Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/07/04 6:26 p.m.•58 views

Updated file packages fix security vulnerabilities

A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...

6.5CVSS7.6AI score0.15176EPSS
Exploits1References2
Mageia
Mageia
•added 2014/07/04 6:22 p.m.•53 views

Updated ffmpeg packages fix security vulnerabilities

A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service CVE-2012-5150. The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 1.1.9 does not properly validate a certain bits-per-sample...

8.8CVSS9.3AI score0.04468EPSS
Exploits3References5
Mageia
Mageia
•added 2014/07/04 6:14 p.m.•78 views

Updated ffmpeg packages fix security vulnerabilities

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

8.8CVSS9.3AI score0.04468EPSS
Exploits3References5
Mageia
Mageia
•added 2014/07/04 5:57 p.m.•32 views

Updated samba packages fix multiple vulnerabilities

Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled CVE-2014-0178. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial...

3.5CVSS8.9AI score0.20481EPSS
Exploits0References5
Mageia
Mageia
•added 2014/07/04 5:51 p.m.•32 views

Updated libxfont packages fix security vulnerabilities

Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges CVE-2014-0209. Ilja van Sprundel discovered that libXfont incorrectly handled...

7.5CVSS8.1AI score0.04362EPSS
Exploits0References3
Mageia
Mageia
•added 2014/06/27 3:38 p.m.•20 views

Updated iodine packages fix CVE-2014-4168

Updated iodine packages fix security vulnerability: Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this...

5CVSS6.5AI score0.03752EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/27 3:8 p.m.•43 views

Updated gnupg & gnupg2 packages fixes CVE-2014-4617

Updated gnupg and gnupg2 packages fix security vulnerability: GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop CVE-2014-4617...

5CVSS6.1AI score0.03305EPSS
Exploits0References4
Mageia
Mageia
•added 2014/06/27 3:3 p.m.•35 views

Updated phpmyadmin packages fix CVE-2014-4349

Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be...

3.5CVSS5.7AI score0.0213EPSS
Exploits1References2
Mageia
Mageia
•added 2014/06/27 2:57 p.m.•43 views

Updated ctdb package fixes CVE-2013-4159

Updated ctdb packages fix security vulnerability: ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket CVE-2013-4159...

7.5CVSS1.9AI score0.02371EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/22 9:13 p.m.•83 views

Updated kernel packages fixes security vulnerabilities

The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to...

7.8CVSS7AI score0.37233EPSS
Exploits22References5
Mageia
Mageia
•added 2014/06/20 7:48 p.m.•16 views

Updated pdns & pdns-recursor packages fix a denial of service vulnerability

Updated pdns and pdns-recursor packages fix security vulnerability: PowerDNS recursor is vulnerable to a denial of service due to a bug that causes it to exhaust the maximum number of file descriptors that are available to a process. The pdns and pdns-recursor packages have been patched to fix th...

3.5AI score
Exploits0References3
Mageia
Mageia
•added 2014/06/20 7:43 p.m.•47 views

Updated smb4k packages fix CVE-2014-2581

Updated smb4k packages fix security vulnerability: Smb4k before 1.1.1 allows the cruid CIFS mount option to be specified by the user CVE-2014-2581. The smb4k package has been updated to version 1.1.2, which fixes this issue and also contains several other bug fixes and additions...

7.5CVSS7.5AI score0.02632EPSS
Exploits0References5
Mageia
Mageia
•added 2014/06/20 7:41 p.m.•40 views

Updated sendmail packages fix CVE-2014-3956

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...

1.9CVSS6.4AI score0.0063EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/20 7:37 p.m.•15 views

Updated ansible package provides minor security fixes

Ansible has been patched with minor security fixes to safeeval and aptrepository that were fixed upstream in version 1.5.5...

3.8AI score
Exploits0References3
Mageia
Mageia
•added 2014/06/19 8:30 p.m.•46 views

Updated tomcat and tomcat6 packages fix security vulnerabilities

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunked transfer coding o...

5CVSS8.4AI score0.2006EPSS
Exploits1References3
Mageia
Mageia
•added 2014/06/19 8:26 p.m.•46 views

Updated cups-filter packages fix security vulnerabilities

In cups-filters before 1.0.53, out-of-bounds accesses in the processbrowsedata function when reading the packet variable could leading to a crash, thus resulting in a denial of service CVE-2014-4337. In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf a...

5.8CVSS6.2AI score0.03007EPSS
Exploits0References4
Mageia
Mageia
•added 2014/06/18 8:50 p.m.•64 views

Updated kernel packages fixes security vulnerabilities.

Updated kernel packages fixes security vulnerabilities. The kernel has been updated to the upstream 3.12.21 longterm kernel, and fixes the following security issues: media-device: fix infoleak in ioctl mediaenumentities CVE-2014-1739 The futexrequeue function in kernel/futex.c in the Linux kernel...

7.8CVSS7AI score0.37233EPSS
Exploits17References2
Mageia
Mageia
•added 2014/06/18 7:25 p.m.•35 views

Updated dbus packages fix security vulnerability

Updated dbus packages fix security vulnerability: A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusu...

4CVSS5.4AI score0.00444EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/18 6:5 p.m.•32 views

Updated wireshark packages fix CVE-2014-4020

Updated wireshark packages fix security vulnerabilities: The frame metadissector could crash CVE-2014-4020...

4.3CVSS6.4AI score0.01413EPSS
Exploits1References4
Mageia
Mageia
•added 2014/06/18 6:2 p.m.•43 views

Updated qt3 packages fix security vulnerabilities

Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted...

5CVSS7.1AI score0.03957EPSS
Exploits0References7
Mageia
Mageia
•added 2014/06/18 5:55 p.m.•54 views

Updated musl package fixes CVE-2014-3484

Updated musl package fixes security vulnerability: A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo,...

9.8CVSS9.4AI score0.02204EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/13 10:2 p.m.•33 views

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.378 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves cross-site-scripting vulnerabilities CVE-2014-0531, CVE-2014-0532, CVE-2014-0533. Th...

10CVSS7.6AI score0.10912EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/11 5:13 p.m.•44 views

Updated firefox & thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.8AI score0.05951EPSS
Exploits0References8
Mageia
Mageia
•added 2014/06/11 4:56 p.m.•40 views

Updated iceape packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service memory corruption and...

9.8CVSS9.7AI score0.07543EPSS
Exploits7References11
Mageia
Mageia
•added 2014/06/06 5:54 p.m.•47 views

Updated php packages fix CVE-2014-0237-8

Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...

5CVSS7.2AI score0.20805EPSS
Exploits0References5
Mageia
Mageia
•added 2014/06/06 5:45 p.m.•28 views

Updated perl-LWP-Protocol-https package fixes CVE-2014-3230

Updated perl-LWP-Protocol-https package fixes security vulnerability: It was reported that libwww-perl LWP, when using IO::Socket::SSL the default and when the HTTPSCADIR or HTTPSCAFILE environment variables were set, would disable server certificate verification, when the intent was to only...

5.9CVSS6AI score0.01602EPSS
Exploits1References2
Mageia
Mageia
•added 2014/06/06 2:33 p.m.•54 views

Updated tor packages fix multiple vulnerabilities

Update to version 0.2.4.22 which solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL CVE-2014-0160. - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. -...

7.5CVSS7.9AI score0.99999EPSS
Exploits88References2
Mageia
Mageia
•added 2014/06/06 10:31 a.m.•91 views

Updated openssl packages fix multiple vulnerabilties

Updated openssl packages fix security vulnerabilities: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a...

7.4CVSS8.6AI score0.99977EPSS
Exploits13References4
Mageia
Mageia
•added 2014/06/06 10:27 a.m.•38 views

Updated wordpress package fixes multiple vulnerabilities

Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php CVE-2014-0165. The wpvalidateauthcookie...

6.4CVSS6.3AI score0.0893EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/06 6:8 a.m.•31 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...

2.6CVSS5.9AI score0.02097EPSS
Exploits0References4
Mageia
Mageia
•added 2014/06/06 5:52 a.m.•53 views

Updated file packages fix CVE-2014-0237-8

Updated file packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files CDF format parser handle CDF files with many summary info entries. The cdfunpacksummaryinfo function unnecessarily repeatedly read the info from the same offset. This led to many...

5CVSS7.1AI score0.20805EPSS
Exploits0References3
Mageia
Mageia
•added 2014/06/06 5:49 a.m.•38 views

Updated libcap-ng packages fix CVE-2014-3215

Updated libcap-ng packages fix security vulnerability: capnglock in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without...

6.9CVSS6.6AI score0.00357EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/06 5:47 a.m.•34 views

Updated emacs packages fix CVE-2014-3421-4

Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424...

3.3CVSS6.3AI score0.00347EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/04 8:44 p.m.•55 views

Updated chkrootkit packages fix CVE-2014-0476 and a false positive

Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit usually root, allowing the attacker to escalate privileges CVE-2014-0476. The Mageia 3 update...

3.7CVSS6.1AI score0.03828EPSS
Exploits6References3
Mageia
Mageia
•added 2014/06/02 6:47 p.m.•43 views

Updated gnutls packages fix CVE-2104-3465-6

Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...

6.8CVSS8.7AI score0.11221EPSS
Exploits1References4
Mageia
Mageia
•added 2014/06/02 6:44 p.m.•39 views

Updated libtasn1 packages fix CVE-2014-3467-9

Updated libtasn1 packages fix security vulnerabilities: Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash CVE-2014-3467. It was...

7.5CVSS6AI score0.068EPSS
Exploits0References5
Mageia
Mageia
•added 2014/05/30 7:50 a.m.•29 views

Updated libgadu package fixes CVE-2014-3775

Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, o...

7.5CVSS7.6AI score0.0378EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/30 7:47 a.m.•29 views

Updated mumble packages fix two security vulnervabilitites

Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...

5CVSS6AI score0.02521EPSS
Exploits1References4
Mageia
Mageia
•added 2014/05/29 7:7 a.m.•53 views

Updated mono packages fix security vulnerability

Mono 2.10.9 does not properly randomize hash functions for form posts to protect against hash collision attacks. A remote attacker could send specially crafted parameters, possibly resulting in a Denial of Service condition CVE-2012-3543...

7.5CVSS4AI score0.02583EPSS
Exploits1References2
Mageia
Mageia
•added 2014/05/29 7:1 a.m.•48 views

Updated libvirt packages fix multiple vulnerabilities

Updated libvirt packages fix security vulnerabilities: The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...

5.8CVSS7.2AI score0.00573EPSS
Exploits0References6
Mageia
Mageia
•added 2014/05/29 6:58 a.m.•31 views

Updated cifs-utils packages fix CVE-2014-2830

Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c CVE-2014-2830...

10CVSS6.8AI score0.05178EPSS
Exploits1References2
Mageia
Mageia
•added 2014/05/29 6:55 a.m.•44 views

Updated qt4 and qtbase5 packages fix security vulnerability

A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...

4.3CVSS8.4AI score0.03957EPSS
Exploits0References5
Mageia
Mageia
•added 2014/05/29 6:52 a.m.•38 views

Updated qt4 packages fix security vulnerability

A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...

4.3CVSS8.4AI score0.03957EPSS
Exploits0References4
Mageia
Mageia
•added 2014/05/24 7:23 a.m.•36 views

Updated mariadb packages fix security vulnerabilities

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML CVE-2014-0384. Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and...

6.5CVSS5AI score0.04963EPSS
Exploits0References4
Mageia
Mageia
•added 2014/05/23 10:7 p.m.•51 views

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/05/23 10:4 p.m.•61 views

Updated kernel-rt packages fix multiple vulnerabilities

Updated kernel-rt provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of servi...

7.4CVSS7.5AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/05/23 10:2 p.m.•66 views

Updated kernel-tmb packages fix multiple vulnerabilities

Updated kernel-tmb provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/05/23 9:59 p.m.•60 views

Updated kernel-linus packages fix multiple security vulnerabilities

Updated kernel-linus provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/05/23 9:57 p.m.•60 views

Updated kernel-tmb packages fix multiple bugs and vulnerabilities

Updated kernel-tmb provides upstream 3.12.20 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that...

7.4CVSS7.6AI score0.22475EPSS
Exploits19References10
Mageia
Mageia
•added 2014/05/22 5:26 p.m.•21 views

Updated webmin package fixes security vulnerabilities

Updated webmin package fix security vulnerabilities: Webmin has been updated to version 1.690, which fixes a security issue in the cron module and several XSS issues in pop-up windows...

4.3AI score
Exploits0References2
Total number of security vulnerabilities6009