Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/07/10 3:40 p.m.•41 views

Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

7.1CVSS2.6AI score0.0112EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/10 3:40 p.m.•42 views

Updated ffmpeg packages fix security vulnerability

Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...

10CVSS3.7AI score0.03756EPSS
Exploits3References4
Mageia
Mageia
•added 2020/07/10 8:1 a.m.•39 views

Updated coturn packages fix security vulnerability

The updated package fixes a security vulnerability: In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client an attacker could use their connection to...

7.5CVSS3AI score0.01847EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/10 8:1 a.m.•50 views

Updated vino packages fix security vulnerability

The updated package fixes security vulnerabilities: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. CVE-2020-14397 Byte-aligned data is accessed through uint16t pointers in libvncserver/translate.c. CVE-2020-14400 libvncserver/corre....

7.5CVSS5.8AI score0.0339EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/10 8:1 a.m.•41 views

Updated samba packages fix security vulnerability

Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2020-10730. Douglas Bagnall...

7.8CVSS3AI score0.03874EPSS
Exploits0References7
Mageia
Mageia
•added 2020/07/07 1:47 p.m.•32 views

Updated pdns-recursor packages fix security vulnerability

Updated pdns-recursor package fixes security vulnerability: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the...

5.3CVSS2AI score0.01688EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/07 1:47 p.m.•45 views

Updated ruby packages fix security vulnerability

Updated ruby packages fix security vulnerability: An issue was discovered in Ruby through 2.5.7. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the...

5.3CVSS0.9AI score0.02564EPSS
Exploits1References3
Mageia
Mageia
•added 2020/07/07 11:13 a.m.•65 views

Updated mariadb packages fix security vulnerability

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Client product of MariaDB component: C API Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this...

5.5CVSS3AI score0.03014EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/06 8:42 p.m.•48 views

Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability: A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this...

5.7CVSS2AI score0.00813EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/05 7:48 p.m.•37 views

Updated ntp packages fix security vulnerability

Updated ntp packages fix security vulnerability: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC...

4.9CVSS5.1AI score0.03357EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/05 7:48 p.m.•46 views

Updated curl packages fix security vulnerability

Updated curl packages fix security vulnerabilities: libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers CVE-2020-8169. curl can be tricked by a malicious server to overwri...

7.8CVSS1.9AI score0.03427EPSS
Exploits2References4
Mageia
Mageia
•added 2020/07/05 7:48 p.m.•41 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerabilities: libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename CVE-2019-20839. libvncserver/rfbregion.c had a NULL pointer dereference CVE-2020-14397. Byte-aligned data was accessed through uint32t pointers in...

7.5CVSS6.1AI score0.03589EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/05 3:53 p.m.•36 views

Updated docker packages fix security vulnerability

Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a...

6CVSS2.6AI score0.02839EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/05 11:26 a.m.•54 views

Updated tomcat packages fix security vulnerability

Updated tomcat packages fix security vulnerability: When using Apache Tomcat versions 9.0.0.M1 to 9.0.34, if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the PersistenceManager ...

7CVSS4.5AI score0.56636EPSS
Exploits15References2
Mageia
Mageia
•added 2020/07/05 11:26 a.m.•28 views

Updated tcpreplay packages fix security vulnerability

Updated tcpreplay package fixes security vulnerability: tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a getc operation. The issue is being triggered in the function getipv6next at common/get.c CVE-2020-12740...

9.1CVSS2.4AI score0.01652EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/05 8:46 a.m.•44 views

Updated mailman packages fix security vulnerability

Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension or an unknown file extension then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type based on the file extensio...

6.5CVSS1.2AI score0.02698EPSS
Exploits1References3
Mageia
Mageia
•added 2020/07/05 8:46 a.m.•17 views

Updated perl-YAML packages fix security vulnerability

Updated perl-YAML package fixes security vulnerability: This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob feature you would be able to set the variable $YAML::LoadCode from a YAML file, and that would be a security issue. The...

3.4AI score
Exploits0References3
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•44 views

Updated firefox packages fix security vulnerability

Updated nss and firefox packages fix security vulnerabilities: NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys CVE-2020-12399. Side channel vulnerabilities during RSA key generation in NSS CVE-2020-12402. When browsing ...

9.3CVSS1.2AI score0.03034EPSS
Exploits2References6
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•41 views

Updated vlc packages fix security vulnerability

Updated vlc packages fixes security vulnerability: A heap-based buffer overflow in the hxxxAnnexBtoxVC function in modules/packetizer/hxxxnal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted...

7.8CVSS6.7AI score0.02391EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•29 views

Updated libupnp packages fix security vulnerability

The updated packages fix a security vulnerability: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in...

7.5CVSS4.7AI score0.03469EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•41 views

Updated libexif packages fix security vulnerability

The updated packages fix a security vulnerability: In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

7.5CVSS5.4AI score0.04262EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•44 views

Updated python-httplib2 packages fix security vulnerability

Updated python-httplib2 packages fix security vulnerability: In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri...

6.8CVSS1.7AI score0.02593EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•60 views

Updated libxml2 packages fix security vulnerability

Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted...

7.5CVSS2.3AI score0.05515EPSS
Exploits0References3
Mageia
Mageia
•added 2020/06/20 10:45 p.m.•46 views

Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...

7.4CVSS2.7AI score0.17507EPSS
Exploits3References2
Mageia
Mageia
•added 2020/06/19 10:25 a.m.•40 views

Updated libjpeg packages fix security vulnerability

Updated libjpeg packages fix security vulnerability: libjpeg-turbo 2.0.4 has a heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file CVE-2020-13790...

8.1CVSS3.6AI score0.03205EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/16 7:45 a.m.•34 views

Updated scapy packages fix security vulnerability

Updated scapy packages fix security vulnerabilities: A vulnerability was found in scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap...

7.5CVSS2.9AI score0.02791EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/16 7:45 a.m.•32 views

Updated mbedtls packages fix security vulnerability

Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave to fully recover an ECDSA private key. CVE-2020-10932 Fi...

4.7CVSS2.8AI score0.00247EPSS
Exploits0References3
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•42 views

Updated axel packages fix security vulnerability

Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification CVE-2020-13614. The axel package has been updated to version 2.17.8, fixing this issue and other bugs...

5.9CVSS3AI score0.01928EPSS
Exploits1References3
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•35 views

Updated networkmanager packages fix security vulnerability

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely...

4.3CVSS2.6AI score0.00983EPSS
Exploits0References5
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•48 views

Updated roundcubemail packages fix security vulnerability

The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting XSS via malicious XML attachment and improves the fix for CVE-2020-12641...

6.3CVSS1.8AI score0.76596EPSS
Exploits2References2
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•66 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerabilities: It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service CVE-2019-6477. Lior Shafir, Yehuda Afek, and Anat...

8.6CVSS1.8AI score0.93422EPSS
Exploits6References6
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•39 views

Updated dbus packages fix security vulnerability

The updated packages fix a security vulnerability: An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus o...

5.5CVSS1AI score0.00569EPSS
Exploits1References3
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•47 views

Updated flash-player-plugin packages fix security vulnerability

The updated packages fix a security vulnerability: Use after free that leads to arbitrary code execution in the context of the current user. CVE-2020-9633...

10CVSS3AI score0.0756EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/12 11:58 p.m.•41 views

Updated libreoffice packages fix security vulnerability

This update increase Libreoffice to version 6.4.4.2 It fixes Security issues and add kf5 support. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If...

5.3CVSS2.9AI score0.01255EPSS
Exploits0References4
Mageia
Mageia
•added 2020/06/10 11:59 p.m.•43 views

Updated coturn packages fix security vulnerability

Updated the coturn package in order to fix some security vulnerabilities: httpserver.c: An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attack...

9.8CVSS1.2AI score0.06102EPSS
Exploits2References2
Mageia
Mageia
•added 2020/06/10 11:59 p.m.•24 views

Updated xawtv packages fix security vulnerability

Updated xawtv packages fix security vulnerability: The v4l-conf program in xawtv allows users to determine the existence of file names in directories they do not have access to, and allows a user to have the system open files they do not have access to, though it does not provide the user access ...

4.4CVSS4.2AI score0.00355EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/10 11:59 p.m.•56 views

Updated nghttp2 packages fix security vulnerability

nghttp2 has been updated to version 1.41.0 to fix CVE-2020-11080. The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and...

7.5CVSS4AI score0.05316EPSS
Exploits0References1
Mageia
Mageia
•added 2020/06/10 11:59 p.m.•64 views

Updated perl packages fix security vulnerability

This update from 5.28.2 to 5.28.3 fixes bugs several bugs the RPM package manager. - Update to 5.23.3 See https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod for release notes - Security release fixes CVE-2020-10543, CVE-2020-10878 and CVE-2020-12723 - Work around a glibc bug...

8.6CVSS0.3AI score0.11334EPSS
Exploits0References1
Mageia
Mageia
•added 2020/06/10 10:57 p.m.•34 views

Updated openconnect packages fix security vulnerability

Updated openconnect packages fix security vulnerabilities: OpenConnect through 8.08 mishandles negative return values from X509check function calls, which might assist attackers in performing man-in-the-middle attacks CVE-2020-12105. OpenConnect 8.09 has a buffer overflow, causing a denial of...

9.8CVSS4.1AI score0.04622EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/10 10:57 p.m.•63 views

Updated ruby-rack packages fix security vulnerability

Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in RackRubyGem rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...

8.6CVSS1AI score0.03687EPSS
Exploits0References5
Mageia
Mageia
•added 2020/06/10 10:57 p.m.•37 views

Updated libarchive packages fix security vulnerability

Updated libarchive packages fix security vulnerability: archivereadsupportformatlha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted LHA archive...

5AI score
Exploits0References5
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•72 views

Updated nrpe packages fix security vulnerability

Updated nrpe packages fix security vulnerabilities: Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nastymetachars interprets \n as the character \ and the character n not as the \n newline sequence. This can cause command injection CVE-2020-6581. Nagios NRPE 3.2.1 has a...

7.5CVSS3AI score0.03871EPSS
Exploits2References4
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•40 views

Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability: It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service CVE-2020-10703. It was discovered that libvirt...

6.5CVSS2.4AI score0.02363EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•32 views

Updated libzypp packages fix security vulnerability

Libzypp from mageia 7 is affected by a security issue. This update fixes this. Incorrect Default Permissions vulnerability in libzypp allowed local attackers to read a cookie store used by libzypp, exposing private cookies...

4CVSS5.6AI score0.00301EPSS
Exploits0References5
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•30 views

Updated python-typed-ast packages fix security vulnerability

Updated python-typed-ast package fixes security vulnerabilities: typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process...

7.5CVSS4.6AI score0.03255EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•40 views

Updated sudo packages fix security vulnerability

Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...

7.5CVSS3.5AI score0.03295EPSS
Exploits0References5
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•50 views

Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerabilities: It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information CVE-2019-2228. Stephan...

8.8CVSS1.2AI score0.02091EPSS
Exploits0References6
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•45 views

Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...

6.5CVSS0.8AI score0.01214EPSS
Exploits0References5
Mageia
Mageia
•added 2020/06/10 9:39 p.m.•56 views

Updated vino packages fix security vulnerability

Updated vino packages fix security vulnerabilities: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service memory consumption ...

9.8CVSS9.2AI score0.07563EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/10 9:39 p.m.•58 views

Updated ruby-RubyGems packages fix security vulnerability

Updated ruby-RubyGems package fixes security vulnerabilities The following vulnerabilities have been reported. CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection...

9.8CVSS2AI score0.05076EPSS
Exploits1References2
Total number of security vulnerabilities6012