Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/08/22 7:27 p.m.•44 views

Updated chrony package fixes security vulnerability

Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...

6CVSS2.9AI score0.00485EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/20 11:30 p.m.•30 views

Updated ngircd package fixes security vulnerability

The Server-Server protocol implementation in ngIRCd before 26rc2 allows an out-of-bounds access, as demonstrated by the IRCNJOIN function. CVE-2020-14148...

7.5CVSS4.3AI score0.02643EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 8:43 p.m.•56 views

Updated freerdp packages fix security vulnerability

Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on invalid length arguments to a memcpy CVE-2020-1510...

5.9CVSS2.9AI score0.04105EPSS
Exploits1References3
Mageia
Mageia
•added 2020/08/18 8:43 p.m.•50 views

Updated roundcubemail packages fix security vulnerabilities

Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 Fix cross-site scripting XSS via HTML messages with malicious math content...

6.1CVSS0.7AI score0.01945EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 8:43 p.m.•55 views

Updated jasper packages fix security vulnerabilities

The jasmatrixbindsub function in jasseq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service invalid read via a crafted image CVE-2017-6851. Heap-based buffer overflow in the jpcdecdecodepkt function in jpct2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified...

7.8CVSS4.6AI score0.04676EPSS
Exploits11References3
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•42 views

Updated x11-server packages fix security vulnerability

Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws known/unknown could lead to lead t...

5.5CVSS2.8AI score0.00388EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•67 views

Updated tomcat packages fix security vulnerability

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...

7.5CVSS6.7AI score0.87553EPSS
Exploits1References3
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•88 views

Updated kernel packages fix security vulnerability

This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in...

9.8CVSS7.2AI score0.02503EPSS
Exploits1References33
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•50 views

Updated libx11 packages fix security vulnerability

The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method CVE-2020-14344. The libx11 package has been updated to version 1.6.10 which fixes this...

6.7CVSS4.4AI score0.00465EPSS
Exploits0References5
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•55 views

Updated squid packages fix security vulnerability

Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates. This attack is limited to Squid built with OpenSSL features and opening peer or server connections for HTTPS traffic an...

7.5CVSS0.9AI score0.04408EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•39 views

Updated python-rstlib packages fix security vulnerability

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used and thus permissions are not preserved upon editing. An adversary with prior access to /etc/target/saveconfig.json could access a later version, resultin...

7.8CVSS3.7AI score0.00339EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•42 views

Updated clamav packages fix security vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

7.5CVSS3.6AI score0.03204EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•62 views

Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

9.8CVSS9.5AI score0.90039EPSS
Exploits4References3
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•34 views

Updated claws-mail packages fix security vulnerability

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled CVE-2020-15917...

9.8CVSS2.2AI score0.02592EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•68 views

Updated thunderbird packages fix security vulnerability

Potential leak of redirect targets when loading scripts in a worker. CVE-2020-15652 WebRTC data channel leaks internal address to peer. CVE-2020-6514 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture. CVE-2020-6463 Memory safety bugs fixed in Thunderbird 68.11. CVE-2020-15659...

9.3CVSS2.4AI score0.0779EPSS
Exploits6References4
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•26 views

Updated ark packages fix security vulnerability

A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...

4.3CVSS1.4AI score0.01706EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•58 views

Updated firefox packages fix security vulnerability

WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR CVE-2020-6514. Crafted media files could lead to a race in texture caches, resulting in a use-after-free in ANGLE...

9.3CVSS8.8AI score0.0779EPSS
Exploits6References7
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•36 views

Updated libssh packages fix security vulnerability

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service CVE-2020-16135...

5.9CVSS3.2AI score0.04105EPSS
Exploits1References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•46 views

Updated golang packages fix security vulnerability

Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected CVE-2020-15586. Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of byt...

7.5CVSS7.2AI score0.0473EPSS
Exploits0References6
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•39 views

Updated targetcli packages fix security vulnerability

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...

5.5CVSS3.2AI score0.00335EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•23 views

Updated radare2 packages fix security vulnerability

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

9.6CVSS2.9AI score0.01558EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•41 views

Updated postgresql-jdbc packages fix security vulnerability

XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692...

7.7CVSS2.3AI score0.04094EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•35 views

Updated dovecot packages fix security vulnerability

CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674:...

7.5CVSS2.5AI score0.06187EPSS
Exploits4References4
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•34 views

Updated firejail packages fix security vulnerability

It was reported that firejail does not respect the end-of-options separator "--", allowing an attacker with control over the command line options of the sandboxed application, to write data to a specified file CVE-2020-17367. It was reported that firejail when redirecting output via --output or...

9.8CVSS2.2AI score0.04098EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/16 1:53 p.m.•68 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs...

10CVSS3.4AI score0.77246EPSS
Exploits5References3
Mageia
Mageia
•added 2020/08/16 1:53 p.m.•33 views

Updated znc packages fix security vulnerability

The znc package has been updated to version 1.8.1, containing several bugfixes and enhancements. See the upstream change logs for details...

6.5CVSS3.3AI score0.01845EPSS
Exploits0References4
Mageia
Mageia
•added 2020/08/16 12:6 p.m.•14 views

Updated mumble packages fix security vulnerability

Updated mumble package fixes security vulnerability: OCB2 is known to be broken under certain conditions: https://eprint.iacr.org/2019/311 To execute the universal attacks described in the paper, an attacker needs access to an encryption oracle that allows it to perform encryption queries with...

1AI score
Exploits0References3
Mageia
Mageia
•added 2020/08/16 11:9 a.m.•40 views

Updated glib-networking packages fix security vulnerability

The updated packages fix a security vulnerability: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended...

6.5CVSS1AI score0.01933EPSS
Exploits1References4
Mageia
Mageia
•added 2020/08/01 9:25 a.m.•48 views

Updated php-phpmailer packages fix security vulnerability

Fix insufficient output escaping bug in file attachment names CVE-2020-13625...

7.5CVSS2.1AI score0.0378EPSS
Exploits1References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•44 views

Updated gssdp/gupnp packages fix security vulnerability

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. CVE-2020-12695...

7.8CVSS1.9AI score0.15193EPSS
Exploits3References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•99 views

Updated freerdp/remmina packages fix security vulnerability

It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. The freerdp package has been updated to version 2.1.2 to fix these issues. Also, th...

8.3CVSS4.9AI score0.02653EPSS
Exploits12References41
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•48 views

Updated virtualbox packages fix security vulnerability

Multiple security vulnerabilities in virtualbox allow unauthorized access to critical data or takeover of Oracle VM VirtualBox. See CVE references for details...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•41 views

Updated nasm packages fix security vulnerability

Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file CVE-2018-10254. Netwide Assembler NAS...

7.8CVSS4AI score0.05166EPSS
Exploits13References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•74 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Bypass of boundary checks in nio.Buffer via concurrent access. CVE-2020-14583 Incomplete bounds checks in Affine Transformations. CVE-2020-14593 Incorrect handling of access control context in ForkJoinPool. CVE-2020-14556 Unexpected exception raised by DerInputStream. CVE-2020-14578 Unexpected...

8.3CVSS1.4AI score0.04315EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•34 views

Updated dnsmasq packages fix security vulnerability

Updated dnsmasq package fix insecure default configuration potentially making it an open resolver CVE-2020-14312. In its default configuration, dnsmasq listen and answer query from any address even outside of the local subnet. Thus, it may inadvertently become an open resolver which might be used...

5.9CVSS1.5AI score0.0123EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•34 views

Updated redis packages fix security vulnerability

An integer overflow in the getnum function in luastruct.c CVE-2020-14147...

7.7CVSS3.6AI score0.03085EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•46 views

Updated openjpeg2 packages fix security vulnerability

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice CVE-2020-15389...

6.5CVSS2.3AI score0.02595EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•57 views

Updated microcode packages fix security vulnerability

Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 Cleanup errors in some IntelR Processors may allow an authenticated user to potentially enable...

5.5CVSS3.9AI score0.00587EPSS
Exploits0References6
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•14 views

Updated roundcubemail packages fix security vulnerability

This update fixes a recently reported cross-site scripting XSS vulnerability via HTML messages with malicious svg/namespace...

0.4AI score
Exploits0References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•34 views

Updated matio packages fix security vulnerability

MatVarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdupvprintf when uninitialized memory is accessed. CVE-2019-17533...

8.2CVSS3.5AI score0.01879EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•55 views

Updated thunderbird packages fix security vulnerability

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection CVE-2020-12398. When browsing a malicious page, a race condition in our...

9.3CVSS0.4AI score0.03034EPSS
Exploits2References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•120 views

Updated ruby-rack packages fix security vulnerability

A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3 that makes it is possible for an attacker to forge a secure or host-only cookie prefix CVE-2020-8184...

7.5CVSS3.3AI score0.02938EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•18 views

Updated botan2 packages fix security vulnerability

The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length...

1.1AI score
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•40 views

Updated xerces-c packages fix security vulnerability

A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...

8.1CVSS3.7AI score0.09503EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•48 views

Updated chocolate-doom packages fix security vulnerability

The server in Chocolate Doom 3.0.0 doesn't validate the user-controlled numplayers value, leading to a buffer overflow. A malicious user can overwrite the server's stack CVE-2020-14983...

9.8CVSS3.4AI score0.02245EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•99 views

Updated pcre2 packages fix security vulnerability

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...

7.5CVSS4AI score0.01561EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•31 views

Updated cloud-init packages fix security vulnerability

In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function CVE-2020-8631. In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default...

5.5CVSS4AI score0.00438EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/30 1:6 p.m.•44 views

Updated podofo packages fix security vulnerability

The updated packages fix security vulnerabilities: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. CVE-2018-12983 An issue was...

9.8CVSS3.2AI score0.02552EPSS
Exploits4References6
Mageia
Mageia
•added 2020/07/10 3:40 p.m.•41 views

Updated ffmpeg packages fix security vulnerability

Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...

10CVSS3.7AI score0.03756EPSS
Exploits3References4
Mageia
Mageia
•added 2020/07/10 3:40 p.m.•41 views

Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

7.1CVSS2.6AI score0.0112EPSS
Exploits0References2
Total number of security vulnerabilities6012