Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2013/12/06 10:2 p.m.•29 views

Updated pixman package fixes security vulnerability

Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash CVE-2013-6425...

5CVSS3.7AI score0.0288EPSS
Exploits0References4
Mageia
Mageia
•added 2013/12/06 10:0 p.m.•45 views

Updated gimp package fixes security vulnerabilities

An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System XWD image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrar...

6.8CVSS4.6AI score0.04191EPSS
Exploits0References2
Mageia
Mageia
•added 2013/12/06 9:55 p.m.•27 views

Updated links package fixes security vulnerability

Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode CVE-2013-6050...

4.3CVSS3AI score0.01221EPSS
Exploits0References2
Mageia
Mageia
•added 2013/12/06 9:42 p.m.•17 views

Updated openttd package fixes security vulnerability

A missing validation in OpenTTD before 1.3.3 allows remote attackers to cause a denial of service crash by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed CVE-2013-6411...

5CVSS6.5AI score0.03305EPSS
Exploits1References4
Mageia
Mageia
•added 2013/11/30 9:42 p.m.•39 views

Updated quassel package fixes security vulnerability

Security vulnerability in Quassel before 0.9.2 through which a manipulated, but properly authenticated client was able to retrieve the backlog of other users on the same core in some cases CVE-2013-6404...

4CVSS3.6AI score0.02059EPSS
Exploits1References4
Mageia
Mageia
•added 2013/11/30 9:40 p.m.•26 views

Updated ganglia-web package fixes security vulnerability

XSS issue in ganglia-web makes it possible to execute JavaScript in victims' browser after tricking the victim into opening a specially crafted URL CVE-2013-6395...

4.3CVSS2.9AI score0.02199EPSS
Exploits1References2
Mageia
Mageia
•added 2013/11/30 9:37 p.m.•38 views

Updated subversion package fixes security vulnerabilities

moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured b...

3.5CVSS0.4AI score0.07858EPSS
Exploits0References4
Mageia
Mageia
•added 2013/11/30 9:35 p.m.•40 views

Updated drupal package fixes security vulnerabilities

Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations CVE-2013-6385. Drupal core directly used the mtrand pseudorandom number...

6.8CVSS0.03072EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/30 9:33 p.m.•73 views

Updated busybox package fixes security vulnerability

It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree CVE-2013-1813...

7.2CVSS2AI score0.00623EPSS
Exploits5References2
Mageia
Mageia
•added 2013/11/30 9:31 p.m.•37 views

Updated 389-ds-base package fixes CVE-2013-4485

Updated 389-ds-base packages fix security vulnerability: It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights GER search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able ...

4CVSS1.4AI score0.01992EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/30 9:24 p.m.•55 views

Updated moodle package fixes security vulnerabilities

Some files were being delivered with incorrect headers in Moodle before 2.4.7, meaning they could be cached downstream CVE-2013-4522. Cross-site scripting in Moodle before 2.4.7 due to JavaScript in messages being executed on some pages CVE-2013-4523. The file system repository in Moodle before...

6.8CVSS2.8AI score0.01838EPSS
Exploits4References7
Mageia
Mageia
•added 2013/11/30 9:20 p.m.•44 views

Updated graphicsmagick packages fix CVE-2013-4589

Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service DoS. The vulnerability is caused due to an error within the "ExportAlphaQuantumType" function found in...

4.3CVSS1.8AI score0.02328EPSS
Exploits1References4
Mageia
Mageia
•added 2013/11/30 9:17 p.m.•46 views

Updated gnutls package fixes security vulnerability

A DNS server that returns more 4 DANE entries could corrupt the memory of a requesting client using the DANE library from GnuTLS before 3.1.15 and 3.2.5 CVE-2013-4466. This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs...

5CVSS4.1AI score0.01978EPSS
Exploits0References6
Mageia
Mageia
•added 2013/11/30 9:15 p.m.•42 views

Updated polarssl, pdns & ragel packages fix CVE-2013-5915

Updated polarssl packages fix security vulnerability: The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount ...

4.3CVSS2.5AI score0.02143EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/22 7:20 p.m.•26 views

Updated perl-HTTP-Body packages fix CVE-2013-4407

Updated perl-HTTP-Body package fixes security vulnerability: Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...

6.8CVSS0.2AI score0.02877EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/22 7:16 p.m.•56 views

Updated bip packages fix CVE-2013-4550

Updated bip package fixes security vulnerability: bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a resource leak. A remote attacker can use this flaw to cause bip to run out of resources, resulting in a denial of service CVE-2013-4550...

5.1CVSS2.2AI score0.02224EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/22 7:14 p.m.•46 views

Updated graphicsmagick packages fix CVE-2013-4589

Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service DoS. The vulnerability is caused due to an error within the "ExportAlphaQuantumType" function found in...

4.3CVSS1.8AI score0.02328EPSS
Exploits1References4
Mageia
Mageia
•added 2013/11/22 7:12 p.m.•54 views

Updated nginx packages fix CVE-2013-4547

Updated nginx package fixes security vulnerability: Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact CVE-2013-4547...

7.5CVSS3AI score0.67718EPSS
Exploits15References2
Mageia
Mageia
•added 2013/11/22 7:10 p.m.•38 views

Updated samba packages fix CVE-2013-4475

Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream CVE-2013-4475. Samba is not configured by default to support alternate data streams, so only servers that have enabled the...

4CVSS3.2AI score0.09017EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/22 7:9 p.m.•32 views

Updated wireshark packages fix multiple vulnerabilities

Updated wireshark packages fix security vulnerabilities: The IEEE 802.15.4 dissector could crash CVE-2013-6336. The NBAP dissector could crash CVE-2013-6337. The SIP dissector could crash CVE-2013-6338. The OpenWire dissector could go into a large loop CVE-2013-6339. The TCP dissector could crash...

4.3CVSS1.2AI score0.01987EPSS
Exploits2References8
Mageia
Mageia
•added 2013/11/22 7:6 p.m.•55 views

Updated kernel-vserver package fixes security vulnerabilites.

This kernel-vserver update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/11/22 7:4 p.m.•62 views

Updated kernel-rt package fixes security vulnerabilites.

This kernel-rt update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers t...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/11/22 7:1 p.m.•71 views

Updated kernel-tmb package fixes security vulnerabilites.

This kernel-tmb update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers ...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/11/22 7:0 p.m.•54 views

Updated kernel-linus package fixes security vulnerabilites.

This kernel-linus update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attacker...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/11/22 6:57 p.m.•66 views

Updated kernel package fixes security vulnerabilites.

This kernel update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/11/22 6:49 p.m.•38 views

Updated qemu package fixes security vulnerability

A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code...

7.2CVSS2.6AI score0.00434EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/22 6:44 p.m.•66 views

Updated glibc package fixes security vulnerabilities

Updated glibc packages fixes the following security issues: Integer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which triggers a...

7.5CVSS5.2AI score0.16665EPSS
Exploits7References8
Mageia
Mageia
•added 2013/11/22 6:40 p.m.•42 views

Updated memcached packages fix CVE-2011-4971

Updated memcached packages fix security vulnerability: Memcached is vulnerable to a denial of service as it can be made to crash when it receives a specially crafted packet over the network CVE-2011-4971. The updated packages have been upgraded to the 1.4.15 version and patched to resolve this fl...

5CVSS3.9AI score0.22317EPSS
Exploits3References3
Mageia
Mageia
•added 2013/11/20 8:56 p.m.•44 views

Updated curl packages fix CVE-2013-4545

Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPTSSLVERIFYHOST check when the CURLOPTSSLVERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled...

4.3CVSS0.9AI score0.03076EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/20 8:54 p.m.•49 views

Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities

Updated nspr and nss packages fix security vulnerabilities: Potentially exploitable buffer overflow in NSS before 3.15.3 that allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets CVE-2013-5605. The CERTVerifyCert function in...

7.5CVSS4.8AI score0.84424EPSS
Exploits0References6
Mageia
Mageia
•added 2013/11/20 8:41 p.m.•52 views

Updated krb5 package fixes security vulnerabilities

An authenticated remote client can cause a KDC to crash by making a valid TGS-REQ to a KDC serving a realm with a single-component name. The processtgsreq function dereferences a null pointer because an unusual failure condition causes a helper function to return success CVE-2013-1417. If a KDC...

4.3CVSS1.1AI score0.05508EPSS
Exploits1References3
Mageia
Mageia
•added 2013/11/20 8:38 p.m.•42 views

Updated krb5 package fixes security vulnerabily

If a KDC serves multiple realms, certain requests can cause setupserverrealm to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user CVE-2013-1418...

4.3CVSS1.8AI score0.05508EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/20 8:36 p.m.•41 views

Updated lighttpd packages fix multiple security vulnerbilities

Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the...

7.6CVSS0.7AI score0.10721EPSS
Exploits1References5
Mageia
Mageia
•added 2013/11/20 8:31 p.m.•52 views

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

5CVSS2.2AI score0.10117EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/20 8:28 p.m.•38 views

Updated poppler packages fix multiple vulnerabilities

Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application...

7.5CVSS3.9AI score0.10483EPSS
Exploits1References2
Mageia
Mageia
•added 2013/11/20 8:26 p.m.•33 views

Updated pmake packages fix CVE-2011-1920

Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to bsd.lib.mk and bsd.prog.mk CVE-2011-1920...

3.3CVSS5.4AI score0.00438EPSS
Exploits1References2
Mageia
Mageia
•added 2013/11/20 8:22 p.m.•28 views

Updated python-scipy packages fix a security vulnerability and missing deps

Updated python-scipy package fixes security vulnerability: scipy.weave will use /tmp/username as persistent storage cache, but it does not check whether or not this directory already exists, does not check whether it is a directory or a symlink, and also does not verify permissions or ownership,...

7.8CVSS3.2AI score0.00427EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/20 8:16 p.m.•83 views

Updated iceape packages fix many vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service memory...

10CVSS10AI score0.69021EPSS
Exploits26References45
Mageia
Mageia
•added 2013/11/18 2:44 p.m.•35 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.327 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead...

10CVSS5.2AI score0.1129EPSS
Exploits1References2
Mageia
Mageia
•added 2013/11/18 2:41 p.m.•29 views

Updated torque packages fix CVE-2013-4495

Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbsserver CVE-2013-4495...

10CVSS1.7AI score0.03266EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/18 2:39 p.m.•48 views

Updated thunderbird package fixes security vulnerabilities

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602...

10CVSS2.5AI score0.06493EPSS
Exploits0References9
Mageia
Mageia
•added 2013/11/18 2:35 p.m.•27 views

Updated roundcubemail package fixes security vulnerability

It was discovered that roundcube does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code...

7.5CVSS2.3AI score0.02873EPSS
Exploits0References4
Mageia
Mageia
•added 2013/11/13 7:9 p.m.•59 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Various fixes from internal audits, fuzzing and other initiatives CVE-2013-2931. Use after free related to speech input elements CVE-2013-6621. Use after free related to media elements CVE-2013-6622. Out of bounds read in SVG...

10CVSS1.8AI score0.10117EPSS
Exploits4References3
Mageia
Mageia
•added 2013/11/13 7:5 p.m.•51 views

Updated java-1.6.0-openjdk package fixes multiple vulnerabilities

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

10CVSS1.7AI score0.24738EPSS
Exploits0References4
Mageia
Mageia
•added 2013/11/13 7:3 p.m.•51 views

Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

10CVSS1.8AI score0.24738EPSS
Exploits0References4
Mageia
Mageia
•added 2013/11/09 6:58 p.m.•32 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation CVE-2013-2925. cloudfuzzer discovered a use-after-free issue in the list indenting implementation CVE-2013-2926. cloudfuzzer...

7.5CVSS0.7AI score0.01647EPSS
Exploits0References4
Mageia
Mageia
•added 2013/11/09 6:55 p.m.•57 views

Updated firefox & related packages fix multiple security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

10CVSS4.1AI score0.06493EPSS
Exploits0References10
Mageia
Mageia
•added 2013/10/25 9:13 p.m.•37 views

Updated python-pycrypto packages fix CVE-2013-1445

Updated python-pycrypto package fixes security vulnerability: In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator PRNG exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the...

4.3CVSS3.6AI score0.02007EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/25 9:10 p.m.•30 views

Updated dropbear packages fix CVE-2013-4421

Updated dropbear package fixes security vulnerability: Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 CVE-2013-4421. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in...

5CVSS2.9AI score0.06424EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/25 9:7 p.m.•41 views

Updated x11-server packages fix CVE-2013-4396

Updated x11-server packages fix security vulnerability: Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code vi...

6.5CVSS6.3AI score0.04077EPSS
Exploits0References4
Total number of security vulnerabilities6009