Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
added 2020/11/27 8:14 p.m.120 views

Updated jruby packages fix security vulnerabilities

Response Splitting attack in the HTTP server of WEBrick CVE-2017-17742. Delete directory using symlink when decompressing tar CVE-2019-8320. Escape sequence injection vulnerability in verbose CVE-2019-8321. Escape sequence injection vulnerability in gem owner CVE-2019-8322. Escape sequence...

8.8CVSS8.5AI score0.0576EPSS
Exploits2References5
Mageia
Mageia
added 2020/11/27 8:14 p.m.50 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.30.3, fixing several security issues and other bugs. A type confusion issue may lead to arbitrary code execution with a maliciously crafted web content, fixed with improved memory handling CVE-2020-9948. An use after free issue may lead to arbitra...

8.8CVSS2.8AI score0.04446EPSS
Exploits2References4
Mageia
Mageia
added 2020/11/23 7:51 p.m.40 views

Updated python-cryptography packages fix security vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information CVE-2020-25659...

5.9CVSS1.3AI score0.02454EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/23 7:51 p.m.45 views

Updated python-pillow packages fix security vulnerabilities

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...

8.1CVSS2.4AI score0.02514EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/23 7:51 p.m.39 views

Updated tcpreplay package fixes security vulnerabilities

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon that can make tcpprep crash and cause a denial of service CVE-2020-24265. An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerabilit...

7.5CVSS2.6AI score0.02531EPSS
Exploits2References2
Mageia
Mageia
added 2020/11/23 7:51 p.m.35 views

Updated f2fs-tools packages fix security vulnerability

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this...

7.8CVSS2.4AI score0.0173EPSS
Exploits1References2
Mageia
Mageia
added 2020/11/23 7:51 p.m.46 views

Updated italc packages fix security vulnerabilities

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

9.8CVSS2.5AI score0.15089EPSS
Exploits4References3
Mageia
Mageia
added 2020/11/23 7:51 p.m.38 views

Updated vino package fixes a security vulnerability

libvncserver/rfbserver.c from LibVNCServer, which is bundled by vino, has a divide by zero issue which could result in denial of service CVE-2020-25708...

7.5CVSS3.3AI score0.01613EPSS
Exploits1References2
Mageia
Mageia
added 2020/11/21 12:21 p.m.54 views

Updated tcpdump package fixes a security vulnerability

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037...

7.5CVSS7.2AI score0.03071EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/21 12:21 p.m.42 views

Updated raptor2 packages fix a security vulnerability

A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon. CVE-2020-25713...

6.5CVSS2.9AI score0.02143EPSS
Exploits0References4
Mageia
Mageia
added 2020/11/21 12:21 p.m.43 views

Updated python-twisted packages fix security vulnerabilities

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks CVE-2020-10108, CVE-2020-10109...

9.8CVSS1.8AI score0.04083EPSS
Exploits2References6
Mageia
Mageia
added 2020/11/21 12:21 p.m.62 views

Updated thunderbird packages fix security vulnerabilities

Variable time processing of cross-origin images during drawImage calls. CVE-2020-16012 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. CVE-2020-26951 Fullscreen could be enabled without displaying the security UI. CVE-2020-26953 XSS through paste manual...

9.3CVSS2.5AI score0.0245EPSS
Exploits1References3
Mageia
Mageia
added 2020/11/21 12:21 p.m.31 views

Updated librepo packages fix a security vulnerability

It was discovered that librepo was subject to a directory traversal vulnerability where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal...

8.5CVSS4AI score0.02526EPSS
Exploits0References4
Mageia
Mageia
added 2020/11/21 12:21 p.m.52 views

Updated postgresql packages fix security vulnerabilities

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

8.8CVSS8.7AI score0.4644EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/19 8:52 a.m.62 views

Updated firefox and nss packages fix security vulnerabilities

When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...

9.3CVSS0.5AI score0.0245EPSS
Exploits1References3
Mageia
Mageia
added 2020/11/15 3:45 p.m.101 views

Updated golang packages fix a security vulnerability

A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...

6.1CVSS6.2AI score0.03646EPSS
Exploits2References3
Mageia
Mageia
added 2020/11/15 3:45 p.m.66 views

Updated kleopatra packages fix a security vulnerability

The Kleopatra component before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary library. CVE-2020-24972...

8.8CVSS6.2AI score0.04719EPSS
Exploits1References2
Mageia
Mageia
added 2020/11/15 3:45 p.m.37 views

Updated libexif packages fix a security vulnerability

In exifentrygetvalue of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for...

9.8CVSS3.8AI score0.03189EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/13 9:20 p.m.58 views

Updated kdeconnect-kde packages fix a security vulnerability

An attacker on your local network could send maliciously crafted packets to other hosts running kdeconnect on the network, causing them to use large amounts of CPU, memory or network connections, which could be used in a Denial of Service attack within the network. CVE-2020-26164...

5.5CVSS2.6AI score0.00551EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/13 9:20 p.m.36 views

Updated firefox and thunderbird packages fix a security vulnerability

Write side effects in MCallGetProperty opcode not accounted for. In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. CVE-2020-26950 Also some bugfix for Thunderbird have been added. See upstream release...

9.3CVSS1.6AI score0.42327EPSS
Exploits4References6
Mageia
Mageia
added 2020/11/13 9:20 p.m.45 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

High memory usage during deserialization of Proxy class with many interfaces. CVE-2020-14779 Credentials sent over unencrypted LDAP connection. CVE-2020-14781 Certificate blacklist bypass via alternate certificate encodings. CVE-2020-14782 Integer overflow leading to out-of-bounds access...

5.8CVSS3.1AI score0.03713EPSS
Exploits0References8
Mageia
Mageia
added 2020/11/13 9:20 p.m.36 views

Updated packagekit packages fix a security vulnerability

It was discovered that packagekit was subject to a vulnerability where the InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the...

3.3CVSS3.8AI score0.00462EPSS
Exploits1References2
Mageia
Mageia
added 2020/11/13 9:20 p.m.29 views

Updated tpm2-tss packages fix a security vulnerability

FAPI PolicyPCR not instatiating correctly CVE-2020-24455. Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated. The tpm2-tss package has been...

6.7CVSS2.8AI score0.00588EPSS
Exploits0References4
Mageia
Mageia
added 2020/11/13 9:20 p.m.43 views

Updated bluez packages fix a security vulnerability

In BlueZ before 5.55, a double free was found in the gatttool disconnectcb routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. CVE-2020-27153...

8.6CVSS3.6AI score0.04242EPSS
Exploits0References4
Mageia
Mageia
added 2020/11/13 9:20 p.m.26 views

Updated lilypond package fixes a security vulnerability

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. CVE-2020-17353...

9.8CVSS2AI score0.02371EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/13 9:20 p.m.45 views

Updated ruby packages fix a security vulnerability

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request...

7.5CVSS6.8AI score0.03849EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/13 9:20 p.m.69 views

Updated microcode package fixes security vulnerabilities

Insufficient access control in the Linux kernel driver for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8694 Observable discrepancy in the RAPL interface for some IntelR Processors may allow a privileged user to...

5.5CVSS5.7AI score0.0051EPSS
Exploits0References5
Mageia
Mageia
added 2020/11/13 9:20 p.m.20 views

Updated arpwatch package fixes a security vulnerability

A buffer overflow from long hostnames. rhbz1563939...

2.6AI score
Exploits0References2
Mageia
Mageia
added 2020/11/13 9:20 p.m.17 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to 86.0.4240.198 version that fixes multiples security vulnerabilities. From 81.0.4044.138 released on May 9th, 2020 to 86.0.4240.198 version, see upstream advisories...

3.6AI score
Exploits0References16
Mageia
Mageia
added 2020/11/10 3:20 p.m.53 views

Updated openldap packages fix a security vulnerability

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet CVE-2020-25692. Also, the PID file path in the systemd service was fixed to...

7.5CVSS2AI score0.02183EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/10 3:20 p.m.33 views

Updated sddm package fixes a security vulnerability

Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges CVE-2020-28049...

6.3CVSS3.2AI score0.00415EPSS
Exploits1References3
Mageia
Mageia
added 2020/11/10 3:20 p.m.31 views

Updated lout packages fix security vulnerabilities

Lout 3.40 has a buffer overflow in the StringQuotedWord function in z39.c. CVE-2019-19917 Lout 3.40 has a heap-based buffer overflow in the srcnext function in z02.c. CVE-2019-19918...

7.8CVSS3.8AI score0.01599EPSS
Exploits2References3
Mageia
Mageia
added 2020/11/10 3:20 p.m.44 views

Updated samba packages fix security vulnerabilities

Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information CVE-2020-14318. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use th...

6.5CVSS2.2AI score0.0218EPSS
Exploits0References6
Mageia
Mageia
added 2020/11/10 3:20 p.m.41 views

Updated spice and spice-gtk packages fix a security vulnerability

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

6.6CVSS3.8AI score0.02656EPSS
Exploits0References4
Mageia
Mageia
added 2020/11/10 3:20 p.m.38 views

Updated pacemaker packages fix a security vulnerability

ACL restrictions bypass. CVE-2020-25654...

9CVSS2.2AI score0.02002EPSS
Exploits0References4
Mageia
Mageia
added 2020/11/09 2:48 p.m.83 views

Updated docker packages fix a security vulnerability

It was discovered that Docker could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials CVE-2020-15157...

6.1CVSS6.6AI score0.02209EPSS
Exploits1References3
Mageia
Mageia
added 2020/11/08 2:14 p.m.50 views

Updated webmin package fixes security vulnerabilities

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. CVE-2020-8820 An...

6.1CVSS0.3AI score0.82149EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/08 2:14 p.m.30 views

Updated fontforge packages fix a security vulnerability

SFDGetFontMetaData insufficient CVE-2020-5395 backport. CVE-2020-25690...

8.8CVSS2.6AI score0.01343EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/08 2:14 p.m.29 views

Updated blueman packages fixes a security vulnerability

Vaisha Bernard discovered that blueman did not properly sanitize input on the D-Bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service CVE-2020-15238...

7.1CVSS4.2AI score0.04539EPSS
Exploits4References2
Mageia
Mageia
added 2020/11/08 2:14 p.m.47 views

Updated libuv packages a fix security vulnerability

The implementation of realpath in libuv before 1.39 incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes CVE-2020-8252...

7.8CVSS8.2AI score0.00714EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/08 2:14 p.m.39 views

Updated libproxy packages fix a security vulnerability

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. CVE-2020-26154...

9.8CVSS3.3AI score0.03569EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/08 2:14 p.m.86 views

Updated mariadb packages fix security vulnerabilities

The latest release of mariadb fixes some undisclosed easily exploitable vulnerabilities. CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 and CVE-2020-14812. Additionally some bugs are fixed: - Temporary tables can overwrite existing files MDEV-23569 - Crash on SELECT on a table with indexed...

6.8CVSS6.7AI score0.03012EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/08 2:14 p.m.60 views

Updated junit packages fix a security vulnerability

It was discovered that junit contained a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by oth...

5.5CVSS1.9AI score0.01695EPSS
Exploits1References3
Mageia
Mageia
added 2020/11/08 2:14 p.m.20 views

Updated suricata packages fix security vulnerabilities

The suricata package has been updated to version 4.1.9, which fixes security issues and other bugs. See the upstream announcements for details...

3.8AI score
Exploits0References3
Mageia
Mageia
added 2020/10/29 10:25 p.m.41 views

Updated tomcat packages fix a security vulnerability

If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...

4.3CVSS5.6AI score0.57286EPSS
Exploits0References2
Mageia
Mageia
added 2020/10/24 5:51 p.m.54 views

Updated nss and firefox packages fix security vulnerabilities

Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

9.8CVSS1.2AI score0.03854EPSS
Exploits0References4
Mageia
Mageia
added 2020/10/24 5:51 p.m.34 views

Updated pdns-recursor package fixes a security vulnerability

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This result...

7.5CVSS4AI score0.06465EPSS
Exploits0References3
Mageia
Mageia
added 2020/10/24 5:51 p.m.48 views

Updated thunderbird packages fix security vulnerabilities

Memory safety bugs fixed in Thunderbird 78.4. CVE-2020-15683 Use-after-free in usersctp. CVE-2020-15969...

9.8CVSS3.2AI score0.0262EPSS
Exploits0References4
Mageia
Mageia
added 2020/10/24 5:51 p.m.18 views

Updated claws-mail packages fix a security vulnerability

Shielded template's |program and |attachprogram so that the command-line that is executed does not allow sequencing such as with && || ;, preventing possible execution of nasty, or at least unexpected, commands. No CVE...

3.5AI score
Exploits0References2
Mageia
Mageia
added 2020/10/21 1:7 p.m.41 views

Updated geary package fixes a security vulnerability

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates e.g., self-signed certificates when the client system is not configured to use a system-provided PKCS11 store. This allows a meddler in the middle to present a...

5.9CVSS1.8AI score0.00922EPSS
Exploits1References2
Total number of security vulnerabilities6012