Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2013/10/25 9:0 p.m.•43 views

Updated icu packages fix CVE-2013-2924

Updated icu packages fix security vulnerability: It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program...

7.5CVSS3AI score0.02531EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/25 8:57 p.m.•41 views

Updated icu packages fix multiple security vulnerbilities

Updated icu packages fix security vulnerabilities: It was discovered that ICU contained a race condition affecting multi- threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the...

7.5CVSS2.8AI score0.02531EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/25 8:53 p.m.•32 views

Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

5.8CVSS4AI score0.0243EPSS
Exploits0References1
Mageia
Mageia
•added 2013/10/17 8:1 p.m.•45 views

Updated apache-mod_fcgid packages fix CVE-2013-4365

Updated apache-modfcgid package fixes security vulnerability: Apache modfcgid before version 2.3.9 fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the...

7.5CVSS7.1AI score0.13141EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 7:55 p.m.•51 views

Updated clutter packages fix CVE-2013-2190

Updated clutter packages fix security vulnerability: A security flaw was found in the way Clutter, an open source software library for creating rich graphical user interfaces, used to manage translation of hierarchy events in certain circumstances when underlying device disappeared, causing...

2.1CVSS0.4AI score0.00533EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/17 7:49 p.m.•30 views

Updated quassel packages fix CVE-2013-4422

Updated quassel packages fix security vulnerability: Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt 4.8.5, due to a change in Qt's postgres driver, allowing other IRC users to trick the Quassel core into executing SQL queries CVE-2013-4422. This update provides Quassel...

6.8CVSS3.7AI score0.0211EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 7:40 p.m.•39 views

Updated quagga packages fix CVE-2013-2236

Updated quagga packages fix security vulnerability: Remotely exploitable buffer overflow in ospfapi.c and ospfclient.c when processing LSA messages in quagga before 0.99.22.2 CVE-2013-2236. Note: We have worked around this vulnerability by disabling the ospfapi and ospfclient features, which did...

2.6CVSS3.6AI score0.0208EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 7:37 p.m.•30 views

Updated libtar packages fixes security vulnerability

Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code CVE-2013-4397...

6.8CVSS4AI score0.05485EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/17 7:3 p.m.•31 views

Updated torque packages fix CVE-2013-4319

Updated torque package fixes security vulnerability: A non-priviledged user who was able to run jobs or login to a node which ran pbsserver or pbsmom, could submit arbitrary jobs to a pbsmom daemon to queue and run the job, which would run as root CVE-2013-4319...

9CVSS2.4AI score0.02915EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 7:1 p.m.•27 views

Updated aircrack-ng package fixes security vulnerability

A buffer overflow vulnerability has been discovered in Aircrack-ng. A remote attacker could entice a user to open a specially crafted dump file using Aircrack-ng, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition CVE-2010-1159...

6.8CVSS5.5AI score0.07263EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/17 6:53 p.m.•44 views

Updated chromium-browser-stable packages fix security vulnerabilities

This updates chromium-browser to the latest stable version, fixing multiple security vulnerabilities. Security fixes: CVE-2013-2906: Races in Web Audio CVE-2013-2907: Out of bounds read in Window.prototype object CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code...

7.5CVSS2.2AI score0.02531EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/17 6:49 p.m.•32 views

Updated nmap package fixes CVE-2013-4885

Updated nmap packages fix security vulnerability: It is possible to write arbitrary files to a remote system, through a specially crafted server response for NMAP http-domino-enum-passwords.nse script from nmap before 6.40 CVE-2013-4885...

6.8CVSS2.6AI score0.07217EPSS
Exploits2References3
Mageia
Mageia
•added 2013/10/11 5:35 p.m.•31 views

Updated davfs2 packages fix CVE-2013-4362

Updated davfs2 package fixes security vulnerability: Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. CVE-2013-4362...

7.2CVSS2.9AI score0.01168EPSS
Exploits2References2
Mageia
Mageia
•added 2013/10/09 10:47 p.m.•39 views

Updated gnupg packages fix CVE-2013-4402

Updated gnupg package fixes security vulnerability: Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum CVE-2013-4402...

5CVSS3.6AI score0.0503EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/09 10:47 p.m.•26 views

Updated xinetd package fixes security vulnerability

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the...

7.6CVSS5.3AI score0.06391EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/09 10:39 p.m.•31 views

Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities: It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of servi...

4.3CVSS1.7AI score0.02059EPSS
Exploits1References2
Mageia
Mageia
•added 2013/10/09 10:37 p.m.•23 views

Updated vino packages fix CVE-2013-5745

Updated vino package fixes security vulnerability: The vinoserverclientdatapending function in vino-server.c in GNOME Vino 3.7.3 and earlier, when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote...

7.1CVSS4.8AI score0.0872EPSS
Exploits5References2
Mageia
Mageia
•added 2013/10/09 10:34 p.m.•45 views

Updated gnupg2 packages fix multiple vulnerabilities

Updated gnupg2 package fixes security vulnerabilities: RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a "key flags" packet that indicates the capabilities of the key. These are represented as a set of binary flags, including things like "This key may be used to...

5.8CVSS2.6AI score0.0503EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/09 10:32 p.m.•25 views

Updated nas packages fix security vulnerabilities

Updated nas packages fix security vulnerabilities: Buffer overflow when parsing display number and various other buffer overflows CVE-2013-4256. Heap overflow when using AUDIOHOST environment variable CVE-2013-4257. Race when opening a TCP device nas289...

4.6CVSS3.5AI score0.00702EPSS
Exploits1References3
Mageia
Mageia
•added 2013/10/09 10:29 p.m.•37 views

Updated ruby-RubyGems package fixes security vulnerabilies

Updated ruby-RubyGems package fixes security vulnerability: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to a backtracking regular expression. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...

4.3CVSS5.7AI score0.03343EPSS
Exploits0References5
Mageia
Mageia
•added 2013/10/09 10:27 p.m.•18 views

Updated ssmtp package fixes security vulnerability

It was reported that ssmtp, an extremely simple MTA to get mail off the system to a mail hub, did not perform x509 certificate validation when initiating a TLS connection to server. A rogue server could use this flaw to conduct man-in- the-middle attack, possibly leading to user credentials leak...

0.8AI score
Exploits0References2
Mageia
Mageia
•added 2013/10/05 5:58 p.m.•40 views

Updated proftpd package fixes security vulnerability

A bug in ProFTPd's modsftp and modsftppam modules can be used to trigger a large heap allocation and exhaust all available system memory of the underlying operating system CVE-2013-4359...

5CVSS1.3AI score0.02985EPSS
Exploits2References2
Mageia
Mageia
•added 2013/10/05 5:55 p.m.•43 views

Updated libvirt package fixes security vulnerabilities

It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service CVE-2013-4296. It was discovered that libvirt incorrectly handled certain bitmap operations. A remote attacker could...

5CVSS2.3AI score0.02678EPSS
Exploits1References1
Mageia
Mageia
•added 2013/10/05 5:53 p.m.•48 views

Updated polkit package and the packages that call polkit fixes security vulnerability

A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges CVE-2013-4288...

7.2CVSS0.7AI score0.00419EPSS
Exploits0References6
Mageia
Mageia
•added 2013/10/05 5:44 p.m.•43 views

Updated openjpa packages fix CVE-2013-1768

Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to...

7.5CVSS3.9AI score0.09511EPSS
Exploits0References2
Mageia
Mageia
•added 2013/09/24 9:43 p.m.•41 views

Updated libtiff package fixes security vulnerability

A possible heap-based buffer overflow flaw was found in the readgifimage function in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code...

6.8CVSS5.6AI score0.07814EPSS
Exploits0References2
Mageia
Mageia
•added 2013/09/24 9:41 p.m.•44 views

Updated polarssl package fixes security vulnerabilities

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in PolarSSL before 1.2.6, does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and...

4.3CVSS3.3AI score0.35584EPSS
Exploits2References7
Mageia
Mageia
•added 2013/09/24 9:40 p.m.•67 views

Updated perl-Crypt-DSA package fixes security vulnerability

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...

5.8CVSS5.5AI score0.01958EPSS
Exploits0References2
Mageia
Mageia
•added 2013/09/20 5:36 a.m.•44 views

Updated glpi package fixes security vulnerabilities

Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 CVE-2013-2226, 0.83.91 CVE-2013-2225, and 0.84.2 CVE-2013-5696. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues...

7.5CVSS3.9AI score0.07855EPSS
Exploits15References1
Mageia
Mageia
•added 2013/09/19 9:49 a.m.•42 views

Updated firefox and thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird CVE-2013-1718, CVE-2013-1722,...

10CVSS1.7AI score0.08894EPSS
Exploits1References12
Mageia
Mageia
•added 2013/09/19 9:46 a.m.•42 views

Updated lightdm package fixes security vulnerability

lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with world-readable permissions CVE-2013-4331. Additionally, an issue where a user logged into a graphical desktop environment through lightdm would lose privleges to local devices such as the sound card when using the 'su' command...

2.1CVSS1.8AI score0.00368EPSS
Exploits0References3
Mageia
Mageia
•added 2013/09/19 9:45 a.m.•47 views

Updated python-django package fixes multiple vulnerabilities

Updated python-django package fixes security vulnerabilities: Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to...

5CVSS0.7AI score0.03182EPSS
Exploits3References4
Mageia
Mageia
•added 2013/09/19 9:45 a.m.•51 views

Updated wordpress and php-phpmailer packages fix security vulnerabilities

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations CVE-2013-4338. WordPress before 3.6.1 does not properly validate URLs before...

7.5CVSS4.6AI score0.08749EPSS
Exploits8References3
Mageia
Mageia
•added 2013/09/19 9:41 a.m.•73 views

Updated python-django package fixes security vulnerability

Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to represent allowed prefixes for the % ssi % template tag, is...

5CVSS2.5AI score0.03182EPSS
Exploits2References3
Mageia
Mageia
•added 2013/09/19 9:37 a.m.•39 views

Updated wireshark package fixes security vulnerabilities

The NBAP dissector could crash CVE-2013-5718. The ASSA R3 dissector could go into an infinite loop CVE-2013-5719. The RTPS dissector could overflow a buffer CVE-2013-5720. The MQ dissector could crash CVE-2013-5721. The LDAP dissector could crash CVE-2013-5722. The Netmon file parser could crash...

5CVSS3.7AI score0.0284EPSS
Exploits1References10
Mageia
Mageia
•added 2013/09/19 9:35 a.m.•42 views

Updated wireshark package fixes security vulnerabilities

The ASSA R3 dissector could go into an infinite loop CVE-2013-5719. The RTPS dissector could overflow a buffer CVE-2013-5720. The MQ dissector could crash CVE-2013-5721. The LDAP dissector could crash CVE-2013-5722. The Netmon file parser could crash wpna-sec-2013-60...

5CVSS3.7AI score0.0284EPSS
Exploits1References10
Mageia
Mageia
•added 2013/09/19 9:33 a.m.•79 views

Updated moodle package fixes multiple security vulnerabilities

Updated moodle package fixes security vulnerabilities: Null characters were allowed in query strings in Moodle before 2.4.6, which caused sql statements to terminate and fail, potentially allowing sql injection in Moodle's SQL Server driver CVE-2013-4313. Links to external blogs were not being...

7.5CVSS4.5AI score0.21862EPSS
Exploits4References5
Mageia
Mageia
•added 2013/09/19 9:32 a.m.•38 views

Updated freeswitch packages fix security vulnerability

In FreeSWITCH before 1.2.12, if the routing configuration includes regular expressions that don't constrain the length of the input, buffer overflows are possible. Since these regular expressions are matched against untrusted input, remote code execution may be possible CVE-2013-2238...

6.8CVSS3.8AI score0.02708EPSS
Exploits1References3
Mageia
Mageia
•added 2013/09/13 8:29 p.m.•29 views

Updated chromium-browser-stable package fix security vulnerabilities

The chrome 29 development team found various issues from internal fuzzing audits, and other studies CVE-2013-2887. Krystian Bigaj discovered a file handling path sanitization issue CVE-2013-2900. Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer...

7.5CVSS1.2AI score0.01627EPSS
Exploits0References4
Mageia
Mageia
•added 2013/09/13 8:16 p.m.•28 views

Updated python-OpenSSL package fixes security vulnerability

The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing CVE-2013-4314...

4.3CVSS3AI score0.01197EPSS
Exploits0References3
Mageia
Mageia
•added 2013/09/13 8:15 p.m.•39 views

Updated mediawiki package fixes security vulnerabilities

Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader CVE-2013-4301. Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP CVE-2013-4302. An issue with the MediaWiki API in MediaWiki before 1.20.7 where ...

6.1CVSS4.2AI score0.02084EPSS
Exploits2References3
Mageia
Mageia
•added 2013/09/13 8:14 p.m.•32 views

Updated subversion package fixes security vulnerability.

svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destination could be replaced by a...

3.3CVSS4.3AI score0.00688EPSS
Exploits0References3
Mageia
Mageia
•added 2013/09/13 8:13 p.m.•38 views

Updated python-setuptools and python-virtualenv packages fix security vulnerability

easyinstall in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product CVE-2013-1633...

6.8CVSS5.3AI score0.01949EPSS
Exploits0References2
Mageia
Mageia
•added 2013/09/13 8:12 p.m.•36 views

Updated flash-player-plugin package fixes critical security vulnerabilities

Adobe Flash Player 11.2.202.310 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead...

10CVSS5.3AI score0.05759EPSS
Exploits0References2
Mageia
Mageia
•added 2013/09/13 8:7 p.m.•32 views

Updated php-pear-Auth_OpenID package fixes security vulnerability

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

7.5CVSS4.4AI score0.02997EPSS
Exploits1References2
Mageia
Mageia
•added 2013/09/13 8:5 p.m.•28 views

Updated libmodplug packages fixes security vulnerabilities

An integer overflow within the "abcsetparts" function src/loadabc.cpp can be exploited to corrupt heap memory via a specially crafted ABC file CVE-2013-4233. An error within the "abcMIDIdrum" and "abcMIDIgchord" functions src/loadabc.cpp can be exploited to cause a buffer overflow via a specially...

6.8CVSS3.7AI score0.04352EPSS
Exploits2References3
Mageia
Mageia
•added 2013/09/03 7:50 p.m.•50 views

Updated roundcubemail package fixes security vulnerability

XSS vulnerabilities when saving HTML signatures and when editing a message "as new" or draft in roundcubemail before 0.9.3 CVE-2013-5645...

4.3CVSS1.3AI score0.0188EPSS
Exploits2References3
Mageia
Mageia
•added 2013/09/01 12:43 p.m.•61 views

Updated kde packages fix security issues

This update provides the last stable version of KDE for the 4.10.x branch. Some of the new packages fixes additional issues open on our tracker : - A memory leak in kde-workspace kde 314919 & mga 7953 - A memory leak in kmix mga 10702 & kde 309464 - A packaging issue affecting kdebase4-runtime...

7.8CVSS2.1AI score0.04412EPSS
Exploits3References2
Mageia
Mageia
•added 2013/08/30 5:44 p.m.•42 views

Updated libdigidoc packages fix CVE-2013-5648

Updated libdigidoc packages fix security vulnerability: Fixed one critical bug in the DDOC parsing routines. By persuading a victim to open a specially-crafted DDOC file, a remote attacker could exploit this vulnerability to overwrite arbitrary files on the system with the privileges of the victi...

6.8CVSS5.7AI score0.02053EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/30 5:40 p.m.•36 views

Updated libtiff packages fix CVE-2013-4244

Updated libtiff packages fix security vulnerability: Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code CVE-2013-4244...

6.8CVSS1.9AI score0.02699EPSS
Exploits0References2
Total number of security vulnerabilities6009