Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/09/22 8:31 a.m.•43 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.406 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

10CVSS9.1AI score0.84178EPSS
Exploits7References2
Mageia
Mageia
•added 2014/09/22 8:31 a.m.•33 views

Updated gnupg packages fix CVE-2014-5270

Updated gnupg packages fix security vulnerability: The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack CVE-2014-5270...

2.1CVSS6.2AI score0.00531EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/22 8:31 a.m.•47 views

Updated zarafa packages fix multiple vulnerabilities

Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server CVE-2014-0103. Rober...

5.5CVSS5.9AI score0.00424EPSS
Exploits0References3
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•36 views

Updated libgadu packages fix CVE-2013-4488

Updated libgadu packages fix security vulnerability: Libgadu before 1.12.0 was found to not be performing SSL certificate validation CVE-2013-4488...

4.3CVSS2.2AI score0.00966EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•46 views

Updated mariadb packages fix CVE-2014-4274

Updated mariadb packages fix security vulnerability: MyISAM temporary files could be used to mount a code-execution attack CVE-2014-4274. The mariadb package has been updated to version 5.5.39, which fixes this and several other issues. Refer to the upstream Changelog for more details...

4.1CVSS7.3AI score0.0034EPSS
Exploits0References4
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•56 views

Updated glibc packages fix multiple security vulnerabilities

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes...

7.5CVSS8.6AI score0.18099EPSS
Exploits5References4
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•42 views

Updated dump package fix CVE-2014-4607

Updated dump packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The dump package is buil...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•49 views

Updated moodle packages fix security vulnerbilities

Updated moodle packages fix security vulnerabilities: In Moodle before 2.6.5, users who had not yet posted the required answer in a Q forum in order to access past posts were able to see the name of the last person who had posted, as other authors are visible in /mod/forum/view.php before the...

4CVSS9.5AI score0.01143EPSS
Exploits0References5
Mageia
Mageia
•added 2014/09/09 9:34 a.m.•45 views

Updated gtk+3.0 packages fix CVE-2014-1949

Updated gtk+3.0 packages fix security vulnerability: Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session CVE-2014-1949. This was fixed by...

7.2CVSS6.2AI score0.00331EPSS
Exploits0References7
Mageia
Mageia
•added 2014/09/07 9:56 a.m.•31 views

Updated procmail packages fix CVE-2014-3618

Updated procmail package fixes security vulnerability: A heap-based buffer overflow was reported in procmail's formail utility when parsing addresses with unbalanced quotes CVE-2014-3618...

7.5CVSS8.3AI score0.08525EPSS
Exploits1References2
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•55 views

Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a craft...

6.8CVSS9.2AI score0.20237EPSS
Exploits1References4
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•38 views

Updated python-django packages fix multiple vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: These releases address an issue with reverse generating external URLs CVE-2014-0480; a denial of service involving file uploads CVE-2014-0481; a potential session hijacking issue in the remote-user middleware...

6CVSS6.3AI score0.02449EPSS
Exploits1References2
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•28 views

Updated ppp packages fix a security vulnerability

Updated ppp packages fix security vulnerability: A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options CVE-2014-3158...

7.5CVSS9AI score0.03502EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•21 views

Updated libtorrent-rasterbar packages fixes uPnP forwarding all ports

Updated libtorrent-rasterbar packages fix security vulnerability: The libtorrent-rasterbar library was opening UPNP port 0, causing all ports to be forwarded from the router to the client machine...

2.2AI score
Exploits0References3
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•44 views

Updated squid packages fix CVE-2014-3609

Updated squid packages fix security vulnerability: Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service CVE-2014-3609...

5CVSS6.2AI score0.5622EPSS
Exploits0References4
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•32 views

Updated graphicsmagick packages fix CVE-2014-1947

Updated graphicsmagick packages fix security vulnerability: A buffer overflow flaw was found in the way GraphicsMagick writes PSD images when the input data has a large number of layers. Due to the compilation options used in Mageia, the buffer overflow is reduced to a crash, making this a denial...

7.8CVSS7.8AI score0.07024EPSS
Exploits5References2
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•26 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.8AI score0.05584EPSS
Exploits0References7
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•28 views

Updated libgcrypt packages fix CVE-2014-5270

Updated libgcrypt packages fix security vulnerability: The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack CVE-2014-5270...

2.1CVSS6.2AI score0.00531EPSS
Exploits0References4
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•32 views

Updated net-snmp packages fix CVE-2014-3565

Updated net-snmp packages fix security vulnerabilities: A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected...

5CVSS8.5AI score0.04619EPSS
Exploits1References2
Mageia
Mageia
•added 2014/09/01 10:44 a.m.•38 views

Updated distcc packages fix CVE-2014-4607

Updated distcc packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The distcc package is...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/09/01 10:44 a.m.•34 views

Updated blender package fixes CVE-2014-4607

Updated blender package fixes security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The blender package ...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/28 1:56 p.m.•42 views

Updated x11vnc packages fix security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

8.8CVSS9.4AI score0.05315EPSS
Exploits1References4
Mageia
Mageia
•added 2014/08/27 8:21 a.m.•36 views

Updated kdenetwork4 packages fixes security vulnerability in krfb

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References3
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•35 views

Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS7.5AI score0.0315EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•38 views

Updated libvncserver and remmina packages fix security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•46 views

Updated harbour package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The harbour is built with a bundled copy of minilzo, which is a part of...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References3
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•52 views

Updated file packages fix CVE-2014-3587

Updated file packages fix security vulnerability: A flaw was found in the way file uses cdfreadpropertyinfo function when checks stream offsets for certain Composite Document Format CDF. An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow. This...

4.3CVSS8.4AI score0.20237EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•32 views

Updated icecream package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The icecream package is built with a bundled copy of minilzo, which is a...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•33 views

Updated grub2 package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The grub2 package is built with a bundled copy of minilzo, which is a part...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•39 views

Updated italc package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The italc package is built with a bundled copy of minilzo, which is a part...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•42 views

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side...

5.8CVSS6.3AI score0.09149EPSS
Exploits1References3
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•29 views

Updated mednafen packages fix CVE-2014-4607

The bundled version of minilzo.c in the mednafen package has been updated to version 2.08 to fix the following security vulnerability: An integer overflow in minilzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References4
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•110 views

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...

4.3CVSS2AI score0.05844EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•48 views

Updated bugzilla packages fix a CSRF vulnerability

Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...

4.3CVSS6.3AI score0.00542EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•32 views

Updated busybox packages fix CVE-2014-4607

Updated busybox packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. Busybox bundles part ...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•56 views

Updated ansible package fixes multiple security issues

Updated ansible package fixes security vulnerabilities: The Ansible platform before version 1.6.7 suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables CVE-2014-4678, CVE-2014-4966,...

9.8CVSS9.7AI score0.05197EPSS
Exploits0References6
Mageia
Mageia
•added 2014/08/22 10:58 a.m.•34 views

Updated sdcc packages fix a security vulnerability

Integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary. CVE-2012-3509 A nonfree package is also now available, which provides components that cannot be included in the core repository. In addition, this update obsoletes sdcc2.9, which is old and probab...

5CVSS4AI score0.03602EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/22 10:58 a.m.•38 views

Updated krb5 package fixes security vulnerabilities

MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session CVE-2014-4341, CVE-2014-4342. MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL...

8.5CVSS9.2AI score0.08085EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•41 views

Updated python-imaging & python-pillow packages fix CVE-2014-3589

Updated python-imaging and python-pillow packages fix security vulnerabilities: The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin CVE-2014-3589...

5CVSS6.9AI score0.03587EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•48 views

Updated subversion packages fix CVE-2014-3528

Updated subversion packages fix security vulnerability: Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server CVE-2014-3528. The subversion package has been patched t...

4CVSS8.9AI score0.07495EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•42 views

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicatio...

4CVSS7.9AI score0.07495EPSS
Exploits0References6
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•36 views

Updated gpgme packages fix CVE-2014-3564

Updated gpgme packages fix security vulnerability: A heap-based buffer overflow in gpgme before 1.5.1 could allow a specially crafted certificate to cause crashes or potentially cause arbitrary code execution CVE-2014-3564...

6.8CVSS7.5AI score0.04289EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•25 views

Updated catfish package fixes CVE-2014-2093

Updated catfish package fixes security vulnerability: Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory CVE-2014-2093. Additionally, the update fixes the application icon symlink and a crash when som...

4.6CVSS6.3AI score0.00417EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•24 views

Updated catfish package fixes CVE-2014-2096

Updated catfish package fixes security vulnerabilities: Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse bin/catfish.py in the current working directory CVE-2014-2096. Additionally, the update adds a missing requirement for the...

4.6CVSS6.3AI score0.00417EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/21 9:36 a.m.•38 views

Updated phpmyadmin package fixes XSS vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages CVE-2014-5273. In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigg...

3.5CVSS6AI score0.01706EPSS
Exploits2References3
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•61 views

Updated kernel-vserver package fixes security vulnerabilities

Updated kernel-vserver provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.8CVSS7AI score0.37233EPSS
Exploits22References12
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•76 views

Updated kernel-tmb package fixes security vulnerabilities

Updated kernel-tmb provides upstream 3.12.26 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value CVE-2014-020...

7.8CVSS7.1AI score0.37233EPSS
Exploits22References7
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•43 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.400 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

10CVSS7.1AI score0.07552EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•34 views

Updated 389-ds-base packages fix security vulnerability

It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensiti...

5CVSS6.1AI score0.02198EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•17 views

Updated dhcpcd package fixes security vulnerability

In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service...

2.9AI score
Exploits0References2
Total number of security vulnerabilities6009