Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/04/17 8:33 p.m.•48 views

Updated openjpeg packages fix security vulnerability

Updated openjpeg packages fix security vulnerability: A heap-based buffer overflow was found in the way openjpeg parsed certain image files from a JPEG2000 image. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash or,...

8.8CVSS9.2AI score0.01828EPSS
Exploits0References2
Mageia
Mageia
•added 2014/04/17 8:30 p.m.•33 views

Updated cups-filters packages fix security vulnerability

Updated cups-filters packages fix security vulnerability: Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups- browsed daemon CVE-2014-2707. Note that only systems that have enabled the affected feature by usin...

8.3CVSS7.1AI score0.01174EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/17 8:26 p.m.•34 views

Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

5CVSS1.7AI score0.0267EPSS
Exploits2References2
Mageia
Mageia
•added 2014/04/17 8:20 p.m.•38 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerability: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a...

5CVSS2.8AI score0.0304EPSS
Exploits1References5
Mageia
Mageia
•added 2014/04/16 1:16 p.m.•27 views

Updated elfutils package fixes CVE-2014-0172

Updated elfutils packages fix security vulnerability: The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in checksection, leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause ...

6.8CVSS7.4AI score0.04031EPSS
Exploits0References2
Mageia
Mageia
•added 2014/04/16 1:12 p.m.•35 views

Updated fail2ban packages fix security issues

An update to fail2ban 0.8.13 has been released to fix security issues, amongst other bugfixes. fail2ban versions prior to 0.8.11 would allow a remote unauthenticated attacker to cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services...

5CVSS6.5AI score0.03235EPSS
Exploits2References3
Mageia
Mageia
•added 2014/04/16 1:8 p.m.•45 views

Updated json-c packages fix security vulnerabilities

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...

5CVSS1.1AI score0.04511EPSS
Exploits1References3
Mageia
Mageia
•added 2014/04/15 6:28 p.m.•25 views

Updated jbigkit packages fix CVE-2013-6369

Updated jbigkit packages fix security vulnerability: Florian Weimer found a stack-based buffer overflow flaw in the libjbig library part of jbigkit. A specially-crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary cod...

6.8CVSS3.3AI score0.03449EPSS
Exploits0References3
Mageia
Mageia
•added 2014/04/15 6:25 p.m.•33 views

Updated tigervnc packages fix CVE-2014-0011

Updated tigervnc packages fix security vulnerability: A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute...

9.8CVSS9.7AI score0.02494EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/15 6:22 p.m.•43 views

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request...

7.5CVSS7.5AI score0.1639EPSS
Exploits2References3
Mageia
Mageia
•added 2014/04/15 6:22 p.m.•76 views

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.6.1, a 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an...

7.5CVSS8.3AI score0.1639EPSS
Exploits3References5
Mageia
Mageia
•added 2014/04/15 6:10 p.m.•41 views

Updated cups-filters packages fix security vulnerabilities

Updated cups-filters packages fix security vulnerabilities: Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user CVE-2013-6473. Florian Weimer discovere...

6.8CVSS7.5AI score0.03429EPSS
Exploits2References2
Mageia
Mageia
•added 2014/04/09 3:40 p.m.•43 views

Updated flash-player-plugin package fixes multiple vulnerabilities

Adobe Flash Player 11.2.202.350 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a use-after-free vulnerability that could result in...

10CVSS7.6AI score0.0761EPSS
Exploits4References2
Mageia
Mageia
•added 2014/04/09 5:36 a.m.•43 views

Updated squid packages fix CVE-2014-0128

Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128...

5CVSS6.3AI score0.32862EPSS
Exploits1References4
Mageia
Mageia
•added 2014/04/09 5:30 a.m.•15 views

Updated perl-Authen-Captcha package uses randomly generated filenames

An issue in previous versions of perl-Authen-Captcha is that the generated public string file name of the picture for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. This new version of...

3.9AI score
Exploits0References2
Mageia
Mageia
•added 2014/04/08 12:49 p.m.•55 views

Updated openssh packages fix CVE-2014-2653

Updated openssh packages fix security vulnerability: Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a...

6.5CVSS6.1AI score0.01988EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/08 7:58 a.m.•70 views

Updated openssl package fix two security vulnerabilities

Updated openssl packages fix security vulnerability: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

7.5CVSS6.6AI score0.99999EPSS
Exploits89References3
Mageia
Mageia
•added 2014/04/04 5:54 p.m.•20 views

Updated libzip package fixes crashes using php-zip

The libzip library has been updated to version 0.11.2, which fixes crashes that affected php-zip and possibly other users of the library...

3.1AI score
Exploits0References2
Mageia
Mageia
•added 2014/04/04 5:33 p.m.•52 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the file utility contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. A flaw was foun...

5CVSS8.4AI score0.0507EPSS
Exploits1References8
Mageia
Mageia
•added 2014/04/04 12:8 p.m.•82 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the file utility contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. A flaw was foun...

5CVSS8.2AI score0.0507EPSS
Exploits1References7
Mageia
Mageia
•added 2014/04/04 10:58 a.m.•31 views

Updated a2ps packages fix CVE-2014-0466

Updated a2ps packages fix security vulnerability: Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges...

6.8CVSS7.7AI score0.02344EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/03 5:23 p.m.•65 views

Updated moodle packages fix multiple security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.9, question strings were not being filtered correctly possibly allowing cross site scripting, as quizquestiontostring can cause invalid HTML CVE-2014-2571. Feedback Availability dates not honored in complete.php in Moodle...

6.8CVSS6.1AI score0.02405EPSS
Exploits0References11
Mageia
Mageia
•added 2014/04/03 3:18 p.m.•50 views

Updated python-pillow packages fix insecure use of temporary files

Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created via mktemp in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perfo...

4.4CVSS8.6AI score0.00492EPSS
Exploits2References4
Mageia
Mageia
•added 2014/04/03 3:18 p.m.•44 views

Updated python-imaging package fixes insecure use of temporary files

Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created via mktemp in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perfo...

4.4CVSS8.6AI score0.00492EPSS
Exploits2References4
Mageia
Mageia
•added 2014/04/03 1:29 p.m.•38 views

Updated mediawiki packages fix CVE-2014-2665

Updated mediawiki packages fix security vulnerability: Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity CVE-2014-2665. MediaWiki has been...

4CVSS7.7AI score0.0106EPSS
Exploits1References3
Mageia
Mageia
•added 2014/04/03 1:23 p.m.•45 views

Updated ruby-rack-ssl packages fix CVE-2014-2538

Updated ruby-rack-ssl packages fix security vulnerabilities: Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters su...

4.3CVSS5.6AI score0.0219EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/03 1:7 a.m.•43 views

Updated springframework packages fix multiple vulnerabilities

Updated springframework packages fix security vulnerabilities: Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities CVE-2014-0054. Spring MVC introduces a cross-site scripting vulnerability if the action on a Spring form is not specified CVE-2014-1904...

6.8CVSS7.2AI score0.91354EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/03 1:2 a.m.•43 views

Updated perl-YAML-LibYAML package fixes security vulnerabilies

Updated perl-YAML-LibYAML packages fix security vulnerabilities: Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag...

6.8CVSS8AI score0.09312EPSS
Exploits2References3
Mageia
Mageia
•added 2014/04/03 12:56 a.m.•55 views

Updated curl packages fix multiple vulnerabilities

Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user CVE-2014-0015. libcu...

6.4CVSS6.8AI score0.05599EPSS
Exploits1References5
Mageia
Mageia
•added 2014/04/03 12:50 a.m.•43 views

Updated xalan-j2 packages fix CVE-2014-0107

Updated xalan-j2 packages fix security vulnerability: Nicolas Gregoire discovered several vulnerabilities in libxalan2-java. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution CVE-2014-0107...

7.5CVSS9.2AI score0.13809EPSS
Exploits2References2
Mageia
Mageia
•added 2014/04/03 12:43 a.m.•55 views

Updated php-ZendFramework packages fix multiple vulnerabilities

Updated php-ZendFramework packages fix security vulnerabilities: XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform oth...

7.5CVSS9.6AI score0.02802EPSS
Exploits0References6
Mageia
Mageia
•added 2014/04/03 12:33 a.m.•37 views

Updated libyaml package fixes security vulnerability

Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application t...

6.8CVSS8.3AI score0.09264EPSS
Exploits2References2
Mageia
Mageia
•added 2014/04/03 12:16 a.m.•48 views

Updated tomcat package fixes security vulnerabilities

Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via 1 multiple...

5.8CVSS3.3AI score0.16833EPSS
Exploits5References2
Mageia
Mageia
•added 2014/04/03 12:16 a.m.•54 views

Updated tomcat package fixes security vulnerabilities

Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling 1 a large total amount of chunked data or 2 whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data CVE-2013-4322...

5.8CVSS3.2AI score0.16833EPSS
Exploits5References2
Mageia
Mageia
•added 2014/03/31 9:16 p.m.•26 views

Updated perltidy package fixes security vulnerability

perltidy's maketemporaryfilename function insecurely created temporary files via the use of the tmpnam function. A local attacker could use this flaw to perform a symbolic link attack CVE-2014-2277...

7.1CVSS6.6AI score0.00354EPSS
Exploits0References2
Mageia
Mageia
•added 2014/03/31 7:47 p.m.•61 views

Updated iceape packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service memory corruption and...

10CVSS10.1AI score0.83633EPSS
Exploits22References16
Mageia
Mageia
•added 2014/03/31 7:44 p.m.•31 views

Updated 389-ds-base package fixes security vulnerability

It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This...

6.5CVSS6.6AI score0.0219EPSS
Exploits2References2
Mageia
Mageia
•added 2014/03/31 7:40 p.m.•32 views

Updated stunnel package fixes security vulnerability

A flaw was found in the way stunnel, a socket wrapper which can provide SSL support to ordinary applications, performed reinitialization of PRNG after fork. When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset...

4.3CVSS7.2AI score0.02155EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/31 7:38 p.m.•49 views

Updated openssh packages fix CVE-2014-2532

Updated openssh packages fix security vulnerability: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...

5.8CVSS6AI score0.04751EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/31 7:34 p.m.•61 views

Updated file packages fix security vulnerabilities

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

5CVSS4.9AI score0.0304EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/31 7:30 p.m.•30 views

Updated mutt package fixes security vulnerability

A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the us...

5CVSS7.5AI score0.05155EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/24 7:40 a.m.•45 views

Updated python3 package fixes security vulnerabilities

ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips CVE-2013-7338...

7.1CVSS2.1AI score0.05055EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/24 7:37 a.m.•44 views

Updated python package fixes security vulnerabilities

Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...

7.5CVSS2.6AI score0.03913EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/23 9:10 a.m.•37 views

Updated samba packages fix security vulnerability

In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

5CVSS2.5AI score0.10642EPSS
Exploits0References2
Mageia
Mageia
•added 2014/03/20 6:33 p.m.•52 views

Updated nss, firefox and thunderbird packages fix security vulnerabilities

In the NSS library before version 3.16, in a wildcard certificate, the wildcard character was embedded within the U-label of an internationalized domain name, which is not in accordance with RFC 6125 CVE-2014-1492. Several flaws were found in the processing of malformed web content. A web page...

10CVSS9.1AI score0.83633EPSS
Exploits19References14
Mageia
Mageia
•added 2014/03/19 5:57 p.m.•49 views

Updated nginx package fixes security vulnerability

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133...

7.5CVSS9.7AI score0.09293EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/19 5:40 p.m.•44 views

Updated apache packages fix security vulnerabilities

Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098...

5CVSS7.4AI score0.26831EPSS
Exploits2References2
Mageia
Mageia
•added 2014/03/19 5:33 p.m.•45 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use-after-free in speech CVE-2014-1700. UXSS in events CVE-2014-1701. Use-after-free in web database CVE-2014-1702. Potential sandbox escape due to a use-after-free in web sockets CVE-2014-1703. Multiple vulnerabilities in V8 fixed in version 3.23.17.18 CVE-2014-1704. Memory corruption in V8...

10CVSS7.1AI score0.04822EPSS
Exploits3References3
Mageia
Mageia
•added 2014/03/19 5:28 p.m.•49 views

Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

9.8CVSS10.1AI score0.61665EPSS
Exploits4References3
Mageia
Mageia
•added 2014/03/15 4:32 p.m.•18 views

Updated webmin package fixes security vulnerabilities

Webmin has been updated to version 1.680, which fixes some security issues in the PHP Configuration and Webalizer modules, as well as several other bugs...

3.4AI score
Exploits0References2
Total number of security vulnerabilities6009