Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/10/21 1:7 p.m.•74 views

Updated kernel packages fix security vulnerabilities

A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP...

8.8CVSS8.9AI score0.07693EPSS
Exploits9References14
Mageia
Mageia
•added 2020/10/21 1:7 p.m.•28 views

Updated claw-mail packages fix a security vulnerability

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree CVE-2020-16094...

7.5CVSS3.1AI score0.01781EPSS
Exploits1References2
Mageia
Mageia
•added 2020/10/20 4:22 p.m.•56 views

Updated freetype2 packages fix security vulnerability

A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in LoadSBitPng as libpng uses the original 32-bit values, which are saved in pngstruct. If the original width and/or height are greater than 65535, the...

9.6CVSS0.4AI score0.5063EPSS
Exploits2References3
Mageia
Mageia
•added 2020/10/20 4:22 p.m.•42 views

Updated tigervnc packages fix a security vulnerability

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. CVE-2020-26117...

8.1CVSS4.2AI score0.0306EPSS
Exploits0References5
Mageia
Mageia
•added 2020/10/16 5:4 p.m.•65 views

Updated php packages fix a security vulnerability

In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure...

5.3CVSS1.7AI score0.05029EPSS
Exploits1References4
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•38 views

Updated wireshark packages fix security vulnerabilities

The TCP dissector could crash CVE-2020-25862. The MIME Multipart dissector could crash CVE-2020-25863. The BLIP dissector could crash CVE-2020-25866...

7.5CVSS1.3AI score0.04918EPSS
Exploits3References6
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•33 views

Updated phpmyadmin packages fix security vulnerabilities

A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the...

9.8CVSS1.8AI score0.67081EPSS
Exploits1References4
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•43 views

Updated brotli packages fix security vulnerability

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB CVE-2020-8927...

6.5CVSS3.8AI score0.03217EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•41 views

Updated flash-player-plugin package fixes security vulnerability

NULL Pointer Dereference that leads to arbitrary code execution in the context of the current user. CVE-2020-9746...

9.3CVSS3.2AI score0.04427EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/13 12:39 p.m.•36 views

Updated mariadb packages fix security vulnerability

This update fixes CVE-2020-15180...

9CVSS2.3AI score0.05539EPSS
Exploits0References2
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•32 views

Updated gnutls packages fix security vulnerability

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

7.5CVSS7.6AI score0.0373EPSS
Exploits1References3
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•94 views

Updated samba packages fix security vulnerability

When Samba is used as a domain controller, an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw CVE-2020-1472. Note that Samba installations are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel...

10CVSS2.2AI score0.99512EPSS
Exploits75References4
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•87 views

Updated Thunderbird packages fix security vulnerabilities

AppCache manifest poisoning due to url encoded character processing CVE-2020-12415. Use-after-free in WebRTC VideoBroadcaster CVE-2020-12416. Integer overflow in nsJPEGEncoder::emptyOutputBuffer CVE-2020-12422. WebRTC permission prompt could have been bypassed by a compromised content process...

9.3CVSS1.9AI score0.01961EPSS
Exploits2References13
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•42 views

Updated firefox packages fix security vulnerabilities

Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2020-15673. Firefox sometimes ran the onload...

8.8CVSS0.8AI score0.01961EPSS
Exploits0References11
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•60 views

Updated mediawiki packages fix security vulnerability

Multiple security issues were discovered in MediaWiki: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts CVE-2020-25812,...

7.5CVSS0.9AI score0.01752EPSS
Exploits1References4
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•40 views

Updated mbedtls packages fix security vulnerabilities

mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...

5.5CVSS3.7AI score0.00368EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•33 views

Updated novnc package fixes a security vulnerability

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. CVE-2017-18635...

6.1CVSS2AI score0.0481EPSS
Exploits1References2
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•32 views

Updated kio-extras packages fix security vulnerability

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password CVE-2020-12755...

3.3CVSS1.6AI score0.00371EPSS
Exploits0References2
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•31 views

Updated cifs-utils packages fix security vulnerability

The mount.cifs utility has a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling mount CVE-2020-14342...

7CVSS7.4AI score0.00652EPSS
Exploits1References3
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•62 views

Updated pdns packages fix security vulnerability

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while...

7.5CVSS1.3AI score0.02592EPSS
Exploits0References8
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•63 views

Updated libproxy packages fix security vulnerability

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-25219...

7.5CVSS4.8AI score0.04284EPSS
Exploits1References4
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•125 views

Updated nodejs packages fix security vulnerabilities

The nodejs package has been updated to the latest version in the 10.x branch, which is 10.22.1 at this time. It fixes several security issues and other bugs. See the upstream changelog and advisories for details...

9.8CVSS7.9AI score0.87806EPSS
Exploits4References8
Mageia
Mageia
•added 2020/09/21 7:45 p.m.•60 views

Updated mysql-connector-java package fixes security vulnerability

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands CVE-2020-2934...

5.1CVSS5.8AI score0.032EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/17 10:15 a.m.•65 views

Updated libraw packages fix a security vulnerability

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength. CVE-2020-15503...

7.5CVSS3.5AI score0.03672EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/15 12:55 p.m.•39 views

Updated zeromq packages fix security vulnerability

If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them...

7.5CVSS7.6AI score0.03408EPSS
Exploits0References2
Mageia
Mageia
•added 2020/09/15 11:45 a.m.•33 views

Updated libetpan packages fix a security vulnerability

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS2.1AI score0.02393EPSS
Exploits1References3
Mageia
Mageia
•added 2020/09/06 8:33 p.m.•54 views

Updated postgresql packages fix security vulnerabilities

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

7.3CVSS8.8AI score0.02235EPSS
Exploits0References2
Mageia
Mageia
•added 2020/09/06 8:33 p.m.•41 views

Updated python-rsa packages fix security vulnerability

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS1.8AI score0.01359EPSS
Exploits1References2
Mageia
Mageia
•added 2020/09/05 9:34 a.m.•75 views

Updated ansible package fixes security vulnerabilities

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

9.6CVSS1.5AI score0.00539EPSS
Exploits0References3
Mageia
Mageia
•added 2020/09/04 9:16 a.m.•73 views

Updated squid packages fix security vulnerabilities

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any...

8.6CVSS0.7AI score0.05162EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/04 9:16 a.m.•42 views

Updated sane packages fix security vulnerabilities

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. CVE-2020-12861 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same...

8.8CVSS2.9AI score0.03044EPSS
Exploits7References5
Mageia
Mageia
•added 2020/09/04 9:16 a.m.•63 views

Updated lua and lua5.3 packages fix security vulnerability

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31. CVE-2020-24370...

5.3CVSS2.8AI score0.03833EPSS
Exploits1References2
Mageia
Mageia
•added 2020/09/02 9:48 p.m.•38 views

Updated cairo packages fix security vulnerability

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash. CVE-2017-7475...

5.5CVSS3.2AI score0.01839EPSS
Exploits0References5
Mageia
Mageia
•added 2020/09/02 8:1 a.m.•33 views

Updated mutt packages fix security vulnerabilities

A potential IMAP Man-in-the-Middle attack via a PREAUTH response CVE-2020-14093. Mutt was ignoring an expired certificate and was proceeding with a connection CVE-2020-14154. A response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 CVE-2020-14954...

5.9CVSS3AI score0.02288EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/02 8:1 a.m.•32 views

Updated putty package fixes security vulnerability

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client CVE-2020-14002...

5.9CVSS5.2AI score0.03146EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/31 11:58 p.m.•26 views

Updated hylafax+ packages fix security vulnerabilities

In HylaFAX+ through 7.0.2, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root CVE-2020-15396. HylaFAX+ through 7.0.2 has scripts that execute binaries from directories writable by unprivileged...

7.8CVSS4.2AI score0.00538EPSS
Exploits2References3
Mageia
Mageia
•added 2020/08/30 6:45 p.m.•75 views

Updated kernel and kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in trymergefreespace ...

7.8CVSS6.5AI score0.02143EPSS
Exploits1References9
Mageia
Mageia
•added 2020/08/30 4:53 p.m.•41 views

Updated fossil package fixes security vulnerability

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository CVE-2020-24614. The fossil package has been updated to version 2.10.2, containing fixes for this issue, fix...

8.8CVSS5.9AI score0.03122EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/29 6:40 a.m.•27 views

Updated ark packages fix security vulnerability

A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction CVE-2020-24654...

4.3CVSS1.3AI score0.01496EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/28 2:46 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

8.8CVSS1.4AI score0.01378EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/28 2:46 p.m.•44 views

Updated evolution-data-server packages fix security vulnerabilities

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". CVE-2020-14928 In GNOME evolution-data-server before 3.35.91, a...

5.9CVSS1.8AI score0.02808EPSS
Exploits2References5
Mageia
Mageia
•added 2020/08/27 3:52 p.m.•39 views

Updated qt4 and qt5base packages fix security vulnerability

The readxbmbody function in gui/image/qxbmhandler.cpp has a buffer over-read CVE-2020-17507...

5.3CVSS2.9AI score0.03915EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/27 3:52 p.m.•44 views

Updated firefox packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

8.8CVSS1.4AI score0.01378EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/27 3:52 p.m.•37 views

Updated libx11 packages fix security vulnerability

There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free CVE-2020-14363...

7.8CVSS3.7AI score0.00575EPSS
Exploits1References4
Mageia
Mageia
•added 2020/08/27 3:52 p.m.•60 views

Updated x11-server packages fix security vulnerabilities

The handler for the XkbSetNames request does not validate the request length before accessing its contents CVE-2020-14345. An integer underflow exists in the handler for the XIChangeHierarchy request CVE-2020-14346. An integer underflow exist in the handler for the XkbSelectEvents request...

7.8CVSS2.1AI score0.00629EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•43 views

Updated kdepim-runtime and kmail-account-wizard packages fix security vulnerability

It was discovered that there was an issue where kmail would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use CVE-2020-15954...

6.5CVSS2AI score0.00653EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•40 views

Updated luajit packages fix security vulnerability

An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because gc handler frame traversal is mishandled CVE-2020-15890...

7.5CVSS2.3AI score0.02862EPSS
Exploits1References2
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•39 views

Updated ghostscript packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A buffer overflow vulnerability in lprnisblack in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. CVE-2020-16287 A buffer overflow vulnerability in...

7.8CVSS4.2AI score0.02258EPSS
Exploits25References2
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•36 views

Updated python-ipaddress package fixes security vulnerability

Hash collisions in IPv4Interface and IPv6Interface could lead to DOS CVE-2020-14422...

5.9CVSS1.1AI score0.12826EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•83 views

Updated mysql-connector-python packages fix security vulnerability

Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion o...

8.1CVSS5AI score0.02518EPSS
Exploits0References3
Total number of security vulnerabilities6012