Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/12/19 3:6 p.m.•41 views

Updated pcre packages fix security vulnerability

A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions CVE-2014-8964...

5CVSS7.7AI score0.06505EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•42 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code CVE-2014-8137. A heap-based buffe...

7.5CVSS7.1AI score0.18501EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•46 views

Updated file packages fix security vulnerabilities

Updated file packages fix security vulnerabilities: Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption CVE-2014-8116. Thomas Jarosch of Intra2net AG reported that using th...

5CVSS9AI score0.05926EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/14 2:10 p.m.•47 views

Updated cpio package fixes security vulnerability

Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive CVE-2014-9112. Additionally, a null pointer dereference in the copyinlink function which could cause a denial of service has als...

5CVSS6.6AI score0.07093EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/14 2:10 p.m.•47 views

Updated rpm packages fix security vulnerabilities

It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and...

10CVSS7.7AI score0.07669EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/13 8:16 p.m.•54 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server...

5.4CVSS6.4AI score0.13451EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/13 8:16 p.m.•46 views

Updated freetype2 packages fix security vulnerability

Updated freetype2 packages fix security vulnerability: It was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2hintmapbuild in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240...

6.4AI score
Exploits0References3
Mageia
Mageia
•added 2014/12/13 8:16 p.m.•77 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: During migration, the values read from migration stream during ram load are not validated. Especially offset in hostfromstreamoffset and also the length of the writes in the callers of the said function. A user able to alter the savevm data eith...

7.5CVSS9.2AI score0.04115EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/10 8:9 p.m.•16 views

Updated firebird packages fix a remote denial of service vulnerability

These update fix the recently discovered security vulnerability CORE-4630 that may be used for a remote DoS attack performed by unauthorized users...

3.9AI score
Exploits0References3
Mageia
Mageia
•added 2014/12/10 8:9 p.m.•45 views

Updated bind packages fix CVE-2014-8500

Updated bind packages fix security vulnerability: By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the...

7.8CVSS8.6AI score0.65683EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/10 8:9 p.m.•45 views

Updated pdns-recursor packages fix CVE-2014-8601

Updated pdns-recursor package fixes security vulnerability: PowerDNS Recursor before version 3.6.2, could be negatively impacted by specially configured, hard to resolve domain names. A remote attacker, by sending a query for such a domain name, could cause severe performance degradation in...

5CVSS6.3AI score0.73532EPSS
Exploits0References5
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•72 views

Updated nodejs package fixes security vulnerabilities

Updated nodejs package fixes security vulnerabilities: A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and...

7.5CVSS7.3AI score0.05428EPSS
Exploits2References4
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•44 views

Updated graphviz packages fix CVE-2014-9157

Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string...

7.5CVSS6.7AI score0.05569EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•48 views

Updated iceape package fixes security vulnerabilities

When the oxygen-gtk was active and iceape tried to draw a menu for example after a mouse down event on the menu bar, a segmentation fault was triggered causing iceape to crash. The oxygen-gtk theme engine contains a solution for this problem, this is now enabled for iceape. MGA 12978 Mozilla...

6.8CVSS8.1AI score0.04052EPSS
Exploits0References10
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•38 views

Updated util-linux packages fix CVE-2014-9114

Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and oth...

7.8CVSS7.9AI score0.00648EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•19 views

Updated php-pear-HTML_AJAX package fixes security vulnerability

Updated php-pear-HTMLAJAX package fixes security vulnerability: The HTMLAJAX pear module before version 0.5.7 is vulnerable to a bug that can allow for remote code execution through unspecified vectors...

5.3AI score
Exploits0References2
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•50 views

Updated openafs packages fix security vulnerabilies

Updated openafs packages fix security vulnerabilities: Buffer overflow in the GetStatistics64 remote procedure call RPC in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service crash via a crafted statsVersion argument CVE-2014-0159. OpenAFS before 1.6.7 delays the listen thre...

5CVSS6.4AI score0.02179EPSS
Exploits1References14
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•36 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.425 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution CVE-2014-0587,...

10CVSS7.4AI score0.20356EPSS
Exploits2References2
Mageia
Mageia
•added 2014/12/05 4:59 p.m.•30 views

Updated openvpn package fixes CVE-2014-8104

Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service CVE-2014-8104...

6.8CVSS6.2AI score0.03478EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/05 4:59 p.m.•41 views

Updated jasper packages fix CVE-2014-9029

Updated jasper packages fix security vulnerability: Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service application crash or the execution of arbitrary code CVE-2014-9029...

7.5CVSS7.1AI score0.18404EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/05 4:59 p.m.•24 views

Updated apache-mod_wsgi package fixes security vulnerability

It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...

6.9CVSS6.6AI score0.00403EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/05 3:54 p.m.•37 views

Updated phpmyadmin package fixes CVE-2014-9218

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.8, with very long passwords it was possible to initiate a denial of service attack on phpMyAdmin CVE-2014-9218...

5CVSS9AI score0.11055EPSS
Exploits4References2
Mageia
Mageia
•added 2014/12/05 3:54 p.m.•36 views

Updated mutt packages fix CVE-2014-9116

Updated mutt packages fix security vulnerability: A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition CVE-2014-9116. The mutt package has been updated to version 1.5.23 and patched to fix this issue...

5CVSS8.8AI score0.09694EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/05 3:54 p.m.•39 views

Updated tcpdump package fixes security vulnerability

It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2014-9140...

5CVSS9.8AI score0.05761EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/05 3:54 p.m.•33 views

Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash CVE-2014-9130...

5CVSS6.5AI score0.13195EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•41 views

Updated libreoffice packages fix security vulnerability

"Document as E-mail" vulnerability bnc900218. It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2014-3693...

7.5CVSS7.6AI score0.04955EPSS
Exploits0References5
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•52 views

Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...

7.8CVSS7.7AI score0.00421EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•47 views

Updated mediawiki packages fix security vulnerabilies

In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML CVE-2014-9276. MediaWiki's mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from th...

7.5CVSS9.1AI score0.01965EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•68 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated nss, firefox, and thunderbird packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data CVE-2014-1569. Several flaws were found in the processing of malformed web...

7.5CVSS6.5AI score0.04052EPSS
Exploits4References13
Mageia
Mageia
•added 2014/12/01 5:57 p.m.•19 views

Updated teeworlds packages fix security vulnerability

A security flaw was found in the teeworlds server prior to 0.6.3 where an incorrect offset check could enable an attacker to read the memory or trigger a segmentation fault. The teeworlds package in Mageia 4 has been update to version 0.6.3, thus providing the fix for this security flaw and a...

3.1AI score
Exploits0References4
Mageia
Mageia
•added 2014/12/01 5:57 p.m.•31 views

Updated gnome-shell and gnome-settings-daemon packages fix security vulnerability

The lock screen in gnome-shell does not disable taking screenshots via the Print Screen key, and several consecutive screenshot requests can trigger an out-of-memory situation, causing the lock screen to be killed, thus allowing it to be bypassed CVE-2014-7300...

7.2CVSS6.4AI score0.00473EPSS
Exploits0References3
Mageia
Mageia
•added 2014/12/01 5:57 p.m.•49 views

Updated tcpdump package fixes security vulnerabilities

The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set CVE-2014-8767. The application decoder for the Ad hoc On-Demand Distance Vector AODV protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The...

6.4CVSS9AI score0.05511EPSS
Exploits4References2
Mageia
Mageia
•added 2014/11/29 8:46 p.m.•31 views

Updated geary package fixes security vulnerability

Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate CVE-2014-5444...

4.3CVSS6.2AI score0.01093EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/29 8:18 p.m.•38 views

Updated flac packages fix security vulnerabilities

In libFLAC before 1.3.1, a stack overflow CVE-2014-8962 and a heap overflow CVE-2014-9028, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder...

7.5CVSS7.1AI score0.0986EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•30 views

Updated libksba packages fix security vulnerability

By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service CVE-2014-9087...

7.5CVSS6.4AI score0.05167EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•40 views

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoo...

6.5CVSS5.8AI score0.02725EPSS
Exploits3References5
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•58 views

Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...

4.3CVSS5.9AI score0.99999EPSS
Exploits7References1
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•32 views

Updated icecast package fixes security vulnerability

Icecast did not properly handle the launching of "scripts" on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to external clients. CVE-2014-9018...

5CVSS6.1AI score0.02965EPSS
Exploits1References4
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•39 views

Updated flash-player-plugin packages fix CVE-2014-8439

Adobe Flash Player 11.2.202.424 contains additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution CVE-2014-8439. A mitigation was previously introduced for this issue in a previous update MGASA-2014-0448...

10CVSS6.8AI score0.20008EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•16 views

Updated perl-Mojolicious packages fix a security vulnerability

Updated perl-Mojolicious package fixes security vulnerability: An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks...

1.9AI score
Exploits0References3
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•61 views

Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE

Updated asterisk packages fix security vulnerabilities: In Asterisk Open Source 11.x before 11.12.1, when an out of call message, delivered by either the SIP or PJSIP channel driver or the XMPP stack, is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the...

4CVSS6.2AI score0.01518EPSS
Exploits0References10
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•49 views

Updated drupal packages fix security vulnerabilities

Updated drupal packages fix security vulnerability: Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session CVE-2014-9015. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the...

6.8CVSS6.4AI score0.82234EPSS
Exploits3References7
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•37 views

Updated glibc packages fix CVE-2014-7817

The function wordexp fails to properly handle the WRDENOCMD flag when processing arithmetic inputs in the form of "$... " where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDENOCMD forbade command substitution. This allows an attack...

4.6CVSS8.8AI score0.00578EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•62 views

Updated avidemux packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.2.9 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.2.9 allows an attacker to have an unspecified impact v...

7.5CVSS9.4AI score0.04697EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•46 views

Updated wordpress package fixes security vulnerabilities

XSS in wptexturize via comments or posts, exploitable for unauthenticated users CVE-2014-9031. XSS in media playlists CVE-2014-9032. CSRF in the password reset process CVE-2014-9033. Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without...

6.8CVSS6.2AI score0.82702EPSS
Exploits8References3
Mageia
Mageia
•added 2014/11/26 10:14 a.m.•55 views

Updated clamav packages fix security vulnerabilities

Certain javascript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file CVE-2014-9050. ClamAV has been updated to version 0.98.5 to address these...

5CVSS6.9AI score0.04878EPSS
Exploits1References5
Mageia
Mageia
•added 2014/11/26 10:14 a.m.•26 views

Updated perl-Plack package fixes security vulnerability

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...

5CVSS6.3AI score0.02455EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/25 9:21 a.m.•48 views

Updated chromium-browser-stable fixes multiple security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors CVE-2014-7904. Use-after-free...

7.5CVSS7.3AI score0.07653EPSS
Exploits0References4
Mageia
Mageia
•added 2014/11/25 9:21 a.m.•48 views

Updated graphicsmagick packages fix security vulnerability

GraphicsMagick is vulnerable to an out of bounds read / heap Overflow in the function ReadPCXImage in the file pcx.c. This can be exploited by a crafted image file to cause a denial of service CVE-2014-8355...

5.5CVSS6.2AI score0.02082EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/22 10:54 a.m.•46 views

Updated imagemagick packages fix security vulnerabilities

ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code CVE-2014-8354, PCX parser CVE-2014-8355, DCM decoder CVE-2014-8562, and JPEG decoder CVE-2014-8716...

6.5CVSS6.3AI score0.02889EPSS
Exploits0References2
Total number of security vulnerabilities6009