Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2015/01/09 4:44 p.m.•36 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The DEC DNA Routing Protocol dissector could crash CVE-2015-0562. The SMTP dissector could crash CVE-2015-0563. Wireshark could crash while decypting TLS/SSL sessions CVE-2015-0564...

5CVSS5.8AI score0.02775EPSS
Exploits0References6
Mageia
Mageia
•added 2015/01/09 4:44 p.m.•34 views

Updated unrtf package fixes security vulnerability

Updated unrtf package fixes security vulnerability: Hanno Böck also reported a number of other crashes in unrtf besides the ones associated with CVE-2014-9275. These could allow a denial of service when opening a malicious malformed RTF file which causes unrtf to crash...

6.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/01/09 4:44 p.m.•50 views

Updated glpi package fixes security vulnerabilities

Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria CVE-2014-5032. An issue in GLPI before 0.84.8 may allow arbitrary local files to be included ...

7.5CVSS7.5AI score0.03167EPSS
Exploits4References6
Mageia
Mageia
•added 2015/01/09 4:44 p.m.•50 views

Updated curl packages fix CVE-2014-8150

Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to...

4.3CVSS9.1AI score0.0681EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/09 4:44 p.m.•39 views

Updated gcab packages fix CVE-2015-0552

Updated gcab packages fix security vulnerability: Jakub Wilk reported a directory traversal vulnerability due to gcab not filtering leading slashes from paths in CAB files CVE-2015-0552...

6.4CVSS6.3AI score0.02791EPSS
Exploits1References2
Mageia
Mageia
•added 2015/01/08 12:36 p.m.•33 views

Updated libssh packages fix CVE-2014-8132

Updated libssh packages fix security vulnerability: Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet CVE-2014-8132...

5CVSS6.1AI score0.05145EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/08 12:36 p.m.•40 views

Updated libsndfile packages fix CVE-2014-9496

Updated libsndfile packages fix security vulnerabilities: libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service CVE-2014-9496...

2.1CVSS7.9AI score0.00586EPSS
Exploits1References4
Mageia
Mageia
•added 2015/01/08 12:24 p.m.•49 views

Updated glibc packages fix security vulnerabilities

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context- dependent attackers to bypass the FORTIFYSOURCE format-string...

7.8CVSS9.3AI score0.07688EPSS
Exploits3References1
Mageia
Mageia
•added 2015/01/07 4:32 p.m.•50 views

Updated asterisk packages fix CVE-2014-9374

Updated asterisk packages fix security vulnerability: Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service crash by sending a zero length frame after a non-zero length frame...

5CVSS6.3AI score0.09525EPSS
Exploits0References5
Mageia
Mageia
•added 2015/01/07 4:32 p.m.•43 views

Updated apache packages fix CVE-2014-8109

Updated apache packages fix security vulnerability: modlua.c in the modlua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers...

4.3CVSS7.4AI score0.22016EPSS
Exploits0References3
Mageia
Mageia
•added 2015/01/07 4:32 p.m.•38 views

Updated ettercap packages fix security vulnerabilities

Updated ettercap package fixes security vulnerabilities: Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value...

7.5CVSS8AI score0.13056EPSS
Exploits4References2
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•71 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.27 and fixes the following security issues: arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier...

7.8CVSS6.7AI score0.01504EPSS
Exploits9References4
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•43 views

Updated libpng packages fix CVE-2014-9495

Updated libpng packages fix security vulnerability: libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in pngcombinerow when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary attacker-controlled dat...

10CVSS7.3AI score0.03889EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•45 views

Updated nvidia packages fix security vulnerabilities

Updated nvidia304 and nvidia-current drivers fixes security issues: The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allo...

7.5CVSS8.1AI score0.05192EPSS
Exploits0References4
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•25 views

Updated libevent packages fix CVE-2014-6272

Updated libevent packages fix security vulnerability: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In...

7.5CVSS6.7AI score0.02084EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•15 views

Updated webmin packages fix security vulnerabilities

Updated webmin package fixes security vulnerability: The webmin package has been updated to version 1.730 to fix possible security issues that could be caused by malicious symlinks when reading mail. The updated version also has various bug fixes, translation updates, and functionality...

3.5AI score
Exploits0References3
Mageia
Mageia
•added 2015/01/05 4:30 p.m.•19 views

Updated privoxy package fixes security vulnerabilities

Updated privoxy packages fix security issues: A memory leak occurred in privoxy 3.0.21 compiled with IPv6 support when rejecting client connections due to the socket limit being reached. CID 66382 A use-after-free bug was found in privoxy 3.0.21 and two additional potential use-after-free issues...

1AI score
Exploits0References2
Mageia
Mageia
•added 2015/01/05 4:30 p.m.•48 views

Updated libvirt packages fix CVE-2014-8136

Updated libvirt packages fix security vulnerability: The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemudriver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors CVE-2014-8136...

2.1CVSS6.1AI score0.00394EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/05 4:30 p.m.•32 views

Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using...

5CVSS6.2AI score0.13195EPSS
Exploits1References3
Mageia
Mageia
•added 2015/01/05 4:30 p.m.•35 views

Updated openvas-manager packages fix security vulnerability

Updated openvas-manager packages fixes security vulnerability: It has been identified that OpenVAS Manager before 4.0.6 is vulnerable to sql injections due to a improper handling of the timezone parameter in modifyschedule OMP command. It has been identified that this vulnerability may allow...

7.5CVSS6.2AI score0.02065EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•54 views

Updated couchdb packages fix CVE-2010-5312

Updated couchdb packages fix security vulnerability: Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option CVE-2010-5312. The embedded copy of jQuery UI in...

6.1CVSS2.8AI score0.18351EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•26 views

Updated plasma-nm packages add openvpn certificate verification

Updated plasma-applet-nm packages add OpenVPN option for server certificate verification Plasma-nm does not tell OpenVPN to perform server certificate verification. Consequently, anyone with the preshared key is able to perform a MITM attack by impersonating the server. This update add option to...

2.7AI score
Exploits0References4
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•32 views

Updated xml-security packages fix CVE-2013-4517

Updated xml-security packages fixes security vulnerability: Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to signatures CVE-2013-4517...

4.3CVSS6.7AI score0.08863EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•40 views

Updated castor packages fix CVE-2014-3004

Updated castor packages fix security vulnerability: The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document CVE-2014-3004...

4.3CVSS8.7AI score0.07794EPSS
Exploits3References2
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•44 views

Updated sox packages fix CVE-2014-8145

Updated sox packages fix security vulnerability: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities CVE-2014-8145...

7.5CVSS6.7AI score0.07709EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•49 views

Updated unzip package fixes security vulnerabilities

Updated unzip package fix security vulnerabilities: The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification CVE-2014-8139, the testcompreb CVE-2014-8140 and the getZip64Data CVE-2014-8141 functions. The input errors may result in arbitrary code...

7.8CVSS7.3AI score0.07448EPSS
Exploits0References6
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•70 views

Updated cxf packages fix security vulnerabilities

Updated cxf packages fix security vulnerabilities: An Apache CXF JAX-RS service can process SAML tokens received in the authorization header of a request via the SamlHeaderInHandler. However it is possible to cause an infinite loop in the parsing of this header by passing certain bad values for t...

5.8CVSS7.3AI score0.09149EPSS
Exploits1References5
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•51 views

Updated resteasy package fix CVE-2014-3490

Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...

7.5CVSS9AI score0.04572EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•43 views

Updated wss4j packages fix CVE-2014-3623

Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors CVE-2014-3623...

5CVSS6.5AI score0.09224EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•44 views

Updated axis packages fix CVE-2014-3596

Updated axis packages fixes security vulnerability: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name CN field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate...

5.8CVSS8.3AI score0.05806EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•18 views

Updated xlockmore packages fix a security vulnerability

Updated xlockmore packages fix security vulnerability xlockmore before 5.45 contains a security flaw related to a bad value of fnt for pyro2 which could cause an X error. This update backports the fix for version 5.43...

3AI score
Exploits0References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•40 views

Updated erlang packages fix security vulnerabilities

Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP command...

7.5CVSS9.7AI score0.02193EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•19 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.8, thumb.php outputs wikitext message as raw HTML, which could lead to cross-site scripting. Permission to edit MediaWiki namespace is required to exploit this. In MediaWiki before 1.23.8, a malicious site can bypas...

1.1AI score
Exploits0References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•57 views

Updated smack packages fix security vulnerabilities

Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers...

6.8CVSS8.6AI score0.0123EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•45 views

Updated apache-poi packages fix security vulnerabilities

Updated apache-poi packages fix security vulnerabilities: It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server,...

4.3CVSS6.9AI score0.13258EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•36 views

Updated not-yet-commons-ssl packages fix CVE-2014-3604

Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...

6.8CVSS8.9AI score0.00932EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/23 8:35 p.m.•41 views

Updated subversion packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way moddavsvn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash moddavsvn CVE-2014-3580. A NULL pointer dereference flaw was found in the way moddavsvn handled URIs for virtual transaction names...

5CVSS9AI score0.1067EPSS
Exploits0References5
Mageia
Mageia
•added 2014/12/23 8:35 p.m.•30 views

Updated libjpeg packages fix security vulnerability

Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing CVE-2014-9092...

6.5CVSS6.8AI score0.03235EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/23 8:35 p.m.•41 views

Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

9.8CVSS9.5AI score0.63178EPSS
Exploits5References3
Mageia
Mageia
•added 2014/12/21 8:47 p.m.•66 views

Updated php packages fix CVE-2014-8142

Updated php packages fix security vulnerability: A use-after-free flaw was found in PHP unserialize. An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize CVE-2014-8142. PHP has been updated to version 5.5.20, which fixes the...

7.5CVSS8.9AI score0.53166EPSS
Exploits8References3
Mageia
Mageia
•added 2014/12/21 8:47 p.m.•38 views

Updated znc package fixes CVE-2014-9403

Updated znc packages fix security vulnerability: Adding an already existing channel to a user/network via web admin in ZNC causes a crash if the channel name isn't prefixed with '' CVE-2014-9403...

4CVSS6.3AI score0.02156EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/20 1:51 p.m.•43 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated CVE-2014-9293. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys...

7.5CVSS7.4AI score0.7809EPSS
Exploits4References8
Mageia
Mageia
•added 2014/12/19 3:17 p.m.•48 views

Updated docuwiki package fixes CVE-2014-9253

Updated dokuwiki package fix a security vulnerability: Our current dokuwiki-20140929-1.1.mga4 package uses dokuwiki-2014-09-29a source which allows swf application/x-shockwave-flash uploads by default. This may be used for Cross-site scripting XSS attack which enables attackers to inject...

4.3CVSS5.8AI score0.02365EPSS
Exploits0References5
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•29 views

Updated c-icap packages fix security vulnerabilities

Several vulnerabilities were found in c-icap, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts CVE-2013-7401, CVE-2013-7402...

5CVSS4.9AI score0.02817EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•46 views

Updated krb5 packages fix CVE-2014-5353

Updated krb5 packages fix security vulnerability: In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to b...

3.5CVSS7AI score0.04968EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•42 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-8137. A heap-based buffe...

7.5CVSS7.1AI score0.18501EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•42 views

Updated claws-mail packages fix security vulnerability

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service crash via a crafted TNEF file, which triggers a buffer overflow CVE-2010-5109. The claws-mail package contains an embedded copf of libytnef, which has been...

4.3CVSS5.3AI score0.02387EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•41 views

Updated pcre packages fix security vulnerability

A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions CVE-2014-8964...

5CVSS7.7AI score0.06505EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•37 views

Updated nail package fixes security vulnerabilities

Updated nail package fixes security vulnerabilities: A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command...

7.8CVSS8.1AI score0.06858EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•27 views

Updated pwgen package fixes security vulnerabilities

Updated pwgen package fixes security vulnerabilities: Pwgen was found to generate weak non-tty passwords by default, which could be brute-forced with a commendable success rate, which could raise security concerns CVE-2013-4440. Pwgen was found to silently falling back to use standard pseudo...

5CVSS2.6AI score0.02166EPSS
Exploits0References2
Total number of security vulnerabilities6009