Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/05/22 5:17 p.m.•37 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation CVE-2014-1740. John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation...

7.5CVSS6.8AI score0.01648EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/19 6:53 p.m.•45 views

Updated python-django package fix two vulnerabilities

Updated python-django and python-dgango14 packages fix security vulnerabilities: Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or...

6.4CVSS6.4AI score0.03123EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/19 6:46 p.m.•42 views

Updated moodle packages fix multiple vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...

6.8CVSS6.2AI score0.02992EPSS
Exploits0References8
Mageia
Mageia
•added 2014/05/19 6:40 p.m.•60 views

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/05/19 6:37 p.m.•73 views

Updated kernel packages fix multiple vulnerabilities

Updated kernel provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/05/19 6:30 p.m.•69 views

Updated kernel-linus packages fix multiple vulnerabilities

Updated kernel-linus provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of...

7.2CVSS6.6AI score0.22475EPSS
Exploits9References3
Mageia
Mageia
•added 2014/05/19 6:30 p.m.•75 views

Updated kernel-rt packages fix multiple vulnerabilities

Updated kernel-rt provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service...

7.2CVSS6.6AI score0.22475EPSS
Exploits9References3
Mageia
Mageia
•added 2014/05/17 11:41 p.m.•80 views

Updated kernel packages fix multiple vulnerabilities

Updated kernel provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service ho...

7.2CVSS6.6AI score0.22475EPSS
Exploits9References3
Mageia
Mageia
•added 2014/05/17 12:40 a.m.•13 views

Updated miniupnpc packages fix a buffer overrun

Updated miniupnpc packages fix security vulnerability: The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network...

2.8AI score
Exploits0References2
Mageia
Mageia
•added 2014/05/17 12:38 a.m.•32 views

Updated dovecot packages fix security vulnerability

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...

5CVSS6.3AI score0.03331EPSS
Exploits0References4
Mageia
Mageia
•added 2014/05/17 12:20 a.m.•39 views

Updated postgresql packages fix multiple vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

6.5CVSS9.5AI score0.06666EPSS
Exploits6References4
Mageia
Mageia
•added 2014/05/17 12:16 a.m.•19 views

Updated egroupware packages fix a cross site request forgery

Updated egroupware packages fix security vulnerabilities: eGroupWare before 1.8.007 allows logged in users with administrative priviledges to remotely execute arbitrary commands on the server. It is also vulnerable to a cross site request forgery vulnerability that allows creating new...

5.8AI score
Exploits0References3
Mageia
Mageia
•added 2014/05/14 10:15 p.m.•35 views

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.359 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a use-after-free vulnerability that could result in arbitrary code execution...

10CVSS7.4AI score0.08486EPSS
Exploits2References2
Mageia
Mageia
•added 2014/05/14 10:13 p.m.•113 views

Updated struts packages fix CVE-2014-0114

Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...

7.5CVSS9.2AI score0.96121EPSS
Exploits4References2
Mageia
Mageia
•added 2014/05/14 10:10 p.m.•38 views

Updated python-lxml package fix CVE-2014-3146

Updated python-lxml packages fix security vulnerability: The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...

6.1CVSS6.5AI score0.06333EPSS
Exploits1References2
Mageia
Mageia
•added 2014/05/14 10:7 p.m.•33 views

Updated nrpe packages fix CVE-2014-2913

Updated nrpe packages fix security vulnerability: A remote, command execution flaw was discovered in Nagios NRPE when command arguments are enabled. A remote attacker could use this flaw to execute arbitrary commands CVE-2014-2913...

7.5CVSS7.3AI score0.15312EPSS
Exploits6References2
Mageia
Mageia
•added 2014/05/14 10:4 p.m.•46 views

Updated python3 packages fix security vulnerability

It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit fil...

3.3CVSS7.5AI score0.00356EPSS
Exploits0References2
Mageia
Mageia
•added 2014/05/14 10:2 p.m.•54 views

Updated php packages fix CVE-2014-0185

Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user CVE-2014-0185. Additionally updated...

7.2CVSS7.5AI score0.00505EPSS
Exploits1References5
Mageia
Mageia
•added 2014/05/10 7:46 p.m.•59 views

Updated libxml2 packages fix CVE-2014-0191

Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...

4.3CVSS7.8AI score0.081EPSS
Exploits1References2
Mageia
Mageia
•added 2014/05/10 7:44 p.m.•47 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: A type confusion issue was discovered in the v8 javascript library CVE-2014-1730. John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation CVE-2014-1731. Khalil Zhani discovered a...

7.8CVSS6.5AI score0.03252EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/10 7:38 p.m.•38 views

Updated ldns package fixes CVE-2014-3209

Updated ldns packages fix security vulnerability: ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable CVE-2014-3209...

2.1CVSS9AI score0.00376EPSS
Exploits0References2
Mageia
Mageia
•added 2014/05/10 7:36 p.m.•25 views

Updated libpng packages fix two security vulnerabilities

Updated libpng12 packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the pngsetsPLT and pngsettext2 API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly...

6.5CVSS4.3AI score0.02397EPSS
Exploits0References2
Mageia
Mageia
•added 2014/05/10 7:34 p.m.•50 views

Updated libpng packages fix two security vulnerabilities

Updated libpng12 and libpng packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the pngsetsPLT and pngsettext2 API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to...

6.5CVSS4.3AI score0.02397EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/08 9:59 p.m.•13 views

Updated owncloud packages fix several security vulnerabilities

Updated owncloud packages fix security vulnerabilities: Owncloud versions 5.0.16 and 6.0.3 fix several unspecified security vulnerabilities, as well as many other bugs. See the upstream Changelog for more information...

3.5AI score
Exploits0References2
Mageia
Mageia
•added 2014/05/08 9:55 p.m.•81 views

Updated kernel-rt packages fixes multiple bugs and vulneraabilities

Updated kernel-rt provides upstream 3.12.18 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that trigge...

7.4CVSS8.7AI score0.00959EPSS
Exploits10References9
Mageia
Mageia
•added 2014/05/08 9:51 p.m.•48 views

Updated kernel-linus packages fixes multiple bugs and vulnerabilities

Updated kernel-linus provides upstream 3.12.18 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that...

7.4CVSS8.6AI score0.00816EPSS
Exploits3References9
Mageia
Mageia
•added 2014/05/08 9:48 p.m.•61 views

Updated kernel packages fixes multiple bugs and vulnerabilities

Updated kernel provides upstream 3.12.18 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers ...

7.4CVSS8.7AI score0.00959EPSS
Exploits10References9
Mageia
Mageia
•added 2014/05/08 9:29 p.m.•85 views

Updated postgresql packages fix multiple security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

6.5CVSS9.5AI score0.06666EPSS
Exploits6References5
Mageia
Mageia
•added 2014/05/03 4:37 p.m.•37 views

Updated openssl packages fix CVE-2014-0198

Updated openssl packages fix security vulnerability: A null pointer dereference bug in OpenSSL 1.0.1g and earlier in sossl3write could possibly allow an attacker to cause generate an SSL alert which would cause OpenSSL to crash, resulting in a denial of service CVE-2014-0198...

4.3CVSS7.6AI score0.43828EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/03 4:34 p.m.•27 views

Updated couchdb packages fix CVE-2014-2668

Updated couchdb packages fix security vulnerability: Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via the count parameter to /uuids CVE-2014-2668...

5CVSS6.3AI score0.22289EPSS
Exploits1References2
Mageia
Mageia
•added 2014/05/02 6:5 p.m.•24 views

Updated rxvt-unicode packages fix CVE-2014-3121

Updated rxvt-unicode package fixes security vulnerability: rxvt-unicode aka urxvt before 9.20 is vulnerable to a user-assisted arbitrary commands execution issue. This can be exploited by the unprocessed display of certain escape sequences in a crafted text file or program output. Arbitrary comma...

7.6CVSS6.8AI score0.041EPSS
Exploits0References3
Mageia
Mageia
•added 2014/05/02 6:3 p.m.•48 views

Updated firefox & thunderbird packages fix multiple vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

9.8CVSS8.6AI score0.07543EPSS
Exploits5References12
Mageia
Mageia
•added 2014/05/02 5:52 p.m.•37 views

Updated bugzilla package fixes CVE-2014-1517

Updated bugzilla packages fix security vulnerability: The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information...

4CVSS5.8AI score0.01314EPSS
Exploits0References4
Mageia
Mageia
•added 2014/05/02 5:50 p.m.•72 views

Updated bugzilla package fixes multiple vulnerabilities

Updated bugzilla packages fix security vulnerabilities: Cross-site request forgery CSRF vulnerability in processbug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision tok...

6.8CVSS5.8AI score0.02824EPSS
Exploits3References6
Mageia
Mageia
•added 2014/04/30 2:31 p.m.•54 views

Updated flash-player-plugin package fixes CVE-2014-0515

Adobe Flash Player 11.2.202.356 contains a fix to a critical security vulnerability found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a buffer overflow vulnerability that could result in arbitrary code execution...

10CVSS7.6AI score0.94569EPSS
Exploits9References2
Mageia
Mageia
•added 2014/04/28 6:16 p.m.•31 views

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action CVE-2014-2853...

4.3CVSS8.7AI score0.02397EPSS
Exploits0References3
Mageia
Mageia
•added 2014/04/28 3:54 p.m.•42 views

Updated python-django packages fix multiple vulnerabilities

Updated python-django and python-dgango14 packages fix security vulnerabilities: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulti...

10CVSS6.8AI score0.0565EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/27 9:17 p.m.•34 views

Updated wireshark package fixes CVE-2014-2907

Updated wireshark packages fix security vulnerabilities: The RTP dissector could crash CVE-2014-2907. This update provides Wireshark version 1.10.7, which fixes this security issue, as well as several other bugs...

4.3CVSS6.4AI score0.02111EPSS
Exploits1References4
Mageia
Mageia
•added 2014/04/24 7:11 p.m.•57 views

Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

4.3CVSS8.5AI score0.01478EPSS
Exploits2References5
Mageia
Mageia
•added 2014/04/24 7:10 p.m.•35 views

Updated cups packages fix CVE-2014-2856

Updated cups packages fix security vulnerability: Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function CVE-2014-2856...

4.3CVSS5.7AI score0.01639EPSS
Exploits0References3
Mageia
Mageia
•added 2014/04/24 7:4 p.m.•48 views

Updated squid package fixes CVE-2014-0128

Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128...

5CVSS6.3AI score0.32862EPSS
Exploits1References5
Mageia
Mageia
•added 2014/04/24 7:2 p.m.•55 views

Updated ruby-rails and associated packages fix multiple vulnerabilities

Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended CVE-2014-0080. There is an XSS vulnerability in th...

6.8CVSS6.6AI score0.04032EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/23 4:16 p.m.•32 views

Updated libmms packages fix CVE-2014-2892

Updated libmms packages fix security vulnerability: The libmms library before 0.6.4 is vulnerable to a buffer overflow in getanswer in src/mmsh.c. It may be triggered via an overly long line of a MMSH MMS over HTTP server response, effectively overflowing the buffer which has a static size...

7.5CVSS6.8AI score0.06147EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/23 4:13 p.m.•46 views

Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities

Updated java-1.7.0-openjdk packages fix security vulnerabilities: An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application...

10CVSS7.6AI score0.07571EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/23 4:7 p.m.•17 views

Updated systemd packages fix a buffer overflow

A stack-based buffer overflow was found in systemd-ask-password, a utility used to query a system password or passphrase from the user, using a question message specified on the command line. A local user could this flaw to crash the binary or even execute arbitrary code with the permissions of t...

3.3AI score
Exploits0References2
Mageia
Mageia
•added 2014/04/23 4:4 p.m.•71 views

Updated openssl packages fix CVE-2010-5298

Updated openssl packages fix security vulnerability: A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or...

4CVSS2.2AI score0.34132EPSS
Exploits0References2
Mageia
Mageia
•added 2014/04/23 4:1 p.m.•37 views

Updated nagios packages fix CVE-2014-1878

Updated nagios packages fix security vulnerability: Stack-based buffer overflow in the cmdsubmitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service segmentatio...

5CVSS7.8AI score0.03134EPSS
Exploits0References2
Mageia
Mageia
•added 2014/04/20 6:54 p.m.•33 views

Updated virtualbox packages fixes security vulnerabilities

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer ...

6.9CVSS7.2AI score0.08195EPSS
Exploits12References5
Mageia
Mageia
•added 2014/04/20 6:48 p.m.•52 views

Updated virtualbox packages fixes security vulnerabilities

Multiple vulnerabilities in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core CVE-2013-5892, CVE-2014-0404, CVE-2014-0405,...

6.9CVSS7.4AI score0.08195EPSS
Exploits12References5
Mageia
Mageia
•added 2014/04/20 11:43 a.m.•65 views

Updated chromium-browser packages fix multiple security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue CVE-2014-1716, OOB access CVE-2014-1717, memory corruption CVE-2014-1721, and other vulnerabilities fixed in V8 version 3.24.35.22 CVE-2014-1729...

7.5CVSS7.1AI score0.01934EPSS
Exploits10References2
Total number of security vulnerabilities6009