Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2020/01/17 10:16 a.m.•18 views

Updated libjpeg packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. Out-of-bounds write in tjDecompressToYUV2 and tjDecompressToYUVPlanes...

1.7AI score
Exploits0References2
Mageia
Mageia
•added 2020/01/17 10:16 a.m.•47 views

Updated e2fsprogs packages fix security vulnerability

Updated e2fsprogs packages fix security vulnerability: A code execution vulnerability in the directory rehashing functionality CVE-2019-5188. For other fixes in this update, see the referenced release info...

7.5CVSS1.9AI score0.01025EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/17 10:16 a.m.•46 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.12 and fixes at least the following security vulnerabilities: Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between contexts CVE-2019-14615. A heap-based buffer overflow was discovered...

9.8CVSS2.6AI score0.0776EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•58 views

Updated kernel packages fix security vulnerability

This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. CVE-2019-19037 It also fixes various potential...

5.5CVSS0.5AI score0.01886EPSS
Exploits1References10
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•13 views

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick has been updated to fix security issues...

1.9AI score
Exploits0References3
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•17 views

Updated unbound packages fix potential security vulnerabilities

Updated unbound package to version 1.9.6 to fix various potential security vulnerabilities...

4.2AI score
Exploits0References2
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•43 views

Updated makepasswd fix insecure default length of password

Updated makepasswd fix insecure default length of password By default, makepasswd generates password with a length between 6 to 8 characters 48 to 64bits. This update raise the default to 16 characters 128 bits. The length can be changed at runtime with the -l option...

7.5CVSS3.5AI score0.01331EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•87 views

Updated oniguruma packages fix security vulnerabilities

Updated oniguruma packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a...

9.8CVSS4.8AI score0.10539EPSS
Exploits6References6
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•49 views

Updated opencv packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVE-2019-14491 An issue was...

8.2CVSS2.2AI score0.0276EPSS
Exploits3References3
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•24 views

Updated libtomcrypt packages fix security vulnerability

Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data CVE-2019-17362...

9.1CVSS2.6AI score0.03195EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•41 views

Updated phpmyadmin packages fix security vulnerability

Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...

8.8CVSS2.6AI score0.38778EPSS
Exploits4References3
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•15 views

Updated pcsc-lite packages fix security vulnerability

The pcsc-lite package has been updated to version 1.8.26, which fixes a memory leak and other bugs. See the ChangeLog for details...

3.9AI score
Exploits0References3
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•47 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 Type Confusion in XPCVariant.cpp CVE-2019-17017 CSS sanitization does not escape HTML tags CVE-2019-17022 Memory safety bugs fixed in Thunderbird 68.4.1 CVE-2019-17024...

8.8CVSS1.8AI score0.46589EPSS
Exploits8References4
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•35 views

Updated ming packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7866 There is a heap-based buffer overflow ...

8.8CVSS4.3AI score0.0204EPSS
Exploits5References2
Mageia
Mageia
•added 2020/01/09 8:11 p.m.•58 views

Updated firefox packages fix security vulnerability

When pasting a...

8.8CVSS1.6AI score0.46589EPSS
Exploits8References7
Mageia
Mageia
•added 2020/01/07 9:19 p.m.•68 views

Updated opensc packages fix security vulnerability

Updated opensc packages fix security vulnerabilities: sccontextcreate in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv CVE-2019-6502. OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...

7.5CVSS3.2AI score0.02198EPSS
Exploits2References3
Mageia
Mageia
•added 2020/01/07 9:19 p.m.•61 views

Updated radare2 packages fix security vulnerabilities

Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...

7.8CVSS6.1AI score0.04414EPSS
Exploits5References5
Mageia
Mageia
•added 2020/01/07 9:19 p.m.•13 views

Updated varnish packages fix security vulnerability

Updated varnish packages fix security vulnerability: A bug has been discovered in Varnish Cache where we fail to clear a pointer between the handling of one client requests and the next on the same connection. This can under specific circumstances lead to information being leaked from the...

1AI score
Exploits0References4
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•75 views

Updated python-ecdsa packages fix security vulnerabilities

Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service CVE-2019-14853. It was...

9.1CVSS2.2AI score0.02505EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•26 views

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editi...

6.1CVSS5.3AI score0.01564EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated freeimage packages fix security vulnerabilities

The updated packages fix security vulnerabilities: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow...

7.5CVSS1.6AI score0.0421EPSS
Exploits2References3
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•65 views

Updated apache-commons-compress- packages fix security vulnerability

pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being...

7.5CVSS1.1AI score0.16157EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks CVE-2019-19783...

6.5CVSS1.7AI score0.01655EPSS
Exploits0References7
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•82 views

Updated upx packages fix security vulnerability

The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an...

7.8CVSS7.4AI score0.01803EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•25 views

Updated memcached packages fix security vulnerability

Updated memcached packages fix security vulnerability: memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conntostr in memcached.c. CVE-2019-15026 This update adds the ability to recover the cache from disk...

7.5CVSS2.2AI score0.02638EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•39 views

Updated jhead packages fix security vulnerabilities

Updated jhead package fixes security vulnerabilities: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and processSOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file CVE-2019-19035. A vulnerability...

5.5CVSS4.2AI score0.01211EPSS
Exploits3References3
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•55 views

Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956...

7.5CVSS7.8AI score0.05515EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•37 views

Updated openconnect packages fix security vulnerability

Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes CVE-2019-16239...

9.8CVSS1.5AI score0.03445EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•56 views

Updated mozjs60 packages fix security vulnerability

The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox...

10CVSS1.6AI score0.55874EPSS
Exploits14References3
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•42 views

Updated advancecomp packages fix security vulnerability

Updated advancecomp package fixes security vulnerability: An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function advpngunfilter8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Servic...

7.8CVSS4.9AI score0.01247EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•31 views

Updated dia packages fix security vulnerability

Updated dia package fixes security vulnerability: An endless loop on filenames with invalid encoding CVE-2019-19451...

5.5CVSS2.9AI score0.0037EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•48 views

Updated openssl packages fix security vulnerability

Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...

5.3CVSS2.2AI score0.14298EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•73 views

Updated shadowsocks-libev packages fix security vulnerabilities

Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...

7.8CVSS2.6AI score0.02289EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•24 views

Updated igraph packages fix security vulnerability

Updated igraph packages fix security vulnerability: The igraphistrdiff function in igraphtrie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service application crash via a crafted object CVE-2018-20349...

6.5CVSS5.2AI score0.01605EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•50 views

Updated python-werkzeug packages fix security vulnerability

Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id CVE-2019-14806...

7.5CVSS3.5AI score0.02288EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•65 views

Updated putty packages fix security vulnerabilities

Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Vulnerability in all the SSH client tools PuTTY, Plink, PSFTP, and PSCP if a malicious program can impersonate Pageant. Crash in GSSAP...

7.5CVSS0.9AI score0.02248EPSS
Exploits0References4
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•40 views

Updated cyrus-sasl packages fix security vulnerability

Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the sasladdstring function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause...

7.5CVSS7.7AI score0.08036EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•45 views

Updated freeradius packages fix security vulnerabilities

Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...

7.5CVSS1.7AI score0.02168EPSS
Exploits4References4
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated libdwarf packages fix security vulnerability

Updated libdwarf packages fix security vulnerability: dwarfelfloadheaders.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service division by zero via an ELF file with a zero-size section group SHTGROUP, as demonstrated by dwarfdump CVE-2019-14249...

6.5CVSS5.8AI score0.0273EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•29 views

Updated jss packages fix security vulnerability

Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...

7.4CVSS1.8AI score0.00859EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated libextractor packages fix security vulnerability

Updated libextractor packages fix security vulnerability: GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTORdviextractmethod in plugins/dviextractor.c CVE-2019-15531...

6.5CVSS3.1AI score0.01696EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•19 views

Updated clamaw packages fix security issue

The updated packages fix an issue: Wrong permissions on /etc/freshclam.conf prevent freshclam usage with authenticated proxy. rhbz1733112...

2.1AI score
Exploits0References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•29 views

Updated libidn2 packages fix security vulnerabilities

Updated libidn2 packages fix security vulnerabilities: It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains CVE-2019-12290. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly u...

9.8CVSS3.9AI score0.03708EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•32 views

Updated pdfresurrect packages fix security vulnerabilities

Updated pdfresurrect package fixes security vulnerabilities: A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled CVE-2019-14267. An issue was discovered in PDFResurrect before 0.18...

7.8CVSS2.7AI score0.07078EPSS
Exploits5References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•51 views

Updated roundcubemail packages fix security vulnerability

The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237...

7.4CVSS1.7AI score0.00927EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•36 views

Updated hunspell packages fix security vulnerability

Updated hunspell packages fix security vulnerability: Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx CVE-2019-16707...

6.5CVSS1.6AI score0.01656EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•61 views

Updated exiv2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...

6.5CVSS1.6AI score0.02127EPSS
Exploits6References3
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•29 views

Updated xpdf packages fix security vulnerability

The updated packages fix a security vulnerability: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. CVE-2019-17064...

5.5CVSS2.9AI score0.01413EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•16 views

Updated filezilla packages fix security vulnerability

Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. For other fixes in this update,...

3.5AI score
Exploits0References3
Mageia
Mageia
•added 2019/12/25 10:57 p.m.•14 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel. Other fixes added in this update: - x86/MCE/AMD...

0.7AI score
Exploits0References6
Total number of security vulnerabilities6012