Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
added 2019/09/12 7:9 p.m.41 views

Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code execution in the context of the current user. CVE-2019-8069 Use after free that leads to arbitrary code execution in the context of the current user. CVE-2019-8070...

10CVSS3.2AI score0.06054EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/12 7:9 p.m.14 views

Updated links packages fix security vulnerability

Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code...

1.5AI score
Exploits0References2
Mageia
Mageia
added 2019/09/08 2:9 p.m.28 views

Updated dovecot packages fix security vulnerability

Updated dovecot packages fix security vulnerability: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes...

9.8CVSS1.9AI score0.62579EPSS
Exploits1References2
Mageia
Mageia
added 2019/09/08 2:9 p.m.61 views

Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...

7.5CVSS1.3AI score0.72988EPSS
Exploits3References5
Mageia
Mageia
added 2019/09/06 9:9 p.m.44 views

Updated SDL12 packages fix security vulnerability

Updated SDL12 packages fix security vulnerability: SDL Simple DirectMedia Layer through 1.2.15 has a heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c CVE-2019-13616...

8.1CVSS3AI score0.03299EPSS
Exploits1References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.39 views

Updated libgcrypt packages fix security vulnerability

Updated libgcrypt packages fix security vulnerability: ECDSA timing side-channel attack vulnerability CVE-2019-13627...

6.3CVSS2.3AI score0.0051EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.15 views

Updated rdesktop packages fix security vulnerabilities

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service and the execution of arbitrary code...

3.4AI score
Exploits0References1
Mageia
Mageia
added 2019/09/06 9:9 p.m.60 views

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...

9.8CVSS0.8AI score0.03518EPSS
Exploits5References4
Mageia
Mageia
added 2019/09/06 9:9 p.m.26 views

Updated giflib packages fix security vulnerability

Updated giflib packages fix security vulnerability: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c if the height field of the ImageSize data structure is equal to zero CVE-2019-15133...

6.5CVSS1.8AI score0.01542EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.90 views

Updated golang packages fix security vulnerabilities

Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently...

9.8CVSS1.6AI score0.83433EPSS
Exploits2References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.67 views

Updated python-urllib3 packages fix security vulnerability

It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection CVE-2019-11236...

6.1CVSS8.6AI score0.02056EPSS
Exploits1References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.37 views

Updated monit packages fix security vulnerabilities

Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...

8.1CVSS2AI score0.03138EPSS
Exploits2References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.33 views

Updated mercurial packages fix security vulnerability

It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target’s filesystem CVE-2019-3902...

5.9CVSS2.2AI score0.01413EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.63 views

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...

9.8CVSS1.1AI score0.03518EPSS
Exploits7References4
Mageia
Mageia
added 2019/09/06 9:9 p.m.40 views

Updated sigil packages fix security vulnerability

Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem CVE-2019-14452...

7.5CVSS2AI score0.03694EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.28 views

Updated libmspack packages fix security vulnerability

Updated libmspack packages fix security vulnerability: It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information CVE-2019-1010305...

5.5CVSS1.7AI score0.01464EPSS
Exploits1References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.49 views

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer CVE-2018-11782. Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands...

7.5CVSS4AI score0.0344EPSS
Exploits0References3
Mageia
Mageia
added 2019/09/06 9:9 p.m.52 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression CVE-2019-13224. A NULL...

9.8CVSS5.9AI score0.04047EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.63 views

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information CVE-2019-8457. It was discovered that SQLite incorrectly handled certain queries. An attacker could...

9.8CVSS2.6AI score0.45426EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.50 views

Updated irssi packages fix security vulnerability

Updated irssi packages fix security vulnerability: Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP CVE-2019-15717...

9.8CVSS3AI score0.02488EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.78 views

Updated python-urllib3 packages fix security vulnerability

It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts CVE-2018-20060. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacke...

9.8CVSS8.8AI score0.04488EPSS
Exploits1References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.32 views

Updated zstd packages fix security vulnerability

Updated zstd packages fix security vulnerability: It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code CVE-2019-11922...

8.1CVSS2.5AI score0.01424EPSS
Exploits0References1
Mageia
Mageia
added 2019/09/06 9:9 p.m.38 views

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The cod...

8.6CVSS2.3AI score0.04022EPSS
Exploits0References3
Mageia
Mageia
added 2019/09/06 9:9 p.m.35 views

Updated sdl2 packages fix security vulnerabilities

Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7572 a buffer overread in IMAADPCMnibble rhbz1676754 - Fix CVE-2019-7572 a buffer overwrite in IMAADPCMnibble...

8.8CVSS2.8AI score0.03299EPSS
Exploits11References4
Mageia
Mageia
added 2019/09/06 9:9 p.m.66 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve EC cryptography. CVE-2019-2745 Insufficient checks of suppressed exceptions in deserialization. CVE-2019-2762 Unbounded memory allocation during deserialization in Collections. CVE-2019-276...

5.8CVSS6.4AI score0.04351EPSS
Exploits0References3
Mageia
Mageia
added 2019/08/31 1:22 p.m.37 views

Updated pango packages fix security vulnerability

Updated pango package fixes security vulnerability: It was discovered that pango was subject to a heap based buffer overflow vulnerability which could be used to get code execution CVE-2019-1010238...

9.8CVSS1.5AI score0.06274EPSS
Exploits1References3
Mageia
Mageia
added 2019/08/31 1:22 p.m.27 views

Updated wireshark packages fix security vulnerability

Updated wireshark packages fix security vulnerability: ASN.1 BER and related dissectors crash CVE-2019-13619...

7.5CVSS3AI score0.06079EPSS
Exploits1References4
Mageia
Mageia
added 2019/08/31 1:22 p.m.23 views

Updated graphicsmagick packages fix security issues

This is a maintenance and security update fixing various memory leaks, overflows, out-of-memory, heap overwriting and other issues...

2.5AI score
Exploits0References2
Mageia
Mageia
added 2019/08/31 1:22 p.m.33 views

Updated memcached packages fix security vulnerability

AUpdated memcached packages fix security vulnerability: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlrucommand in memcached.c CVE-2019-11596...

7.5CVSS3.9AI score0.02958EPSS
Exploits1References2
Mageia
Mageia
added 2019/08/31 1:22 p.m.42 views

Updated ansible packages fix security vulnerability

Updated ansible package fixes security vulnerability: A flaw was discovered in the way Ansible templating was implemented before version 2.7.12, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the...

5.5CVSS2.8AI score0.01759EPSS
Exploits0References3
Mageia
Mageia
added 2019/08/31 1:22 p.m.33 views

Updated vlc packages fixes security vulnerabilities

Updated vlc packages fixes security vulnerabilities: Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438,...

9.8CVSS4.2AI score0.036EPSS
Exploits1References4
Mageia
Mageia
added 2019/08/31 1:22 p.m.62 views

Updated wpa_supplicant and hostapd packages fix security vulnerability

A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...

5.9CVSS0.9AI score0.03739EPSS
Exploits0References3
Mageia
Mageia
added 2019/08/31 1:22 p.m.50 views

Updated wavpack packages fix security vulnerabilities

Updated wavpack packages fixes security vulnerabilities: Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319...

5.5CVSS2AI score0.01534EPSS
Exploits3References2
Mageia
Mageia
added 2019/08/31 1:22 p.m.17 views

Updated mpg123 packages fix security vulnerability

The mpg123 package has been updated to version 1.25.12, fixing several issues which could cause it to crash or hang while parsing mp3 files...

2.4AI score
Exploits0References2
Mageia
Mageia
added 2019/08/31 1:22 p.m.36 views

Updated wavpack packages fix security vulnerabilities

Updated wavpack packages fixes security vulnerabilities: It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service CVE-2019-11498. Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An...

6.5CVSS2.4AI score0.03044EPSS
Exploits4References3
Mageia
Mageia
added 2019/08/31 1:22 p.m.47 views

Updated ghostscript packages fix security vulnerability

Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate...

7.8CVSS2.3AI score0.02295EPSS
Exploits0References4
Mageia
Mageia
added 2019/08/31 1:22 p.m.32 views

Updated webmin packages fix security vulnerability

Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled CVE-2019-15107. Note that it is only vulnerable if changing of expired passwords is enabled, which is not the case by default...

10CVSS2.7AI score0.99766EPSS
Exploits37References3
Mageia
Mageia
added 2019/08/18 12:39 p.m.39 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

8.8CVSS3.6AI score0.0217EPSS
Exploits0References5
Mageia
Mageia
added 2019/08/18 12:39 p.m.58 views

Updated mythtv packages fix security issues

This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes at least the following issue: The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure CVE-2018-15822. It...

7.5CVSS2.3AI score0.03266EPSS
Exploits0References4
Mageia
Mageia
added 2019/08/18 12:39 p.m.49 views

Updated redis packages fix security vulnerabilities

This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...

7.2CVSS2.4AI score0.26048EPSS
Exploits0References3
Mageia
Mageia
added 2019/08/18 12:39 p.m.64 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise mariadb server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or...

6.5CVSS3.4AI score0.03972EPSS
Exploits0References2
Mageia
Mageia
added 2019/08/18 12:39 p.m.48 views

Updated elfutils packages fix security vulnerabilities

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service CVE-2017-7607, CVE-2017-7608, CVE-2017-7609,...

9.8CVSS6.9AI score0.03691EPSS
Exploits16References4
Mageia
Mageia
added 2019/08/12 9:8 p.m.116 views

Updated kernel packages fix security vulnerabilities

This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An...

5.6CVSS0.9AI score0.04521EPSS
Exploits5References10
Mageia
Mageia
added 2019/08/12 9:8 p.m.89 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre lik...

8.8CVSS0.8AI score0.05649EPSS
Exploits6References7
Mageia
Mageia
added 2019/08/10 12:12 a.m.56 views

Updated php packages fix security vulnerabilities

Updated php packages fixes at least the following security issues: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause ...

7.1CVSS3.1AI score0.0442EPSS
Exploits2References3
Mageia
Mageia
added 2019/08/10 12:12 a.m.36 views

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd package fixes security vulnerability: It was discovered that cyrus-imapd had a buffer overflow in CalDAV request handling triggered by a long iCalendar property name CVE-2019-11356...

9.8CVSS1.9AI score0.07622EPSS
Exploits0References2
Mageia
Mageia
added 2019/08/03 9:18 p.m.15 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 5.1.20 and fixes at least the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory either via grant mappings, or via the foreign mapping...

0.6AI score
Exploits0References6
Mageia
Mageia
added 2019/07/27 4:44 p.m.65 views

Updated virtualbox packages fix security vulnerabilities

OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data CVE-2019-1543. Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows...

8.8CVSS2.6AI score0.05701EPSS
Exploits0References2
Mageia
Mageia
added 2019/07/25 7:53 p.m.31 views

Updated vlc packages fix security vulnerability

VLC 3.0.7 has been released on June 6 including security fixes...

7.1CVSS2.3AI score0.01153EPSS
Exploits1References2
Mageia
Mageia
added 2019/07/21 6:17 p.m.33 views

Updated libreswan packages fix security vulnerability

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects...

3.5CVSS4AI score0.00512EPSS
Exploits0References1
Total number of security vulnerabilities6012