Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2013/07/18 7:11 a.m.•42 views

Updated php packages fix CVE-2013-4113

Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages has been upgraded to the latest version 2013.4...

6.8CVSS2.4AI score0.05186EPSS
Exploits0References4
Mageia
Mageia
•added 2013/07/16 8:8 a.m.•86 views

Updated kernel-rt package fixes security issues.

This kernel-rt update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access t...

7.9CVSS2.5AI score0.07313EPSS
Exploits5References2
Mageia
Mageia
•added 2013/07/16 8:5 a.m.•62 views

Updated kernel-linus package fixes multiple security vulnerabilities

This kernel-linus update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device acces...

7.9CVSS4.4AI score0.07313EPSS
Exploits2References2
Mageia
Mageia
•added 2013/07/16 8:1 a.m.•58 views

Updated kernel-tmb packages fix multiple security vulnerabilities

This kernel-tmb update provides the extended stable 3.8.13.4 kernel and fixes the following security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access...

7.9CVSS2.3AI score0.07313EPSS
Exploits5References2
Mageia
Mageia
•added 2013/07/16 7:34 a.m.•60 views

Updated kernel-vserver package fixes security issues

This kernel-vserver update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to...

7.9CVSS3.5AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
•added 2013/07/16 7:33 a.m.•52 views

Updated kernel-rt package fixes security issues

This kernel-rt update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

7.9CVSS3.4AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
•added 2013/07/16 7:32 a.m.•76 views

Updated kernel-linus package fixes security issues

This kernel update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

7.9CVSS5.1AI score0.07313EPSS
Exploits2References8
Mageia
Mageia
•added 2013/07/16 7:30 a.m.•57 views

Updated kernel-tmb package fixes security issues.

This kernel-tmb update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause ...

7.9CVSS3.5AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
•added 2013/07/16 7:26 a.m.•62 views

Updated java-1.6.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

10CVSS1.9AI score0.98704EPSS
Exploits23References7
Mageia
Mageia
•added 2013/07/09 6:39 p.m.•29 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.297 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a heap buffer overflow vulnerability that could...

10CVSS2.9AI score0.08031EPSS
Exploits1References2
Mageia
Mageia
•added 2013/07/09 6:33 p.m.•84 views

Updated php-radius packages fix CVE-2013-2220

Updated php-radius package fixes security vulnerability: Fix a security issue in radiusgetvendorattr by enforcing checks of the VSA length field against the buffer size CVE-2013-2220...

7.5CVSS1.8AI score0.03684EPSS
Exploits1References3
Mageia
Mageia
•added 2013/07/09 6:27 p.m.•33 views

Updated rubygem-passenger package fixes CVE-2013-2119

Phusion Passengers code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability...

4.6CVSS3.6AI score0.004EPSS
Exploits0References5
Mageia
Mageia
•added 2013/07/09 5:56 p.m.•56 views

Updated kernel packages fix multiple security vulnerabilities

This kernel update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to...

7.9CVSS2.1AI score0.07313EPSS
Exploits5References2
Mageia
Mageia
•added 2013/07/06 2:25 p.m.•55 views

Updated kernel packages fix multiple security vulnerabilities

This kernel update provides the upstream 3.4.52 kernel and fixes the following security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

7.9CVSS3.7AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
•added 2013/07/06 2:19 p.m.•16 views

Updated opera packages replace code signing certificate

Opera 12.16 contains a replaced code signing certificate. Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signin...

1.2AI score
Exploits0References3
Mageia
Mageia
•added 2013/07/06 2:14 p.m.•60 views

Updated python-pymongo packages fix CVE-2013-2132

PyMongo before 2.5.2 is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash CVE-2013-2132...

4.3CVSS3.3AI score0.02633EPSS
Exploits2References2
Mageia
Mageia
•added 2013/07/06 2:12 p.m.•40 views

Updated axis package fixes security vulnerability

Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name CVE-2012-578...

5.8CVSS2.8AI score0.05722EPSS
Exploits1References2
Mageia
Mageia
•added 2013/07/06 2:11 p.m.•41 views

Updated jakarta-commons-httpclient package fixes security vulnerability

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...

5.8CVSS1.8AI score0.09254EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/01 7:19 p.m.•52 views

Updated wordpress package fixes security vulnerabilities

A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of...

4.3CVSS0.5AI score0.03373EPSS
Exploits3References5
Mageia
Mageia
•added 2013/07/01 7:17 p.m.•47 views

Updated xen package fixes security issues

This update fixes the following security issues: XSA-52/CVE-2013-2076: Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-53/CVE-2013-2077: Hypervisor crash due to missing exception recovery on XRSTOR XSA-54/CVE-2013-2078: Hypervisor crash due to missing exception recovery on XSETBV...

7.4CVSS1.3AI score0.01058EPSS
Exploits0References1
Mageia
Mageia
•added 2013/07/01 7:16 p.m.•55 views

Updated otrs package fixes security vulnerabilities

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see CVE-2013-3551, CVE-2013-4088...

6.5CVSS3.9AI score0.02366EPSS
Exploits0References5
Mageia
Mageia
•added 2013/07/01 7:15 p.m.•23 views

Updated autotrace package fixes security vulnerability

Stack-based buffer overflow in bmp parser CVE-2013-1953. Updated autotrace package corrects the issue...

6.8CVSS5.9AI score0.01731EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/01 7:12 p.m.•49 views

Updated chromium-browser-stable packages fixes security vulnerabilities

Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors CVE-2013-2837. Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service...

10CVSS6.6AI score0.11999EPSS
Exploits1References6
Mageia
Mageia
•added 2013/07/01 7:12 p.m.•65 views

Updated xml-security-c package fixes multiple security vulnerabilities

The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content CVE-2013-2153. A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed...

7.5CVSS2.3AI score0.08402EPSS
Exploits2References3
Mageia
Mageia
•added 2013/07/01 7:9 p.m.•25 views

Updated fail2ban packages fix CVE-2013-2178

Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enabl...

5CVSS3.6AI score0.01763EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/01 7:8 p.m.•34 views

Updated tomcat7 packages fix CVE-2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

2.6CVSS4.4AI score0.06501EPSS
Exploits2References3
Mageia
Mageia
•added 2013/06/26 7:4 p.m.•37 views

Updated mesa packages fix multiple vulnerabilties

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs Mozilla Firefox does this, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

6.8CVSS4.2AI score0.02687EPSS
Exploits0References3
Mageia
Mageia
•added 2013/06/26 6:45 p.m.•39 views

Updated Firefox and Thunderbird packages fix multiple vulnerabilities

Updated firefox packages fix security vulnerabilities.. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2013-1682,...

10CVSS8.4AI score0.69021EPSS
Exploits9References13
Mageia
Mageia
•added 2013/06/26 6:44 p.m.•38 views

Updated curl packages fix CVE-2013-2174

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

6.8CVSS1.3AI score0.11118EPSS
Exploits2References2
Mageia
Mageia
•added 2013/06/26 6:36 p.m.•34 views

Updated puppet packages fix remote code execution vulnerability

When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an...

7.5CVSS3.8AI score0.03408EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/26 6:17 p.m.•49 views

Updated X.org packages fix multiple security vulnerabilities

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...

6.8CVSS5.4AI score0.03082EPSS
Exploits0References24
Mageia
Mageia
•added 2013/06/26 6:13 p.m.•55 views

Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

10CVSS1.7AI score0.98704EPSS
Exploits32References4
Mageia
Mageia
•added 2013/06/26 6:12 p.m.•26 views

Updated perl-Module-Signature package fixes CVE-2013-2145

Arbitrary code execution vulnerability in Module::Signature before 0.72 CVE-2013-2145...

4.4CVSS3AI score0.00557EPSS
Exploits1References2
Mageia
Mageia
•added 2013/06/26 6:11 p.m.•46 views

Updated perl-Dancer package fixes CVE-2012-5572

A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie and cookies methods. A remote attacker could use this flaw to inject arbitrary headers into responses from Perl...

5CVSS4.3AI score0.01497EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/26 6:9 p.m.•54 views

Updated ffmpeg packages fix several security vulnerabilities

ffmpeg prior to 1.1.5 contains several security vulnerabilities CVE-2013-3671: The formatline function in log.c in libavutil uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service invalid pointer dereference and application...

4.3CVSS5.4AI score0.02054EPSS
Exploits0References1
Mageia
Mageia
•added 2013/06/26 6:8 p.m.•53 views

Updated wireshark packages fix multiple security vulnerabilities

The CAPWAP dissector could crash CVE-2013-4074. The GMR-1 BCCH dissector could crash CVE-2013-4075. The PPP dissector could crash CVE-2013-4076. The NBAP dissector could crash CVE-2013-4077. The RDP dissector could crash CVE-2013-4078. The GSM CBCH dissector could crash CVE-2013-4079. The Assa...

5CVSS0.3AI score0.60643EPSS
Exploits7References13
Mageia
Mageia
•added 2013/06/26 6:7 p.m.•45 views

Updated wireshark packages fix multiple security vulverabilities

The CAPWAP dissector could crash CVE-2013-4074. The HTTP dissector could overrun the stack CVE-2013-4081. The DCP ETSI dissector could crash CVE-2013-4083...

5CVSS0.7AI score0.60643EPSS
Exploits7References7
Mageia
Mageia
•added 2013/06/26 6:0 p.m.•37 views

apache-mod_security new security issue CVE-2013-2765

Updated apache-modsecurity packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on...

5CVSS2.2AI score0.13719EPSS
Exploits4References2
Mageia
Mageia
•added 2013/06/19 10:32 a.m.•23 views

Updated nfs-utils packages fix security vulnerability

It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server perhaps with le...

3.2CVSS2AI score0.01045EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/19 10:30 a.m.•31 views

Updated flash-player-plugin package fixes memory corruption vulnerability

Advisory: Adobe Flash Player 11.2.202.291 contains a fix to a critical security vulnerability found in earlier versions. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a memory corruption vulnerability that cou...

10CVSS5.5AI score0.05209EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/19 10:20 a.m.•42 views

Updated php package fixes several issues

Fixed php bug 64879 Heap based buffer overflow in quotedprintableencode, CVE-2013-2110. Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang...

5CVSS4.5AI score0.06748EPSS
Exploits1References4
Mageia
Mageia
•added 2013/06/19 10:13 a.m.•45 views

Updated subversion packages fix security vulnerabilities

Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository CVE-2013-1968. Subversion's svnserve server process ma...

7.8CVSS3.4AI score0.03894EPSS
Exploits0References4
Mageia
Mageia
•added 2013/06/19 10:11 a.m.•39 views

Updated apache packages fix security vulnerabilities

It was found that modrewrite did not filter terminal escape sequences from its log file. If modrewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the modrewrite log file. If a victim viewed the...

5.1CVSS1.3AI score0.24886EPSS
Exploits2References3
Mageia
Mageia
•added 2013/06/18 3:7 p.m.•36 views

Updated dbus packages fix security vulnerability

Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to...

1.9CVSS3.4AI score0.00383EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/18 3:0 p.m.•42 views

Updated php packages fix security vulnerabilies

Heap based buffer overflow in quotedprintableencode in PHP before version 5.4.16 CVE-2013-2110. Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service applicati...

5CVSS5AI score0.06748EPSS
Exploits1References3
Mageia
Mageia
•added 2013/06/18 2:58 p.m.•43 views

Updated owncloud package fixes security vulnerabilities

Cross-site scripting XSS vulnerabilities in js/viewer.js inside the filesvideoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files CVE-2013-2150...

3.5CVSS4.9AI score0.01152EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/18 2:56 p.m.•22 views

Updated telepathy-gabble package fixes security vulnerability

Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack...

6.8CVSS4.4AI score0.02027EPSS
Exploits0References4
Mageia
Mageia
•added 2013/06/18 2:55 p.m.•34 views

Updated qemu packages fix security vulnerability

It was found that QEMU Guest Agent the "qemu-ga" service created certain files with world-writable permissions when run in daemon mode the default mode. An unprivileged guest user could use this flaw to consume all free space on the partition containing the qemu-ga log file, or modify the content...

6.9CVSS1.7AI score0.00375EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•35 views

Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

5CVSS2AI score0.06485EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•14 views

Updated flightgear package fixes security vulnerability

It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access via the --props or --telnet commandline arguments. If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, ...

4.3AI score
Exploits0References3
Total number of security vulnerabilities6009