Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2013/08/30 5:36 p.m.•43 views

Updated asterisk package fixes security vulnerabilities

A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present CVE-2013-5641. A remotely exploitable crash vulnerability exists in the S...

5CVSS0.2AI score0.11653EPSS
Exploits0References3
Mageia
Mageia
•added 2013/08/30 5:33 p.m.•37 views

Updated ngircd package fixes CVE-2013-5580

Updated ngircd package fixes security vulnerability: Denial of service bug server crash in ngIRCd before 20.3 which could happen when the configuration option "NoticeAuth" is enabled which is NOT the default and ngIRCd failed to send the "notice auth" messages to new clients connecting to the...

4.3CVSS2.2AI score0.02322EPSS
Exploits0References3
Mageia
Mageia
•added 2013/08/30 5:30 p.m.•43 views

Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once

Updated php packages fix security vulnerability: The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

4.3CVSS2.9AI score0.03588EPSS
Exploits0References5
Mageia
Mageia
•added 2013/08/30 5:23 p.m.•35 views

Updated 389-ds-base packag fixes security vulnerabilies and incorrect group usage

Updated 389-ds-base packages fix security vulnerabilities: It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker with permission to query the Directory Server could use this flaw to determine th...

5CVSS1.4AI score0.02427EPSS
Exploits0References4
Mageia
Mageia
•added 2013/08/30 5:19 p.m.•19 views

Updated nagstamon package fixes security vulnerability

A user details information exposure flaw was found in the way Nagstamon performed automated requests to get information about available updates. Remote attackers could use this flaw to obtain user credentials for servers monitored by the desktop status monitor due to their improper base64...

5CVSS1.8AI score0.024EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/26 7:54 p.m.•27 views

Updated xpdf packages fixes security vulnerability

PDF files could be used to inject shell code when xpdf was run from some terminal emulators, due to the use of escape sequences in error messages CVE-2012-2142...

7.8CVSS2.7AI score0.02942EPSS
Exploits1References3
Mageia
Mageia
•added 2013/08/26 7:50 p.m.•42 views

Updated lcms package fixes security vulnerability

Three buffer overflows in Little CMS version 1.19 that could possibly be exploited through user input CVE-2013-4276...

4.3CVSS4.8AI score0.03502EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/26 7:44 p.m.•39 views

Updated puppet and puppet3 package fix security vulnerabilities

It was discovered that Puppet incorrectly handled the resourcetype service. A local attacker on the master could use this issue to execute arbitrary Ruby files CVE-2013-4761. It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with...

5.1CVSS2.5AI score0.01643EPSS
Exploits0References4
Mageia
Mageia
•added 2013/08/22 6:20 p.m.•29 views

Updated libtiff packagess fix multiple security vulnerabilities

Updated libtiff packages fix security vulnerabilities: Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote...

6.8CVSS3.8AI score0.07399EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/22 6:16 p.m.•25 views

Updated znc package fixes CVE-2013-2130

Updated znc packages fix security vulnerability: Multiple vulnerabilities were reported in ZNC version 1.0 which can be exploited by malicious authenticated users to cause a denial of service. These flaws are due to errors when handling the "editnetwork", "editchan", "addchan", and "delchan" page...

4CVSS3.2AI score0.02212EPSS
Exploits1References2
Mageia
Mageia
•added 2013/08/22 6:13 p.m.•54 views

Updated python-django packages fix CVE-2013-4249

Updated python-django package fixes security vulnerability: The issafeurl function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript. CVE-2013-42...

4.3CVSS0.4AI score0.0288EPSS
Exploits2References2
Mageia
Mageia
•added 2013/08/22 6:8 p.m.•34 views

Updated spice packages fix CVE-2013-4130

Updated spice packages fix security vulnerability: An user able to initiate spice connection to the guest could use a flaw in server/redchannel.c to crash the guest CVE-2013-4130...

5CVSS2AI score0.02629EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/22 6:5 p.m.•39 views

Updated perl-Proc-ProcessTable packages fix CVE-2011-4363

Updated perl-Proc-ProcessTable package fixes security vulnerability: ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS CVE-2011-4363...

2.6CVSS5.4AI score0.00303EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/22 6:1 p.m.•42 views

Updated rubygem-passenger package fixes CVE-2013-4136 & apache module

Updated rubygem-passenger package fixes security vulnerability: It was reported that Phusion Passenger would reuse existing server instance directories temporary directories which could cause Passenger to remove or overwrite files belonging to other instances CVE-2013-4136. Additionally, the...

4.4CVSS2.1AI score0.00329EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/22 5:58 p.m.•55 views

Updated python3, bzr and some python packages fix security vulnerabilties

Updated python3 packages fix security vulnerabilities: A denial of service flaw was found in the way SSL module implementation of Python 3 performed matching of the certificate's name in the case it contained many '' wildcard characters. A remote attacker, able to obtain valid certificate with it...

4.3CVSS0.9AI score0.05347EPSS
Exploits1References6
Mageia
Mageia
•added 2013/08/17 8:47 a.m.•24 views

Updated libimobiledevice packages fix CVE-2013-2142

Updated libimobiledevice packages fix security vulnerability: Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue shoul...

3.3CVSS2.6AI score0.00265EPSS
Exploits1References2
Mageia
Mageia
•added 2013/08/17 8:43 a.m.•46 views

Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

4.3CVSS6.8AI score0.05347EPSS
Exploits1References3
Mageia
Mageia
•added 2013/08/17 8:39 a.m.•39 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling CVE-2013-2881. Cloudfuzzer discovered a type confusion issue in the V8 javascript library CVE-2013-2882. Cloudfuzzer discovered a...

7.5CVSS1.4AI score0.02493EPSS
Exploits5References5
Mageia
Mageia
•added 2013/08/12 1:54 p.m.•57 views

Updated firefox and thunderbird packages fix security vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS9.9AI score0.40118EPSS
Exploits14References9
Mageia
Mageia
•added 2013/08/11 12:50 p.m.•59 views

Updated otrs package fixes security vulnerability

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs CVE-2013-4717...

8.8CVSS4.2AI score0.01322EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/11 12:37 p.m.•60 views

Updated samba package fixes security vulnerability

Integer overflow in the readnttransealist function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service memory consumption via a malformed packet CVE-2013-4124...

5CVSS6.8AI score0.69008EPSS
Exploits7References2
Mageia
Mageia
•added 2013/08/11 12:28 p.m.•38 views

Updated evolution-data-server package fixes security vulnerability.

Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient CVE-2013-4166...

7.5CVSS2AI score0.0189EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/11 12:24 p.m.•34 views

Updated subversion packages fixes security vulnerability

Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior. Commit access is required t...

4CVSS3.8AI score0.04383EPSS
Exploits0References3
Mageia
Mageia
•added 2013/08/11 12:20 p.m.•30 views

Updated xymon package fixes security vulnerability.

A security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymondrrd". File deletion is done with the privileges of the user that Xymon is running with, s...

5CVSS2.2AI score0.02829EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/09 5:38 p.m.•39 views

Updated putty and filezilla packages fixes security vulnerability

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds checking of the length parameter received from the SSH serve...

6.8CVSS3.2AI score0.03447EPSS
Exploits4References6
Mageia
Mageia
•added 2013/08/09 5:34 p.m.•38 views

Updated vlc package fixes security vulnerability.

2.0.8 Demux: sgimb: use after free fixes 8724 https://trac.videolan.org/vlc/ticket/8724 Improve resistance and checking against malformed MKV files Check element size before reading it. This should avoid integer overflows inside the libebml causing heap buffer overflow. Since new called by the li...

6.1CVSS0.5AI score0.01583EPSS
Exploits1References1
Mageia
Mageia
•added 2013/08/09 5:30 p.m.•36 views

Updated lcms2 packages fixes security vulnerability

It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash CVE-2013-4160...

5CVSS3AI score0.02809EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/03 8:45 a.m.•35 views

Updated gnupg package fixes security vulnerability

Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system CVE-2013-4242...

1.9CVSS3.6AI score0.00533EPSS
Exploits0References7
Mageia
Mageia
•added 2013/07/29 2:6 p.m.•51 views

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

6.5CVSS0.7AI score0.01832EPSS
Exploits0References7
Mageia
Mageia
•added 2013/07/29 2:2 p.m.•54 views

Updated bind package fixes security vulnerability

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...

7.8CVSS5.8AI score0.3415EPSS
Exploits1References5
Mageia
Mageia
•added 2013/07/29 2:0 p.m.•47 views

Updated wireshark package fixes security vulnerabilities

The Bluetooth SDP dissector could go into a large loop CVE-2013-4927. The DIS dissector could go into a large loop CVE-2013-4929. The DVB-CI dissector could crash CVE-2013-4930. The GSM RR dissector and possibly others could go into a large loop CVE-2013-4931. The GSM A Common dissector could cra...

7.8CVSS3.3AI score0.03738EPSS
Exploits0References10
Mageia
Mageia
•added 2013/07/26 11:54 a.m.•35 views

Updated qemu package fixes CVE-2013-2231

Updated qemu packages fix security vulnerability: An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to ha...

7.2CVSS3.1AI score0.00448EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/26 11:52 a.m.•43 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline CVE-2013-2853. Chrome does not properly prevent pop-under windows CVE-2013-2867...

9.3CVSS0.5AI score0.02333EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/26 11:48 a.m.•45 views

Updated php packages fix CVE-2013-4113

Updated php packages fix security vulnerability: Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages have been upgraded to the latest version 2013.4...

6.8CVSS2.1AI score0.05186EPSS
Exploits0References4
Mageia
Mageia
•added 2013/07/26 11:39 a.m.•21 views

Updated file-roller package fixes CVE-2013-4668

Updated file-roller package fixes security vulnerability: Directory traversal vulnerability in File Roller 3.6.x before 3.6.4 when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, relat...

5CVSS6.8AI score0.04307EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/26 11:36 a.m.•56 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: moddav.c in the Apache HTTP Server before 2.4.6 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

7.5CVSS1.3AI score0.29484EPSS
Exploits5References6
Mageia
Mageia
•added 2013/07/26 11:34 a.m.•43 views

Updated apache packages fix CVE-2013-1896

Updated apache packages fix security vulnerability: moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

4.3CVSS3.7AI score0.29484EPSS
Exploits3References4
Mageia
Mageia
•added 2013/07/26 11:29 a.m.•31 views

Updated ruby packages fix CVE-2013-4073

A vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority CVE-2013-4073...

6.8CVSS5.4AI score0.02767EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/21 8:18 p.m.•49 views

Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

7.5CVSS2.1AI score0.80451EPSS
Exploits0References5
Mageia
Mageia
•added 2013/07/21 8:16 p.m.•48 views

Updated squid packages fix security vulnerability

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

7.5CVSS1AI score0.43261EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/21 8:12 p.m.•16 views

Updated mediawiki packages fix security vulnerabilities

This update provides MediaWiki 1.20.6, fixing several unspecified security issues. This replaces the MediaWiki 1.16.5 version, which has been EOL upstream for quite some time now, that was shipped with Mageia 2. MediaWiki removed the Math extension for the 1.18 release, but it is now available...

3.4AI score
Exploits0References2
Mageia
Mageia
•added 2013/07/21 9:31 a.m.•47 views

Updated xlockmore package fixes security vulnerability

xlockmore before 5.43 contains a security flaw related to potential NULL pointer dereferences when authenticating via glibc 2.17+'s crypt function. Under certain conditions the NULL pointers can trigger a crash in xlockmore effectively bypassing the screen lock CVE-2013-4143...

2.1CVSS4.6AI score0.00397EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/21 9:25 a.m.•42 views

Updated python-suds package fixes security vulnerability

An insecure temporary directory use flaw was found in the way python-suds performed initialization of its internal file-based URL cache predictable location was used for directory to store the cached files. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to...

1.2CVSS1.4AI score0.00558EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/21 9:4 a.m.•34 views

Updated darktable package fixes security vulnerability

A double-free error exits when handling damaged full-color within Foveon and sRAW files in libraw, which is embedded in darktable CVE-2013-2126...

7.5CVSS1AI score0.04412EPSS
Exploits1References4
Mageia
Mageia
•added 2013/07/21 9:1 a.m.•53 views

Updated virtualbox package fixes security issue

This virtualbox update provides the 4.2.16 maintenance release, which fixes the following security issue: Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS Denial of Service. The...

3.8CVSS0.8AI score0.00568EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/21 8:57 a.m.•41 views

Updated mediawiki packages fix security vulnerability

MediaWiki user Marco discovered that security checks for file uploads were not being run when the file was uploaded in chunks through the API. This option has been available to users who can upload files since MediaWiki 1.19 CVE-2013-2114...

6.8CVSS3AI score0.02344EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/21 8:56 a.m.•17 views

Updated owncloud package fixes security vulnerabilities

XSS vulnerability in "Share Interface" oC-SA-2013-029. Authentication bypass in "userwebdavauth" oC-SA-2013-030. This update provides OwnCloud 5.0.9, which fixes these issues, as well as several other bugs...

3AI score
Exploits0References4
Mageia
Mageia
•added 2013/07/21 8:44 a.m.•24 views

Updated libkdcraw package fixes security issue.

This update fixes a security issue due to a possible double-free on error recovery on damaged full-color Foveon, sRAW files. CVE-2013-2126...

7.5CVSS1.8AI score0.04412EPSS
Exploits1References4
Mageia
Mageia
•added 2013/07/21 8:41 a.m.•45 views

Updated libxml2 packages fix CVE-2013-2877

It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service CVE-2013-2877...

5CVSS2.2AI score0.04733EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/21 8:38 a.m.•33 views

Updated moodle package fixes multiple security vulnerabilities

Flash files distributed with the YUI library in Moodle before 2.4.5 may have allowed for cross-site scripting attacks MSA-13-0025. Privacy settings for the IMS-LTI External tool module in Moodle before 2.4.5 were not able to be changed so personal information was always transferred MSA-13-0026...

4.3CVSS2.4AI score0.01406EPSS
Exploits0References10
Total number of security vulnerabilities6009