI score0.03234EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/09 9:44 p.m.•59 views

Updated polarssl packages fix CVE-2015-1182

Updated polarssl packages fix security vulnerability: A vulnerability was discovered in PolarSSL in its certificate parser. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library application...

7.5CVSS6.7AI score0.03246EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/06 4:51 p.m.•43 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.442 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves use-after-free vulnerabilities that could lead to code execution...

10CVSS8.6AI score0.95683EPSS
Exploits13References3
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•17 views

Updated hexchat packages fix security vulnerability

HexChat did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name...

2AI score
Exploits0References3
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•31 views

Updated vorbis-tools package fixes security vulnerability

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted raw file CVE-2014-9640...

5CVSS5.5AI score0.03243EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•52 views

Updated vlc packages fix security vulnerabilities

Updated vlc packages fix security vulnerabilities: On 32 bit builds, parsing of update status files with a size of 4294967295 or more lead to an integer truncation caused by a cast to sizet in a call to malloc and a subsequent buffer overflow. This happened prior to checking the files' signature...

7.8CVSS8.4AI score0.02385EPSS
Exploits0References4
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•36 views

Updated cabextract packages fix CVE-2014-9556

Updated cabextract packages fix security vulnerability: Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...

5CVSS5.6AI score0.02817EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•59 views

Updated zarafa packages fix CVE-2014-9465 and some packaging issues

Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess = 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp CVE-2014-9465. This update also adds some patches from Robert Scheck which correct...

5CVSS6.4AI score0.03355EPSS
Exploits1References3
Mageia
Mageia
•added 2015/01/31 1:23 p.m.•40 views

Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs

Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack CVE-2013-7252. This...

5CVSS2.8AI score0.02147EPSS
Exploits1References6
Mageia
Mageia
•added 2015/01/31 1:23 p.m.•46 views

Updated icu packages fix security vulnerabilities

Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...

7.5CVSS9.4AI score0.02217EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/31 1:23 p.m.•44 views

Updated bugzilla packages fix CVE-2014-8630

Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...

6.5CVSS6.7AI score0.0204EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/31 1:23 p.m.•40 views

Updated libvirt packages fix CVE-2015-0236

Updated libvirt packages fix security vulnerability: The XML getters for save images and snapshots objects don't check ACLs for the VIRDOMAINXMLSECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to...

3.5CVSS6.6AI score0.01802EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•44 views

Updated python-pillow packages fix CVE-2014-9601

Updated python-pillow packages fix security vulnerability: Pillow before 2.7.0 and 2.6.2 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed CVE-2014-9601...

5CVSS6.6AI score0.05426EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•37 views

Updated busybox packages fix CVE-2014-9645

Updated busybox packages fix security vulnerability: The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this CVE-2014-9645...

5.5CVSS7.7AI score0.00635EPSS
Exploits2References2
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•85 views

Updated php packages fix security vulnerabilities

Updated php and libgd packages fix security vulnerabilities: Double free vulnerability in the zendtshashgracefuldestroy function in zendtshash.c in the Zend Engine in PHP before 5.5.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vecto...

7.5CVSS9.8AI score0.42593EPSS
Exploits7References2
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•17 views

Updated privoxy packages fix security vulnerabilities

Updated privoxy packages fix security issues: Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled the default they could previously cause Privoxy to abort. Fixed multiple segmentation faults and memory leaks in the pcrs code. This...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•38 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.440 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe reports that CVE-2015-0311 is already being actively exploited in the wild via...

10CVSS7.1AI score0.8582EPSS
Exploits5References2
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•57 views

Updated java-1.7.0-openjdk packages fix security vulnerabilities

Updated java-1.7.0 packages fix security vulnerabilities: A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions CVE-2014-6601. Multiple improper...

10CVSS5.4AI score0.67234EPSS
Exploits5References4
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•50 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references,...

7.5CVSS9.7AI score0.04339EPSS
Exploits0References5
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•30 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-815...

7.5CVSS6.9AI score0.16855EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•32 views

Updated aircrack-ng packages fix security vulnerabilities

Updated aircrack-ng package fixes security vulnerabilities: A length parameter inconsistency in Aircrack-ng before 1.2-rc1 at aireplay tcptest which may lead to remote code execution CVE-2014-8322. A missing check for data format in Aircrack-ng before 1.2-rc1 at buddy-ng which may lead to denial ...

9.8CVSS9.1AI score0.23925EPSS
Exploits3References3
Mageia
Mageia
•added 2015/01/21 5:15 p.m.•38 views

Updated freeciv packages fix a security vulnerability

Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with...

9.4AI score
Exploits0References5
Mageia
Mageia
•added 2015/01/20 2:57 p.m.•33 views

Updated otrs package fixes CVE-2014-9324

Updated otrs package fixes security vulnerability: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured CVE-2014-9324...

6CVSS6.3AI score0.01778EPSS
Exploits0References4
Mageia
Mageia
•added 2015/01/20 2:57 p.m.•31 views

Updated elfutils packages fix CVE-2014-9447

Updated elfutils packages fix security vulnerability: Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

6.4CVSS6.5AI score0.05018EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/20 2:57 p.m.•62 views

Updated moodle package fixes security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.7, absence of a capability check in AJAX backend script in the LTI module could allow any enrolled user to search the list of registered tools CVE-2015-0211. In Moodle before 2.6.7, the course summary on course request...

6.8CVSS5.8AI score0.0224EPSS
Exploits0References10
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•56 views

Updated file packages fix security vulnerabilities

Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers CVE-2014-9620, CVE-2014-9621. As part of...

5CVSS7.5AI score0.04683EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•27 views

Updated coreutils packages fix CVE-2014-9471

Updated coreutils packages fix security vulnerability: Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code CVE-2014-9471...

7.5CVSS6.8AI score0.07087EPSS
Exploits1References2
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•44 views

Updated binutils packages fix security vulnerabilities

Updated binutils packages fix security vulnerabilities: Multiple security issues have been found in binutils. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of...

7.5CVSS10.2AI score0.07486EPSS
Exploits7References2
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•47 views

Updated iceape package fixes security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service memory corruption and...

7.5CVSS10.3AI score0.65657EPSS
Exploits4References9
Mageia
Mageia
•added 2015/01/17 10:31 p.m.•39 views

Updated firefox and thunderbird packages fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it CVE-2014-8634. It was found that the Beacon interface...

7.5CVSS9.7AI score0.04158EPSS
Exploits0References9
Mageia
Mageia
•added 2015/01/17 10:31 p.m.•40 views

Updated python-django and python-django14 packages fix security vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...

5CVSS6.5AI score0.06783EPSS
Exploits3References3
Mageia
Mageia
•added 2015/01/14 9:55 p.m.•50 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.429 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an improper file validation issue CVE-2015-0301. This update resolves an information...

10CVSS7.3AI score0.08742EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/14 9:55 p.m.•47 views

Updated python-pip packages fix CVE-2014-8991

Updated python-pip packages fix security vulnerability: pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user CVE-2014-8991...

2.1CVSS5.7AI score0.00393EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/11 7:54 p.m.•63 views

Updated openssl packages fix security vulnerabilities

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an...

5CVSS7.1AI score0.98685EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/09 4:44 p.m.•21 views

Updated mpfr packages fix CVE-2014-9474

Updated mpfr packages fix security vulnerability: A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpnsetstr about the size of a buffer CVE-2014-9474...

9.8CVSS9.4AI score0.0429EPSS
Exploits0References2
Total number of security vulnerabilities6009