Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/05/05 12:20 p.m.•46 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution CVE-2020-3899. The webkit2 package has been updated to version 2.28.2, fixing this issue and other bugs...

9.3CVSS5.4AI score0.04017EPSS
Exploits0References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•37 views

Updated teeworlds packages fix security vulnerabilities

Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size CVE-2019-20787. Teeworlds before 0.7.5 is subject to a denial of service against the server CVE-2020-12066. This update fixes both vulnerabilities by...

9.8CVSS1.6AI score0.02957EPSS
Exploits0References4
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•36 views

Updated gnuchess packages fix security vulnerability

Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file CVE-2019-15767...

7.8CVSS3.5AI score0.01468EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•41 views

Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters hav...

4.3CVSS2.9AI score0.01609EPSS
Exploits1References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•40 views

Updated qtbase5 packages fix security vulnerability

Updated qtbase5 packages fix security vulnerability: An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of...

7.5CVSS7.2AI score0.02489EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•32 views

Updated ruby-json packages fix security vulnerability

Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...

7.5CVSS3.4AI score0.06811EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/26 2:39 p.m.•34 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.122 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.92 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.6CVSS2.2AI score0.01326EPSS
Exploits1References3
Mageia
Mageia
•added 2020/04/25 8:55 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...

7.8CVSS6.5AI score0.034EPSS
Exploits1References8
Mageia
Mageia
•added 2020/04/25 8:55 p.m.•53 views

Updated kernel-linus packages fix security vulnerabilities

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...

7.8CVSS2.6AI score0.034EPSS
Exploits1References8
Mageia
Mageia
•added 2020/04/24 5:3 p.m.•25 views

Updated mp3gain packages fix security vulnerability

The updated package fixes a security vulnerability: A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. CVE-2019-18359...

5.5CVSS2.7AI score0.01398EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/24 5:3 p.m.•51 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.0.20 adding support for kernel 5.6 series and fixes the following security vulnerabilities: Oracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualB...

8.8CVSS2.7AI score0.0262EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/24 5:3 p.m.•59 views

Updated git packages fix security vulnerability

Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...

7.5CVSS1.4AI score0.03899EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/24 5:3 p.m.•88 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...

8.3CVSS1.3AI score0.0623EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/20 2:2 p.m.•50 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerabilities: - OOB Read in urldecode CVE-2020-7067 - Integer Overflow in shmopopen Noteable changes: - Opcache chokes and uses 100% CPU on specific script - curlcopyhandle memory leak - ZipArchive::open fails on empty file...

7.5CVSS2.3AI score0.04311EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/20 2:2 p.m.•42 views

Updated python-bleach packages fix security vulnerability

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. CVE-2020-6816 Regular expression denial of service. CVE-2020-6817...

7.5CVSS3.5AI score0.01301EPSS
Exploits2References4
Mageia
Mageia
•added 2020/04/20 2:2 p.m.•40 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs...

8.8CVSS3.7AI score0.02827EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/16 11:1 p.m.•48 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS2.2AI score0.01977EPSS
Exploits9References3
Mageia
Mageia
•added 2020/04/16 11:1 p.m.•38 views

Updated git packages fix security vulnerability

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol CVE-2020-5260...

9.3CVSS7.7AI score0.10047EPSS
Exploits2References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•33 views

Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: A flaw was reported in the DTLS protocol implementation in GnuTLS. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol CVE-2020-11501...

7.4CVSS7.5AI score0.03388EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•41 views

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as...

7.8CVSS7.7AI score0.02582EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•37 views

Updated tor packages fix security vulnerabilities

Updated tor package fixes security vulnerabilities: Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service CPU consumption CVE-2020-10592. Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service memory leak. This occurs in circpadsetupmachineoncirc because a...

7.8CVSS6.1AI score0.03146EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•55 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...

6.1CVSS6.7AI score0.56691EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•29 views

Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...

5.3CVSS3.1AI score0.03065EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•47 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Use-after-free while running the nsDocShell destructor. CVE-2020-6819 Use-after-free when handling a ReadableStream. CVE-2020-6820 Uninitialized memory could be read when using the WebGL copyTexSubImage method. CVE-2020-6821 Out of bounds write i...

9.8CVSS2.2AI score0.06305EPSS
Exploits1References4
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•32 views

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...

5.3CVSS1.1AI score0.01123EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•37 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: The BACapp dissector could crash CVE-2020-11647...

7.5CVSS1.4AI score0.03322EPSS
Exploits0References4
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•44 views

Updated krb5-appl packages fix security vulnerability

Updated krb5-appl packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploi...

10CVSS1.6AI score0.74513EPSS
Exploits2References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•33 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerability: In libvncserver, through libvncclient/cursor.c, there is a possibility of a heap overflow, as reported by Pavel Cheremushkin CVE-2019-15690...

8.8CVSS1.8AI score0.00733EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/08 5:12 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...

9.8CVSS0.5AI score0.01905EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/05 5:49 p.m.•18 views

Updated kernel packages fix security issues

This update is based on upstream 5.5.15 and fixes some security related issues related to use after free and null pointer dereferences and also some other bugfixes. Other fixes in this update: - WireGuard module has been updated to v1.0.20200401 - ndiswrapper has been fixed and re-enabled...

2AI score
Exploits0References4
Mageia
Mageia
•added 2020/04/05 5:7 p.m.•40 views

Updated python-nltk packages fix security vulnerability

Updated python-ntlk package fixes security vulnerability: A vulnerability was found in NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ in an NLTK package ZIP archive that is mishandled during extraction CVE-2019-14751...

7.5CVSS5.8AI score0.05831EPSS
Exploits2References2
Mageia
Mageia
•added 2020/04/05 5:7 p.m.•38 views

Updated librsvg packages fix security vulnerability

The updated packages fix a security vulnerability: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows...

6.5CVSS4.3AI score0.02125EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/05 5:7 p.m.•50 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free CVE-2020-6819. Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free CVE-2020-6820...

8.1CVSS1.3AI score0.06305EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/03 10:53 p.m.•61 views

Updated dcraw packages fix security vulnerabilities

The updated packages fix security vulnerabilities: There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 In LibRaw through 0.18.4, an out of bounds read flaw related to...

9.1CVSS3.4AI score0.02988EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/03 10:53 p.m.•56 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on upstream 5.5.15 and fixes at least the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu...

7.8CVSS7.3AI score0.0606EPSS
Exploits13References17
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•17 views

Updated varnish packages fix security vulnerability

Updated varnish packages fix security vulnerability: An assert can be triggered in Varnish Cache when using Varnish with a TLS termination proxy, and the proxy and Varnish use the PROXY version 2. The assert will cause Varnish to restart, and the cache will be empty after the restart VSV00005...

3.2AI score
Exploits0References3
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•41 views

Updated bluez packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of...

7.1CVSS5.2AI score0.01033EPSS
Exploits1References6
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•36 views

Updated weechat packages fix security vulnerabilities

Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 0.4.0 to 2.7 are affected. A malformed message 352 who can cause a NULL pointer dereference in the callback function, resulting in a crash CVE-2020-9759. An issue was discovered in WeeChat befor...

9.8CVSS1AI score0.02193EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•84 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.5.14 and fixes at least the following security vulnerabilities: In the Linux kernel 5.3.10, there is a use-after-free read in the perftracelockacquire function related to include/trace/events/lock.h CVE-2019-19769. Manfred Paul discovered that the bpf verifier i...

7.8CVSS0.8AI score0.0606EPSS
Exploits9References6
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•46 views

Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...

10CVSS9.8AI score0.05299EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•37 views

Updated sympa packages fix security vulnerability

Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service disk consumption from temporary files, and a flood of notifications to listmasters via a series of requests with malformed parameters CVE-2020-9369...

7.5CVSS5.4AI score0.02843EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•43 views

Updated nghttp2 packages fix security vulnerability

Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure CVE-2019-18802...

9.8CVSS9AI score0.02457EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•69 views

Updated php packages fix security vulnerability

Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...

8.8CVSS2.6AI score0.04764EPSS
Exploits3References2
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•44 views

Updated chromium-browser-stable packages fix security vulnerability

Multiple flaws were found in the way Chromium 80.0.3987.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2020-6420, CVE-2020-6422, CVE-2020-6424,...

8.8CVSS1.9AI score0.03498EPSS
Exploits7References3
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•47 views

Updated vim packages fix security vulnerability

It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory CVE-2019-20079...

7.8CVSS3AI score0.01894EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•38 views

Updated phpmyadmin packages fix security vulnerability

Some SQL injections via table names and parameters were fixed...

8CVSS5AI score0.02694EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/18 3:27 p.m.•51 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerability: WebKitGTK through 2.26.4 contains a memory corruption issue use-after-free that may lead to arbitrary code execution CVE-2020-10018...

9.8CVSS3AI score0.04987EPSS
Exploits0References3
Mageia
Mageia
•added 2020/03/18 3:27 p.m.•36 views

Updated sleuthkit packages fix security vulnerability

Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c CVE-2020-10232...

9.8CVSS4.3AI score0.02419EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/18 3:27 p.m.•38 views

Updated okular packages fix security vulnerability

Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries CVE-2020-9359...

6.8CVSS4.9AI score0.01452EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/14 8:35 a.m.•53 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: The inputs to sctploadaddressesfrominit are verified by sctparethereunrecognizedparameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk...

9.8CVSS0.1AI score0.03191EPSS
Exploits2References3
Total number of security vulnerabilities6012