Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/05/29 9:18 p.m.•67 views

Updated json-c packages fix security vulnerability

Updated json-c package fixes security vulnerabilities: It was discovered that json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend CVE-2020-12762...

7.8CVSS3.8AI score0.01888EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/29 9:18 p.m.•41 views

Updated jasper packages fix security vulnerability

Updated jasper packages fix security vulnerability: There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack CVE-2018-9154...

7.5CVSS3.2AI score0.03472EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/29 9:18 p.m.•33 views

Updated gdb packages fix security vulnerability

Updated gdb packages fix security vulnerability: Potential buffer overflow when loading ELF sections larger than the file CVE-2019-1010180...

7.8CVSS3.9AI score0.02628EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/27 7:6 p.m.•43 views

Updated libexif packages fix security vulnerability

The updated packages fix a security vulnerability: In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...

9.1CVSS1.2AI score0.02684EPSS
Exploits0References4
Mageia
Mageia
•added 2020/05/27 6:17 p.m.•53 views

Updated ant packages fix security vulnerability

Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...

6.3CVSS1.2AI score0.01793EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/27 6:17 p.m.•69 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerabilities: - Fixed bug 78875 Long filenames cause OOM and temp files are not cleaned. 1 - Fixed bug 78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. 2 - Fixed bug 79441 Segfault in mbchr if internal encoding is...

5.3CVSS0.5AI score0.06264EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•40 views

Updated dojo packages fix security vulnerability

Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other valu...

8.6CVSS2.1AI score0.0399EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•56 views

Updated sleuthkit packages fix security vulnerability

Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table CVE-2019-14532. In version 4.8.0 and earlier of The Sleuth Kit TSK, there ...

9.8CVSS2.3AI score0.02352EPSS
Exploits2References1
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•55 views

Updated nginx packages fix security vulnerability

Nginx was updated due to the following vulnerabilities: ngxhttpspecialresponse.c: With a certain errorpage configuration, HTTP request smuggling is possible. Thus, an attacker may be able to read unauthorized web pages at times when NGINX is being fronted by a load balancer. CVE-2019-20372...

5.3CVSS0.7AI score0.14961EPSS
Exploits3References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•47 views

Updated log4net packages fix security vulnerability

Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...

9.8CVSS6.9AI score0.49839EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•32 views

Updated transmission packages fix security vulnerability

Updated transmission packages fix security vulnerability: Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted torrent file CVE-2018-10756...

7.8CVSS7.8AI score0.02632EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/27 12:46 a.m.•63 views

Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

9.8CVSS4.7AI score0.02475EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•24 views

Updated file-roller packages fix security vulnerability

Updated the file-roller package in order to fix a security vulnerability: fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented CVE-2020-11736...

3.9CVSS3AI score0.00768EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•56 views

Updated ansible packages fix security vulnerabilities

Updated ansible package fixes security vulnerabilities: A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with...

7.9CVSS0.3AI score0.00506EPSS
Exploits3References5
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•73 views

Updated kernel packages fix security vulnerability

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...

6.7CVSS1.1AI score0.04505EPSS
Exploits0References7
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•43 views

Updated dovecot packages fix security vulnerabilities

Dovecot has been updated to fix several security issues. Sending malformed NOOP command causes crash in submission, submission-login or lmtp service CVE-2020-10957. Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submissio...

7.5CVSS1.3AI score0.08153EPSS
Exploits5References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•20 views

Updated microcode packages fix security issues

This microcode updates provides new microcode versions for the following Intel Ice Lake and Sandy Bride family processors: Processor Stepping Model Update Name - ICL-U/Y D1 6-7e-5/80 00000046-00000078 Core Gen10 Mobile - SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f-00000621 Xeon E3/E5, Core X -...

3.8AI score
Exploits0References1
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•62 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...

7.2CVSS2.4AI score0.04505EPSS
Exploits2References9
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•30 views

Updated libntlm packages fix security vulnerability

Updated libntlm packages fix security vulnerability: It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in...

9.8CVSS2.3AI score0.03107EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•70 views

Updated glpi packages fix security vulnerabilities

Updated glpi packages fix security vulnerabilities: In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges...

9.3CVSS1.2AI score0.07608EPSS
Exploits1References6
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•51 views

Updated pdns-recursor packages fix security vulnerabilities

Updated pdns-recursor packages fix security vulnerabilities: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the...

7.5CVSS4.1AI score0.04372EPSS
Exploits0References5
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•37 views

Updated clamav packages fix security vulnerabilities

Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...

7.5CVSS1.3AI score0.05063EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•27 views

Updated viewvc packages fix security vulnerability

Updated viewvc package fixes security vulnerability: ViewVC before versions 1.1.28 has an XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted...

3.5CVSS1.9AI score0.01216EPSS
Exploits1References5
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•46 views

Updated nmap packages fix security vulnerability

Updated nmap packages fix security vulnerability: nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse CVE-2017-18594. Also, when a server forced...

7.5CVSS1.6AI score0.03164EPSS
Exploits1References3
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•12 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: The NFS dissector could crash...

1.7AI score
Exploits0References4
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•53 views

Updated unbound packages fix security vulnerabilities

Updated unbound packages fix security vulnerabilities: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target CVE-2020-12662. Malformed answers from upstream name servers can be used to make Unbound unresponsive CVE-2020-12663...

7.5CVSS3AI score0.03588EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/15 3:48 p.m.•40 views

Updated netkit-telnet packages fix security vulnerability

Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could...

10CVSS1.6AI score0.74513EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/15 3:48 p.m.•35 views

Updated libreswan packages fix security vulnerability

Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the...

7.5CVSS2.8AI score0.03288EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/15 3:48 p.m.•21 views

Updated suricata packages fix security issues

Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.8, which fixes security issues and other bugs. See the upstream announcements for details...

3.8AI score
Exploits0References3
Mageia
Mageia
•added 2020/05/15 3:48 p.m.•50 views

Updated ntp packages fix security vulnerability

The updated packages fix security vulnerabilities including: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packe...

7.5CVSS2.5AI score0.02081EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/15 3:48 p.m.•29 views

Updated jbig2dec packages fix security vulnerability

Updated jbig2dec packages fix security vulnerability: jbig2imagecompose in jbig2image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow CVE-2020-12268...

9.8CVSS3.7AI score0.02622EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/10 8:55 a.m.•49 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.138 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.129 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.8CVSS2.2AI score0.05803EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•39 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value CVE-2019-20788...

9.8CVSS4AI score0.02436EPSS
Exploits1References1
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•34 views

Updated vlc packages fix security vulnerabilities

Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079,...

9.8CVSS3AI score0.03636EPSS
Exploits8References4
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•50 views

Updated matio packages fix security vulnerability

Updated matio packages fix a security vulnerability: Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvarstruct.c CVE-2019-13107. The matio package has been updated to version 1.5.16 to fix this issue. Also: - The scilab package has been...

9.8CVSS3.2AI score0.01766EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•48 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server CVE-2020-10700. A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing ...

7.5CVSS3.2AI score0.03455EPSS
Exploits0References6
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•35 views

Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting XSS via malicious HTML content CVE-2020-12625 - CSRF attack can cause an authenticated user to be logged out CEV-2020-12626 - Remote code execution via crafted config options - Path traversal vulnerability...

6.5CVSS2.5AI score0.02782EPSS
Exploits2References3
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•45 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...

10CVSS0.2AI score0.05803EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to...

10CVSS0.1AI score0.05803EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•56 views

Updated qt4 packages fix security vulnerabilities

Updated qt4 packages fix security vulnerabilities: A double-free or corruption during parsing of a specially crafted illegal XML document CVE-2018-15518. A malformed SVG image could cause a segmentation fault in qsvghandler.cpp CVE-2018-19869. A malformed GIF image might have caused a NULL pointe...

9.8CVSS2.3AI score0.03382EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•46 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution CVE-2020-3899. The webkit2 package has been updated to version 2.28.2, fixing this issue and other bugs...

9.3CVSS5.4AI score0.04017EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•39 views

Updated exiv2 packages fix security vulnerability

The updated packages fix a security vulnerability: A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long running loop via a crafted WEBP image file. CVE-2019-13111...

5.5CVSS3.1AI score0.00802EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•59 views

Updated openexr packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in...

5.5CVSS1.9AI score0.01807EPSS
Exploits8References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•55 views

Updated openldap packages fix security vulnerabilities

Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service slapd crash via a member MODDN operation CVE-2017-17740. I...

7.5CVSS3.7AI score0.07022EPSS
Exploits1References7
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•32 views

Updated ruby-json packages fix security vulnerability

Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...

7.5CVSS3.4AI score0.06811EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•37 views

Updated teeworlds packages fix security vulnerabilities

Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...

9.8CVSS1.6AI score0.02957EPSS
Exploits0References4
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•105 views

Updated kernel packages fix security vulnerabilities

This update is based on the upstream 5.6.8 kernel and fixes at least the following security issues: usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a referenceCVE-2020-12464. An issue was discovered in the Linux...

7.2CVSS0.4AI score0.00802EPSS
Exploits2References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•32 views

Updated dolphin-emu packages fix security vulnerability

Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues: - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9....

8.8CVSS4.4AI score0.06151EPSS
Exploits10References5
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•41 views

Updated libsndfile packages fix security vulnerabilities

Updated libsndfile packages fix security vulnerabilities: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulawarray in ulaw.c that will lead to a denial of service CVE-2018-19661. An issue was discovered in libsndfile 1.0.28. There is a buffer over-read...

8.1CVSS2.6AI score0.02312EPSS
Exploits2References1
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•39 views

Updated qtbase5 packages fix security vulnerability

Updated qtbase5 packages fix security vulnerability: An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of...

7.5CVSS7.2AI score0.02489EPSS
Exploits0References2
Total number of security vulnerabilities6012