Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2019/12/06 2:15 p.m.•40 views

Updated ansible packages fix security vulnerability

Updated ansible package fixes security vulnerability: Splunk and Sumologic callback plugins leak sensitive data in logs CVE-2019-14864...

6.5CVSS3AI score0.01857EPSS
Exploits1References3
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•46 views

Updated libtiff packages fix security vulnerability

The updated packages fix a security vulnerability: tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition...

8.8CVSS4.6AI score0.03356EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•42 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerability: LibVNC contained a memory leak in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory and bypass ASLR...

7.5CVSS2.8AI score0.03345EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•37 views

Updated sysstat packages fix security vulnerability

Updated sysstat package fixes security vulnerability: Memory corruption due to an integer overflow CVE-2019-16167...

5.5CVSS3.6AI score0.01533EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•20 views

Updated icu packages fix security vulnerability

The updated packages fix a security vulnerability: International Components for Unicode ICU for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString in i18n/numberdecimalquantity.cpp. CVE-2018-18928...

9.8CVSS3.7AI score0.02918EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•55 views

Updated libtasn1 packages fix security vulnerability

Updated libtasn1 packages fix security vulnerability: Denial of service in asn1Parser CVE-2018-1000654...

7.1CVSS6.2AI score0.02008EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•49 views

Updated openjpeg2 packages fix security vulnerability

The updated packages fix a security vulnerability: In OpenJPEG 2.3.1, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616...

5.5CVSS5.2AI score0.02596EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•28 views

Updated clamav packages fix security vulnerability

The updated packages fix two packaging problems and a security vulnerability: A Denial-of-Service DoS vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. CVE-2019-15961 The first packaging issue, in the configuration of...

7.5CVSS1.7AI score0.03135EPSS
Exploits1References3
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•39 views

Updated graphicsmagick packages fix security vulnerability

The updated packages fix a security vulnerability: ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. CVE-2019-16709...

6.5CVSS2.2AI score0.02815EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•52 views

Updated sdl2_image packages fix security vulnerabilities

Updated sdl2image packages fix security vulnerabilities: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially...

8.8CVSS2.3AI score0.04515EPSS
Exploits10References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•80 views

Updated SDL_image packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted imag...

8.8CVSS2.3AI score0.04515EPSS
Exploits11References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•52 views

Updated unbound packages fix security vulnerability

Updated unbound package to version 1.9.5 to fix a potential security vulnerability. In case users recompiled the Mageia package with --enable-ipsecmod, and ipsecmod is enabled and used in the configuration, shell code execution would end up being possible after receiving a specially crafted answe...

7.3CVSS4.7AI score0.03212EPSS
Exploits1References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•40 views

Updated zipios++ packages fix security vulnerability

Updated zipios++ packages fix security vulnerability: Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources CVE-2019-13453...

6.5CVSS2.1AI score0.02026EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•31 views

Updated gnupg2 packages fix security vulnerability

gnupg2 is updated to 2.2.18 and fix security vulnerability: Web of Trust forgeries using collisions in SHA-1 signatures CVE-2019-14855 Note that this change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. This includes all key signature created with dsa1024 keys...

7.5CVSS7.7AI score0.0105EPSS
Exploits1References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•50 views

Updated djvulibre packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...

7.5CVSS3.8AI score0.03667EPSS
Exploits5References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•32 views

Updated httpie packages fix security vulnerability

Updated httpie packages fix security vulnerability: HTTPie is vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or her control...

8.8CVSS1.3AI score0.02045EPSS
Exploits1References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•51 views

Updated python-sqlalchemy packages fix security vulnerabilities

Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the orderby parameter CVE-2019-7164. SQL Injection via the groupby parameter CVE-2019-7548...

9.8CVSS4AI score0.03525EPSS
Exploits3References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•69 views

Updated nginx packages fix security vulnerabilities

Updated nginx packages fix security vulnerabilities: When using HTTP/2 a client might cause excessive memory consumption and CPU usage CVE-2019-9511, CVE-2019-9513, CVE-2019-9516...

7.8CVSS1.7AI score0.82017EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•34 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 78.0.3904.108 fixes security issues: Multiple flaws were found in the way Chromium 78.0.3904.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS2.2AI score0.0149EPSS
Exploits0References3
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•57 views

Updated libreoffice packages fix security vulnerabilities

Updated libreoffice packages fix security vulnerabilities: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphi...

9.8CVSS1.4AI score0.78347EPSS
Exploits6References8
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•53 views

Updated glib2.0 packages fix security vulnerability

The updated packages fix a security vulnerability: filecopyfallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVE-2019-12450...

9.8CVSS2.4AI score0.02602EPSS
Exploits0References4
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•45 views

Updated bzip2 packages fix security vulnerability

The updated packages fix a security vulnerability: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900...

9.8CVSS3.5AI score0.08042EPSS
Exploits0References7
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•34 views

Updated dbus packages fix security vulnerability

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus...

7.1CVSS1.3AI score0.00555EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•52 views

Updated libssh2 packages fix security vulnerability

The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be...

8.1CVSS2.8AI score0.03793EPSS
Exploits1References5
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•65 views

Updated curl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4...

9.8CVSS3AI score0.49739EPSS
Exploits2References8
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•40 views

Updated mosquitto packages fix security vulnerability

Updated mosquitto packages fix security vulnerability: A vulnerability was discovered in mosquitto, allowing a malicious MQTT client to cause a denial of service stack overflow and daemon crash, by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy...

6.5CVSS2.2AI score0.02742EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•77 views

Updated glibc packages fix security vulnerability

Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible...

3.3CVSS1.4AI score0.00409EPSS
Exploits0References1
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•36 views

Updated libjpeg packages fix security vulnerability

The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. CVE-2019-2201...

9.3CVSS3.8AI score0.02461EPSS
Exploits0References4
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•39 views

Updated clamav packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. CVE-2019-12625 BZ2decompress in decompress.c...

9.8CVSS3.1AI score0.08042EPSS
Exploits0References5
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•64 views

Updated microcode packages fix security vulnerabilities

This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for at least the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and a...

6.5CVSS2.3AI score0.03133EPSS
Exploits0References7
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A vulnerability in Server: Optimizer contains an easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in...

6.5CVSS6AI score0.03726EPSS
Exploits0References1
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•46 views

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...

4.4CVSS2.9AI score0.00511EPSS
Exploits1References3
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•33 views

Updated libexif packages fix security vulnerability

The updated packages fix a security vulnerability: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for...

8.8CVSS4.3AI score0.04059EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•87 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...

8.8CVSS3.3AI score0.04521EPSS
Exploits8References15
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•74 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. TSX...

7.8CVSS1.1AI score0.03133EPSS
Exploits0References6
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•31 views

Updated ghostscript packages fix security vulnerability

The updated packages fix a security vulnerability: -dSAFER escape in .charkeys. CVE-2019-14869...

8.8CVSS1.3AI score0.03434EPSS
Exploits0References3
Mageia
Mageia
•added 2019/11/14 5:33 p.m.•21 views

Updated libapreq2 packages fix security vulnerability

Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested "multipart" body is processed...

7.5CVSS3.4AI score0.03941EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•39 views

Updated fribidi packages fix security vulnerability

Updated fribidi packages fix security vulnerability: A stack buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text conten...

7.8CVSS4.7AI score0.02182EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•42 views

Updated cpio packages fix security vulnerabilities

in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive CVE-2015-1197. Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege...

7.3CVSS7.4AI score0.02906EPSS
Exploits5References2
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•36 views

Updated zeromq packages fix security vulnerability

A security vulnerability has been reported in libzmq/zeromq. a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer...

9.8CVSS3.7AI score0.42464EPSS
Exploits1References4
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•61 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to universal cross site scripting CVE-2019-8625, CVE-2019-8674, CVE-2019-8719, CVE-2019-8813 Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8707,...

9.3CVSS1.5AI score0.09543EPSS
Exploits4References7
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•64 views

Updated python-numpy packages fix security vulnerability

Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call CVE-2019-6446...

9.8CVSS7AI score0.17078EPSS
Exploits2References2
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•42 views

Updated unbound packages fix security vulnerability

Updated unbound packages fix security vulnerability: Versions before 1.9.4 allow accesses to uninitialized memory, which would permit remote attackers to trigger a crash CVE-2019-16866...

7.5CVSS5.7AI score0.03506EPSS
Exploits0References1
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•78 views

Updated python packages fix security vulnerabilities

Updated python and python3 packages fix security vulnerabilities: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to...

9.8CVSS1.2AI score0.11844EPSS
Exploits4References5
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•70 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 78.0.3904.87 fixes security issues: Multiple flaws were found in the way Chromium 77.0.3865.120 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS2.2AI score0.72977EPSS
Exploits4References3
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•65 views

Updated proftpd packages fix security vulnerabilities

Updated proftpd package fixes security vulnerabilities: It was discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands CVE-2019-12815. It was discovered that due to incorrect handling of overly long commands, a...

9.8CVSS2.1AI score0.57606EPSS
Exploits1References1
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•66 views

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC...

8.8CVSS8.9AI score0.06643EPSS
Exploits3References5
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•53 views

Updated freetds packages fix security vulnerability

Updated freetds packages fix security vulnerability: Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS2.9AI score0.01781EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•64 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC networking. CVE-2019-11760...

8.8CVSS8.7AI score0.06643EPSS
Exploits3References6
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•45 views

Updated expat packages fix security vulnerability

It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...

7.5CVSS8.3AI score0.06643EPSS
Exploits1References2
Total number of security vulnerabilities6012