Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/02/18 2:5 p.m.•66 views

Updated webkit2 packages fix security vulnerability

webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service CVE-2020-3862. A DOM object context may not have had a unique security origin CVE-2020-3864. A top-level DOM object context may have incorrect...

9.3CVSS2.1AI score0.02633EPSS
Exploits0References4
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•15 views

Updated mutt packages fix security vulnerability

Updated mutt packages fix security vulnerability: Invalid format of RFC parameter passed to atoi function in rfc2231.c could lead to unexpected behavior rhbz1710397, bdo929017...

1.5AI score
Exploits0References3
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•33 views

Updated sphinx packages fix security vulnerability

Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only CVE-2019-14511...

7.5CVSS1.5AI score0.02042EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•54 views

Updated kernel-linus packages fix security vulnerabilities

This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...

10CVSS9AI score0.08667EPSS
Exploits2References22
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•49 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents CVE-2020-6792. When processing an email message with an ill-formed envelope, Thunderbird could read data from a random...

8.8CVSS0.9AI score0.02274EPSS
Exploits1References3
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•60 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memo...

8.8CVSS1.6AI score0.02274EPSS
Exploits0References4
Mageia
Mageia
•added 2020/02/13 10:49 a.m.•38 views

Updated python-waitress packages fix security vulnerabilities

Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...

8.2CVSS0.9AI score0.02714EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/13 10:49 a.m.•29 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code execution in the context of the current user. CVE-2020-3757...

9.3CVSS3AI score0.0978EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/13 10:49 a.m.•43 views

Updated vim and neovim packages fix security vulnerability

Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the :source! command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands whe...

9.3CVSS6.2AI score0.19111EPSS
Exploits5References2
Mageia
Mageia
•added 2020/02/13 10:49 a.m.•34 views

Updated exiv2 packages fix security vulnerability

The updated packages fix a security vulnerability: In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...

7.8CVSS4.2AI score0.04296EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•23 views

Updated mgetty packages fix security vulnerability

Updated mgetty package fixes security vulnerability: mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file CVE-2019-1010189...

5.5CVSS4.5AI score0.00835EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•35 views

Updated spamassassin packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Nefarious rule configuration .cf files can be configured to run system commands with sa-compile. CVE-2020-1930 Nefarious rule configuration .cf files can be configured to run system commands with warnings. CVE-2020-1931...

9.3CVSS2.6AI score0.07053EPSS
Exploits0References5
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•48 views

Updated openslp packages fix security vulnerability

A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...

9.8CVSS3.2AI score0.96823EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•43 views

Updated xmlrpc packages fix security vulnerability

A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrar...

9.8CVSS3.4AI score0.49285EPSS
Exploits2References2
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•45 views

Updated qtbase5 packages fix security vulnerabilities

Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...

7.3CVSS4.2AI score0.00568EPSS
Exploits1References3
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•45 views

Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...

7.8CVSS3.1AI score0.19426EPSS
Exploits13References4
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•59 views

Updated chromium-browser-stable packages fix security vulnerability

Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-13725, CVE-2019-13726, CVE-2019-13727,...

8.8CVSS1.9AI score0.15537EPSS
Exploits7References5
Mageia
Mageia
•added 2020/02/04 11:7 a.m.•86 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.17 and fixes at least the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running lin...

10CVSS8.9AI score0.08667EPSS
Exploits0References7
Mageia
Mageia
•added 2020/02/04 11:7 a.m.•38 views

Updated openjpeg2 packages fix security vulnerability

opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-8112...

8.8CVSS3.5AI score0.03624EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/30 6:28 p.m.•43 views

Updated gdal packages fix security vulnerability

Updated gdal packages fix security vulnerability: Double free vulnerability in OGRExpatRealloc CVE-2019-17545. Also, the gdalinfo command, which had been built incorrectly, has been fixed...

9.8CVSS2AI score0.02577EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/30 6:28 p.m.•44 views

Updated mariadb packages fix security vulnerability

Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequentl...

5.9CVSS6.6AI score0.03485EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/30 6:28 p.m.•68 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

8.1CVSS7.4AI score0.04903EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/30 6:28 p.m.•31 views

Updated openjpeg2 packages fix security vulnerability

Updated openjpeg2 packages fix security vulnerability: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in libopenjp2.so CVE-2020-6851...

7.5CVSS3.7AI score0.04932EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/30 6:28 p.m.•71 views

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...

8.8CVSS8.6AI score0.06937EPSS
Exploits0References8
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•39 views

Updated sysstat packages fix security vulnerability

Updated sysstat package fixes security vulnerability: Double free in checkfileactlst in sacommon.c CVE-2019-19725...

9.8CVSS1.8AI score0.02762EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•19 views

Updated libmp4v2 packages fix security vulnerabilities

Updated libmp4v2 packages fix security vulnerabilities: The libmp4v2 library through version 2.1.0 is vulnerable to an integer underflow when parsing an MP4Atom in mp4atom.cpp. An attacker could exploit this to cause a denial of service via crafted MP4 file CVE-2018-14325. The libmp4v2 library...

9.8CVSS5.4AI score0.02596EPSS
Exploits3References2
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•108 views

Updated python-pip packages fix security vulnerabilities

Updated python-pip packages fix security vulnerabilities: The python-pip package bundles a copy of python-urllib3, which was affected by security issues. The bundled copy was updated to fix these issues CVE-2019-11324, CVE-2019-11236...

7.5CVSS8.5AI score0.02836EPSS
Exploits1References3
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•65 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found CVE-2020-7059, CVE-2020-7060. Other security fixes have been applied: - Session: Fixed bug 79091 heap use-after-free in sessioncreateid. - Date: Fixed bug 79015...

9.1CVSS1.5AI score0.08888EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•73 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8835, CVE-2019-8844, CVE-2019-8846. For other fixes in this update, see the referenced release notes...

9.3CVSS2.6AI score0.02238EPSS
Exploits0References4
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•54 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.0.16 and fixes the following security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in...

8.2CVSS3.5AI score0.00557EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•43 views

Updated mbedtls packages fix security vulnerabilities

This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security vulnerabilities, among which: The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the...

5.3CVSS2.4AI score0.01773EPSS
Exploits0References5
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•64 views

Updated tomcat packages fix security vulnerabilities

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

7.5CVSS2.6AI score0.10687EPSS
Exploits0References6
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•39 views

Updated python-reportlab packages fix security vulnerability

A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution CVE-2019-17626...

9.8CVSS6.4AI score0.10231EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•38 views

Updated ansible package fixes security vulnerabilities

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

7.3CVSS2.7AI score0.00736EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•54 views

Updated samba packages fix security vulnerabilities

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...

6.5CVSS1.7AI score0.03151EPSS
Exploits0References6
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•29 views

Updated libqb packages fix security vulnerability

Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files CVE-2019-12779...

7.1CVSS3.9AI score0.00655EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•16 views

Updated python3 packages fix security vulnerabilities

The python3 package has been updated to version 3.7.6, which fixes security issues and other bugs. See the upstream changelog for details...

3.5AI score
Exploits0References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•32 views

Updated libbsd packages fix security vulnerability

It was discovered that libbsd incorrectly handled certain strings, due to an out-of-bounds read during a comparison for a symbol name from the string table strtab in nlist.c. An attacker could possibly use this issue to access sensitive information CVE-2019-20367...

9.1CVSS1.5AI score0.02805EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•16 views

Updated glpi packages fix security vulnerabilities

The glpi package has been updated to version 9.4.5, fixing several bugs and security issues. See the upstream announcements for details...

3.2AI score
Exploits0References6
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•78 views

Updated c3p0 packages fix security vulnerabilities

An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 CVE-2018-20433. c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading...

9.8CVSS3.9AI score0.04882EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•38 views

Updated gthumb packages fix security vulnerability

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...

7.8CVSS6.9AI score0.02149EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•68 views

Updated libsass packages fix security vulnerabilities

Use-after-free vulnerability in sasscontext.cpp:handleerror CVE-2018-11499. Null pointer dereference in Sass::SelectorList::populateextends CVE-2018-19797. Use-after-free vulnerability exists in the SharedPtr class CVE-2018-19827. Stack overflow in Eval::operator CVE-2018-19837. Stack-overflow at...

9.8CVSS4.2AI score0.04006EPSS
Exploits9References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•36 views

Updated fontforge packages fix security vulnerabilities

FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c CVE-2020-5395 FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c CVE-2020-5496...

8.8CVSS3.4AI score0.02478EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•54 views

Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

7.5CVSS7.7AI score0.04409EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•52 views

Updated libmediainfo packages fix security vulnerabilities

Out-of-bounds read in function MediaInfoLib:FileTagsHelper:SynchedTest CVE-2019-11372. Out-of-bounds read in function FileAnalyze:GetL8 CVE-2019-11373...

6.5CVSS3.2AI score0.02503EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/22 10:37 a.m.•43 views

Updated sox packages fix security vulnerabilities

Updated sox packages fix security vulnerabilities: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357...

5.5CVSS2.1AI score0.01808EPSS
Exploits1References4
Mageia
Mageia
•added 2020/01/22 10:37 a.m.•44 views

Updated ffmpeg packages fix security vulnerabilities

Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several bugs, and atleasst the follwing security vulnerabilities: In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other...

9.8CVSS3.9AI score0.02305EPSS
Exploits0References4
Mageia
Mageia
•added 2020/01/19 10:11 a.m.•17 views

Updated suricata packages fix security vulnerabilities

Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.6, which fixes security issues and other bugs. See the upstream announcements for details...

3.7AI score
Exploits0References3
Mageia
Mageia
•added 2020/01/19 10:11 a.m.•34 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: BT ATT dissector crash CVE-2020-7045...

6.5CVSS1.6AI score0.01457EPSS
Exploits1References4
Mageia
Mageia
•added 2020/01/19 10:11 a.m.•32 views

Updated tigervnc packages fix security vulnerabilities

Updated tigervnc packages fix security vulnerabilities: The tigervnc package has been updated to version 1.10.1 to fix multiple unspecified security issues. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the othe...

7.2CVSS4AI score0.04773EPSS
Exploits5References3
Total number of security vulnerabilities6012