Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2019/12/25 10:57 p.m.•14 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel. Other fixes added in this update: - x86/MCE/AMD...

0.7AI score
Exploits0References6
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•39 views

Updated libofx packages fix security vulnerability

Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump CVE-2019-9656...

8.8CVSS2.2AI score0.02141EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•65 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte CVE-2019-11045. Buffer underflow in bcshiftaddsub. CVE-2019-11046 Heap-buffer-overflow READ in exif. CVE-2019-11047 mail may release string with refcount==1 twice. CVE-2019-11049...

9.8CVSS3.8AI score0.08818EPSS
Exploits3References2
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•93 views

Updated apache packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window close...

9.1CVSS0.81466EPSS
Exploits6References5
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•40 views

Updated apache-mod_auth_openidc packages fix security vulnerability

The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon. CVE-2019-14857...

6.1CVSS2.9AI score0.01535EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•59 views

Updated ruby packages fix security vulnerabilities

Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access CVE-2019-15845. It was discovered that Ruby incorrectly handled certain regula...

8.1CVSS1.7AI score0.05128EPSS
Exploits1References7
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•59 views

Updated 389-ds-base packages fix security vulnerabilities

he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make...

7.5CVSS2.6AI score0.08426EPSS
Exploits0References4
Mageia
Mageia
•added 2019/12/24 12:24 p.m.•25 views

Updated ghostpcl packages fix security vulnerabilities

This updates ghostpcl from 9.05 which dates from 2012 February 8 to be at the same version as ghostscript, ie. 9.27 with fixes for known CVEs as like the ones fixed in MGASA-2017-0355, MGASA-2017-0430, MGASA-2018-0142, MGASA-2018-0219, MGASA-2018-0378, MGASA-2018-0408, MGASA-2018-0466,...

3.2AI score
Exploits0References1
Mageia
Mageia
•added 2019/12/24 12:24 p.m.•29 views

Updated spamassassin packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that...

7.5CVSS1.4AI score0.07234EPSS
Exploits0References5
Mageia
Mageia
•added 2019/12/24 12:24 p.m.•36 views

Updated libmirage packages fix security vulnerabilities

Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user CVE-2019-15540. NULL pointer dereference in the NRG parser CVE-2019-15757...

7.8CVSS4.4AI score0.01588EPSS
Exploits2References1
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•35 views

Updated fence-agents packages fix security vulnerability

pdated fence-agents package fixes security vulnerability: Denial of service via guest VM comments CVE-2019-10153...

5CVSS3.4AI score0.02171EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•48 views

Updated htmldoc packages fix security vulnerability

Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang CVE-2019-19630...

7.8CVSS1.3AI score0.01135EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•62 views

Updated freerdp packages fix security vulnerabilities

Updated freerdp packages fix security vulnerabilities: Multiple memory leaks in libfreerdp/codec/region.c CVE-2019-17177. Memory leak in HuffmanTreemakeFromFrequencies CVE-2019-17178...

7.5CVSS1.8AI score0.02689EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•40 views

Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition CVE-2019-14889...

9.3CVSS3.2AI score0.0316EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•25 views

Updated sssd packages fix security vulnerability

The updated packages fix a security vulnerability: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. CVE-2018-16...

5.5CVSS3.2AI score0.01122EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•40 views

Updated flightcrew packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not...

7.8CVSS2AI score0.0163EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•206 views

Updated apache-commons-beanutils packages fix security vulnerability

Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were...

7.5CVSS3.3AI score0.28839EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•51 views

Updated rsyslog packages fix security vulnerabilities

Updated rsyslog packages fix security vulnerabilities: Heap overflow in the parser for AIX log messages CVE-2019-17041. Heap overflow in the parser for Cisco log messages CVE-2019-17042...

9.8CVSS2.6AI score0.04568EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•52 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code CVE-2019-10218. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full passwor...

6.5CVSS1.7AI score0.03515EPSS
Exploits1References4
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•45 views

Updated pacemaker packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was found in the way pacemaker's client-server authenticatio...

8.8CVSS2.8AI score0.01962EPSS
Exploits0References6
Mageia
Mageia
•added 2019/12/15 6:3 p.m.•34 views

Updated dnsmasq packages fix security vulnerability

A vulnerability was found in dnsmsq through version 2.90, where the memory leak allows remote attackers to cause a denial of service memory consumption via vectors involving DHCP response creation. CVE-2019-14834...

4.3CVSS5AI score0.02664EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/15 6:3 p.m.•50 views

Updated git packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. CVE-2019-1348 When submodules are cloned recursively, under certain circumstances Git could...

9.3CVSS7.5AI score0.34007EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/15 6:3 p.m.•61 views

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

8.8CVSS7.1AI score0.01411EPSS
Exploits1References5
Mageia
Mageia
•added 2019/12/15 6:3 p.m.•33 views

Updated libcroco packages fix security vulnerability

Updated libcroco packages fix security vulnerabilities: Heap overflow input: check end of input before reading a byte CVE-2017-7960. Undefined behavior tknzr: support only max long rgb values CVE-2017-7961. Denial of service memory allocation error via a crafted CSS file CVE-2017-8834. Denial of...

7.8CVSS1.5AI score0.12996EPSS
Exploits7References2
Mageia
Mageia
•added 2019/12/15 6:3 p.m.•49 views

Updated libgit2 packages fix security vulnerabilities

libgit2 has been updated to version 0.28.4 to fix several security issues: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. CVE-2019-1348: the fast-import stream command "feature export-marks=path"...

9.3CVSS3.9AI score0.25666EPSS
Exploits0References3
Mageia
Mageia
•added 2019/12/14 12:37 a.m.•86 views

Updated ncurses packages fix security vulnerabilities

Updated ncurses packages fix security vulnerabilities: Heap-based buffer over-read in the ncfindentry function CVE-2019-17594. Heap-based buffer over-read in the fmtentry function CVE-2019-17595...

5.8CVSS6.9AI score0.02034EPSS
Exploits2References2
Mageia
Mageia
•added 2019/12/14 12:37 a.m.•34 views

Updated signing-party packages fix security vulnerability

Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID CVE-2019-11627...

10CVSS3AI score0.02755EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/14 12:37 a.m.•67 views

Updated kernel packages fix security vulnerability

This update provides an update to 5.4 series kernels, currently based on upstream 5.4.2, adding support for new hardware and features, and fixing at least the following security issue: KVM: x86: fix out-of-bounds write in KVMGETEMULATEDCPUID CVE-2019-19332 WireGuard has been updated to...

6.1CVSS0.8AI score0.00679EPSS
Exploits1References4
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•31 views

Updated kdelibs4 packages fix security vulnerability

kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction CVE-2019-14744...

7.8CVSS2.2AI score0.04069EPSS
Exploits1References3
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•14 views

Updated openafs packages fix security vulnerabilities

Update to security-release 1.8.5, adresses: OPENAFS-SA-2019-001: Skip server OUT args on error OPENAFS-SA-2019-002: Zero all server RPC args OPENAFS-SA-2019-003: ubik: Avoid unlocked ubikcurrentTrans deref Update to official version 1.8.4: support Linux-kernel 5.3 Avoid non-dir ENOENT errors in...

4AI score
Exploits0References7
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•33 views

Updated proftpd packages fix security vulnerability

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

4.9CVSS2.7AI score0.01645EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•33 views

Updated wireshark packages fix security vulnerability

Version 3.0.7 fixes the following security vulnerability: CMS dissector crash CVE-2019-19553. This update also brings the Mageia package from version 3.0.4 to 3.0.7...

7.5CVSS4.7AI score0.04128EPSS
Exploits0References8
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•29 views

Updated qbittorrent packages fix security vulnerability

In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...

9.8CVSS6.2AI score0.07913EPSS
Exploits1References3
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•28 views

Updated clementine packages fix security vulnerability

NULL ptr dereference crash in the moodbar pipeline CVE-2019-14332...

7.8CVSS1.7AI score0.01366EPSS
Exploits3References2
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•44 views

Updated jasper packages fix security vulnerabilities

Heap based overflow in jasicctxtdescinput CVE-2018-19540. Heap based overread in jasimagedepalettize CVE-2018-19541...

8.8CVSS1.5AI score0.02802EPSS
Exploits2References2
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•44 views

Updated squid packages fix security vulnerabilities

Potential remote code execution during URN processing CVE-2019-12526. Multiple improper validations in URI processing CVE-2019-12523, CVE-2019-18676. Cross-Site Request Forgery in HTTP Request processing CVE-2019-18677. Incorrect message parsing which could have led to HTTP request splitting issu...

9.8CVSS2.3AI score0.40982EPSS
Exploits0References7
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•38 views

Updated openexr packages fix security vulnerability

The updated packages fix a security vulnerability: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp...

5.5CVSS5.8AI score0.00963EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...

8.8CVSS2.4AI score0.01976EPSS
Exploits3References3
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•49 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...

8.8CVSS2.6AI score0.01976EPSS
Exploits3References3
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•49 views

Updated nss packages fix security vulnerability

Updated nss packages fix security vulnerability: Out-of-bounds write when passing an output buffer smaller than the block size to NSCEncryptUpdate CVE-2019-11745. Also, rootcerts has been updated to 20191126.00...

8.8CVSS2AI score0.02994EPSS
Exploits0References3
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•35 views

Updated lz4 packages fix security vulnerability

Updated lz4 packages fix security vulnerability: Heap-based buffer overflow in LZ4write32 CVE-2019-17543...

8.1CVSS3.4AI score0.09116EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•50 views

Updated evince packages fix security vulnerability

The updated packages fix a security vulnerability: The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented, leading to uninitialized memory use when processing certain TIFF image...

5.5CVSS4.3AI score0.01443EPSS
Exploits0References3
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•37 views

Updated QT stack fix security vulnerability

This update provides the 5.12.6 QT stack maintenance release and fixes the following security issue: An out-of-bounds memory access in the generateDirectionalRuns function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an...

4.3CVSS5.1AI score0.0205EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•30 views

Updated libcryptopp packages fix security vulnerability

The updated packages fix a security vulnerability: Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The iss...

5.9CVSS0.9AI score0.03245EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•40 views

Updated phpmyadmin packages fix security vulnerability

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...

9.8CVSS2.5AI score0.02579EPSS
Exploits0References1
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•56 views

Updated libvpx packages fix security vulnerabilities

Updated libvpx packages fix security vulnerabilities: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary cod...

9.3CVSS3.3AI score0.05392EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•69 views

Updated python-psutil packages fix security vulnerability

Updated python-psutil packages fix security vulnerability: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS2.4AI score0.03522EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•49 views

Updated python-twisted packages fix security vulnerabilities

Updated python-twisted packages fix security vulnerabilities: Improper sanitization of URIs or HTTP which could allow attackers to perform CRLF attacks CVE-2019-12387. In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS,...

7.4CVSS3.4AI score0.02535EPSS
Exploits1References3
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•33 views

Updated tnef packages fix security vulnerability

Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup CVE-2019-18849...

5.5CVSS3.2AI score0.01203EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•59 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...

7.4CVSS0.6AI score0.05701EPSS
Exploits0References5
Total number of security vulnerabilities6012