Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/08/18 9:14 a.m.•71 views

Updated kernel-tmb package fixes security vulnerabilities

Updated kernel-tmb provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value CVE-2014-020...

7.8CVSS7AI score0.37233EPSS
Exploits22References12
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•65 views

Updated kernel-linus package fixes security vulnerabilities

Updated kernel-linus provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.8CVSS7AI score0.37233EPSS
Exploits22References12
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•72 views

Updated kernel-linus package fixes security vulnerabilities

Updated kernel-linus provides upstream 3.12.26 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.8CVSS7.1AI score0.37233EPSS
Exploits22References7
Mageia
Mageia
•added 2014/08/12 9:16 a.m.•16 views

Updated wordpress packages fix security vulnerabilities

Multiple vulnerabilities in WordPress before 3.9.2, including denial of service and information disclosure issues related to XML entity expansion. The wordpress package has been updated to version 3.9.2 to fix these issues. See the release announcement for more details...

3AI score
Exploits0References3
Mageia
Mageia
•added 2014/08/12 9:16 a.m.•41 views

Updated kdelibs4 packages fix security vulnerability and various bugs

This update fixes a security vulnerability in the polkit authentication backend of kdelibs CVE-2014-5033 mga13792, and fixes some additional issues: - duplicate targets in PythonMacros.cmake reviewboard kde 111371, - kded4 leak sockets in NetworkInterface::isWireless bko324954, - media type...

6.9CVSS8.2AI score0.00359EPSS
Exploits1References11
Mageia
Mageia
•added 2014/08/12 9:16 a.m.•23 views

Updated drupal packages fix security vulnerability

A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint. The drupal package has been updated to version 7.31 to fix this issue and other bugs. See the upstream advisory and release notes for more details...

3.5AI score
Exploits0References7
Mageia
Mageia
•added 2014/08/12 9:16 a.m.•37 views

Updated wireshark package fix security vulnerabilities

The Catapult DCT2000 and IrDA dissectors could underrun a buffer CVE-2014-5161, CVE-2014-5162. The GSM Management dissector could crash CVE-2014-5163. The RLC dissector could crash CVE-2014-5164. The ASN.1 BER dissector could crash CVE-2014-5165. The wireshark package has been updated to version...

5CVSS6.6AI score0.03252EPSS
Exploits3References7
Mageia
Mageia
•added 2014/08/12 9:16 a.m.•66 views

Updated openssl packages fix security vulnerabilities

A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected...

7.5CVSS6.4AI score0.7408EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/08 11:23 a.m.•44 views

Updated php packages fix security vulnerabilities

Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...

5CVSS8.6AI score0.11814EPSS
Exploits1References6
Mageia
Mageia
•added 2014/08/08 11:23 a.m.•21 views

Updated apache-mod_wsgi package fixes security vulnerability

apache-modwsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were specified to the option supplementary-groups, then memory corrupti...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2014/08/07 5:1 p.m.•44 views

Updated drupal packages fix security vulnerabilities

An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same...

5CVSS6.3AI score0.02772EPSS
Exploits0References11
Mageia
Mageia
•added 2014/08/06 10:31 a.m.•32 views

Updated readline packages fix security vulnerability

Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when...

3.3CVSS8.9AI score0.00432EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/06 10:31 a.m.•36 views

Updated ipython package fixes security vulnerability

In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page CVE-2014-3429...

6.8CVSS6.7AI score0.04665EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/06 10:31 a.m.•41 views

Updated eet packages fix security vulnerability

Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an AP...

5CVSS8AI score0.08103EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/05 9:36 p.m.•87 views

Updated kernel packages fix security vulnerabilities

This kernel update provides the upstream 3.10.50 longterm kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.1CVSS6.5AI score0.05794EPSS
Exploits0References7
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•41 views

Updated polarssl packages fix security vulnerability

A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute...

5CVSS6.7AI score0.02427EPSS
Exploits0References4
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•55 views

Updated file packages fix security vulnerability

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345...

5CVSS7.4AI score0.11814EPSS
Exploits1References3
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•38 views

Updated mediawiki packages fix security vulnerabilities

MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash CVE-2014-5241, XSS in mediawiki.page.image.pagination.js CVE-2014-5242, and clickjacking between OutputPage and ParserOutput CVE-2014-5243. This update provides MediaWiki 1.23.2, fixing these and other issues...

6.8CVSS9.1AI score0.02074EPSS
Exploits3References3
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•34 views

Updated phpmyadmin package fixes security vulnerabilities

In phpMyAdmin before 4.1.14.2, when navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name CVE-2014-4955. In phpMyAdmin before 4.1.14.2, with a crafted column name it is possible to trigger an XSS when dropping the column in table structure page...

4CVSS5.7AI score0.01605EPSS
Exploits0References4
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•47 views

Updated glibc packages fix security issues

Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC and LANG variables. Together with typical OpenSSH configurations with suitable AcceptEnv settings in sshdconfig, this could conceivably be used to...

7.5CVSS7.8AI score0.03922EPSS
Exploits3References4
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•37 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses CVE-2014-4914...

9.8CVSS9.8AI score0.02332EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•27 views

Updated tor package fixes security vulnerability

Tor before 0.2.4.23 maintains a circuit after an inbound RELAYEARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAYEARLY cells as a means of communicating information about hidden service name...

5.8CVSS6.3AI score0.02094EPSS
Exploits0References4
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•51 views

Updated ocsinventory packages fix security vulnerability

Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2014-4722. Also, the web interface has been fixed to work with Apache HTTPD 2.4...

4.3CVSS5.8AI score0.02347EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•39 views

Updated cups packages fix security vulnerability

In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd CVE-2014-3537. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index...

5CVSS9.4AI score0.02911EPSS
Exploits0References3
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•46 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.4, serialised data passed by repositories could potentially contain objects defined by add-ons that could include executable code CVE-2014-3541. In Moodle before 2.6.4, it was possible for manipulated XML files passed from LTI servers to be interpreted by Moodle to allow acce...

7.5CVSS6.6AI score0.04667EPSS
Exploits2References12
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•53 views

Updated kernel packages fix security vulnerabilities

This kernel update provides the upstream 3.12.25 longterm kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.1CVSS6.8AI score0.05794EPSS
Exploits5References5
Mageia
Mageia
•added 2014/08/04 11:12 a.m.•43 views

Updated gcc packages fix security vulnerability and other bugs

Updated gcc packages fix the following security issue: Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code. CVE-2014-5044 They also fix...

9.8CVSS9.7AI score0.05886EPSS
Exploits0References1
Mageia
Mageia
•added 2014/07/29 9:30 p.m.•75 views

Updated apache package fixes security vulnerabilities

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

6.8CVSS7.4AI score0.85744EPSS
Exploits5References3
Mageia
Mageia
•added 2014/07/29 9:30 p.m.•69 views

Updated apache package fixes security vulnerabilities

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

6.8CVSS7.4AI score0.85744EPSS
Exploits7References3
Mageia
Mageia
•added 2014/07/26 1:9 p.m.•55 views

Updated ruby-actionpack packages fix security issues

Updated ruby-actionpack and ruby-activerecord packages fix security vulnerabilities: Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 4.0.5, when certain route globbing configurations are enabled, allows...

7.5CVSS7.1AI score0.53703EPSS
Exploits2References6
Mageia
Mageia
•added 2014/07/26 12:57 p.m.•40 views

Updated cacti package fixes security vulnerabilities

Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been found in Cacti CVE-2014-2326, CVE-2014-2328, CVE-2014-2708, CVE-2014-2709, CVE-2014-4002...

7.5CVSS7.2AI score0.04957EPSS
Exploits3References2
Mageia
Mageia
•added 2014/07/26 12:55 p.m.•19 views

Updated owncloud packages fix an unspecified security vulnerability

Updated owncloud package fixes security vulnerability: Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security vulnerability, as well as many other bugs. See the upstream Changelog for more information...

4.4AI score
Exploits0References2
Mageia
Mageia
•added 2014/07/26 12:52 p.m.•48 views

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-4046. Asterisk Open...

6.5CVSS7AI score0.05679EPSS
Exploits0References5
Mageia
Mageia
•added 2014/07/26 12:49 p.m.•46 views

Updated mariadb package fixes security vulnerabilities

This update provides MariaDB 5.5.38, which fixes several security issues and other bugs...

6.5CVSS7.6AI score0.03911EPSS
Exploits0References4
Mageia
Mageia
•added 2014/07/26 12:46 p.m.•32 views

Updated transmission package fixes security vulnerability

Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code CVE-2014-4909...

6.8CVSS7.7AI score0.05406EPSS
Exploits1References1
Mageia
Mageia
•added 2014/07/26 12:40 p.m.•24 views

Updated avidemux packages fix security issues in the bundles ffmpeg

Updated avidemux packages fix security vulnerabilities: Avidemux built with a bundled set of FFmpeg libraries. The bundled FFmpeg versions have been updated to 0.9.4 in Mageia 3 and 1.2.7 in Mageia 4 to fix several security issues and other bugs fixed upstream in FFmpeg. For the Mageia 3 update,...

3.2AI score
Exploits0References2
Mageia
Mageia
•added 2014/07/26 12:6 p.m.•45 views

Updated live555, vlc & mplayer packages fix several issues

Updated live, mplayer, and vlc packages fix security vulnerabilities: The live555 RTSP streaming server and client libraries before 2013.11.29 are vulnerable to buffer overflows in RTSP command parsing that potentially allow for arbitrary code execution when connected to a malicious client or...

6.8CVSS4.4AI score0.03782EPSS
Exploits0References6
Mageia
Mageia
•added 2014/07/26 11:56 a.m.•44 views

Updated pidgin packages fix CVE-2014-3775

Updated pidgin packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or...

7.5CVSS7.5AI score0.0378EPSS
Exploits0References2
Mageia
Mageia
•added 2014/07/26 11:48 a.m.•38 views

Updated dbus packages fix multiple vulnerabilities

Updated dbus packages fix security vulnerabilities: A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause a service or application to disconnect from the bus, typically resulting in that service or application exiting CVE-2014-3532. A flaw w...

2.1CVSS5.5AI score0.00446EPSS
Exploits0References3
Mageia
Mageia
•added 2014/07/26 11:32 a.m.•43 views

Updated nss, firefox and thunderbird packages fix security vulnerabilities

A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application CVE-2014-1544. Several flaws were found in the processing ...

10CVSS9.9AI score0.06109EPSS
Exploits0References11
Mageia
Mageia
•added 2014/07/26 11:3 a.m.•58 views

Updated java-1.7.0-openjdk packages fix multiple vulnerabilities

Updated java-1.7.0-openjdk packages fix security vulnerabilities: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions CVE-2014-4216...

9.3CVSS6.4AI score0.06118EPSS
Exploits1References4
Mageia
Mageia
•added 2014/07/09 11:21 p.m.•41 views

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...

7.5CVSS6.6AI score0.23024EPSS
Exploits4References2
Mageia
Mageia
•added 2014/07/08 10:50 p.m.•44 views

Updated liblzo packages fix CVE-2014-4607

Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker CVE-2014-4607...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/07/08 10:47 p.m.•38 views

Updated dpkg packages fixes security vulnerabilities

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...

6.4CVSS6.6AI score0.07322EPSS
Exploits1References3
Mageia
Mageia
•added 2014/07/08 10:44 p.m.•51 views

Updated gd and libgd packages fix security vulnerability

The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file CVE-2014-2497...

4.3CVSS8.1AI score0.22319EPSS
Exploits3References2
Mageia
Mageia
•added 2014/07/08 10:41 p.m.•41 views

Updated freerdp packages fix two vulnerabilities

Updated freerdp packages fix security vulnerabilities: Integer overflows in memory allocations in client/X11/xfgraphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors CVE-2014-0250. Integer overflow in the licensereadscopelist functi...

7.5CVSS8.6AI score0.0367EPSS
Exploits1References2
Mageia
Mageia
•added 2014/07/08 10:38 p.m.•46 views

Updated python-simplejson package fixes security vulnerability

Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used as an array index, causing the scanstring function to...

5.9CVSS6.7AI score0.08125EPSS
Exploits1References4
Mageia
Mageia
•added 2014/07/08 10:35 p.m.•60 views

Updated python & python3 packages fix two vulnerabilities

Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...

9.8CVSS7.1AI score0.247EPSS
Exploits6References4
Mageia
Mageia
•added 2014/07/08 10:30 p.m.•84 views

Updated php packages fix multiple vulnerabilities

Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

7.5CVSS8.5AI score0.30128EPSS
Exploits6References3
Mageia
Mageia
•added 2014/07/08 10:29 p.m.•81 views

Updated php packages fix multiple vulnerabilities

Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

7.5CVSS9.5AI score0.30128EPSS
Exploits9References3
Total number of security vulnerabilities6009