Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2019/05/12 9:35 a.m.•60 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: The jpcfloorlog2 function in jpcmath.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via unspecified vectors CVE-2016-9398. A denial of service in jp2decode CVE-2018-19542. A denial of service...

7.5CVSS6.1AI score0.05981EPSS
Exploits2References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•50 views

Updated sysstat packages fix security vulnerabilities

Updated sysstat package fix security vulnerabilities: Out-of-bounds read during a memmove call inside the remapstruct function CVE-2018-19416. Out-of-bounds read during a memset call inside the remapstruct function CVE-2018-19517...

10CVSS3.1AI score0.05692EPSS
Exploits2References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•33 views

Updated cronie packages fix security vulnerabilities

Updated cronie packages fix security vulnerabilities: Cronie before 1.5.3 allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked CVE-2019-9704. Cronie before 1.5.3 allows local users to cause a denial of service memory...

5.5CVSS3.8AI score0.00354EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•42 views

Updated mxml packages fix security vulnerabilities

Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml CVE-2018-2000...

8.8CVSS5AI score0.02025EPSS
Exploits4References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•37 views

Updated qt4 packages fix security vulnerability

Updated qt4 packages fix security vulnerability: A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp CVE-2018-19872...

5.5CVSS2.1AI score0.01384EPSS
Exploits1References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•54 views

Updated python packages fix security vulnerability

Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...

9.1CVSS1.3AI score0.11844EPSS
Exploits1References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•32 views

Updated bash packages fix security vulnerability

Updated bash package fixes security vulnerability: A vulnerability in which shell did not prevent user BASHCMDS, allowing the user to execute any command with the permissions of the shell CVE-2019-9924...

7.8CVSS2.5AI score0.00415EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•27 views

Updated svgsalamander packages fix security vulnerability

A vulnerability was found in the svgsalamander library. If the library is being used in a web application for processing user supplied SVG files then the app is vulnerable to SSRF CVE-2017-5617...

7.4CVSS1.5AI score0.01992EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/07 9:38 p.m.•40 views

Updated putty/filezilla/wxgtk packages fix security vulnerability

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification CVE-2019-9894. In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding CVE-2019-9895. Multiple...

9.8CVSS2.5AI score0.03937EPSS
Exploits0References5
Mageia
Mageia
•added 2019/05/07 9:38 p.m.•21 views

Updated libsolv packages fix security vulnerability

It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service CVE-2018-20532-4...

1.7AI score
Exploits0References2
Mageia
Mageia
•added 2019/05/07 9:38 p.m.•51 views

Updated ldb packages fix security vulnerability

Garming Sam reported an out-of-bounds read in the ldbwildcardcompare function of ldb, resulting in denial of service CVE-2019-3824. The ldb package has been updated to version 1.2.4 to fix this issue. The sssd and samba packages have been rebuilt against the updated ldb. If a user was configured...

6.5CVSS1.8AI score0.02821EPSS
Exploits0References4
Mageia
Mageia
•added 2019/05/07 9:38 p.m.•85 views

Updated java-1.8.0-openjdk packages fix security vulnerability

The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID. CVE-2019-2698 Slow conversion of BigDecimal to long. CVE-2019-2602 Incorrect skeleton selection in RMI registry server-side dispatch handling. CVE-2019-2684...

8.1CVSS7.6AI score0.37618EPSS
Exploits1References3
Mageia
Mageia
•added 2019/05/04 8:13 p.m.•147 views

Virtualbox 6.0.6 fixes security vulnerabilities

This update provides an update to the new Virtualbox 6.0 branch, currently 6.0.6. It also fixes the following security issues. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...

8.8CVSS3.1AI score0.02231EPSS
Exploits2References3
Mageia
Mageia
•added 2019/04/10 10:46 p.m.•29 views

Updated gpsd packages fix security vulnerability

A stack-based buffer overflow flaw was found in gpsd versions 2.90 to 3.17. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash CVE-2018-17937...

8.8CVSS6.4AI score0.02656EPSS
Exploits0References2
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•70 views

Updated python packages fix security vulnerability

A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization could lead to an Information Disclosure credentials, cookies, etc. that are cached against a given hostname in the urllib.parse.urlsplit,...

9.8CVSS2.3AI score0.08811EPSS
Exploits0References2
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•34 views

Updated gpac packages fix security vulnerability

It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...

9.8CVSS3.8AI score0.02521EPSS
Exploits5References2
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•32 views

Updated koji packages fix security vulnerability

Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection bugs. By passing carefully constructed arguments to these calls, an unauthenticated user can issue arbitrary SQL commands to Koji’s database. This gives the attacker broad ability to manipulate or destroy data CVE-2018-1002161...

2.5AI score
Exploits0References3
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•47 views

Updated mariadb packages fix security vulnerability

Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Optimizer. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized...

6.5CVSS2.6AI score0.0461EPSS
Exploits0References3
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•35 views

Updated mumble packages fix security vulnerability

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service CVE-2018-20743...

7.5CVSS1.9AI score0.03625EPSS
Exploits0References3
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•39 views

Updated flash-player-plugin packages fix security vulnerability

An out-of-bounds read that leads to information disclosure. CVE-2019-7108 A use after free that leads to arbitrary code execution. CVE-2019-7096...

10CVSS2.6AI score0.06376EPSS
Exploits0References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•54 views

Updated libssh2 packages fix security vulnerability

Possible integer overflow in transport read allows out-of-bounds write. CVE-2019-3855 Possible integer overflow in keyboard interactive handling allows out-of-bounds write. CVE-2019-3856 Possible integer overflow leading to zero-byte allocation and out-of-bounds write. CVE-2019-3857 Possible...

9.3CVSS3.2AI score0.09219EPSS
Exploits0References3
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•38 views

Updated squirrelmail packages fix security vulnerability

Updated squirellmail packages to fix a XSS-security issue...

6.1CVSS2AI score0.01426EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•37 views

Updated libvirt packages fix security vulnerability

NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. CVE-2019-3840...

6.3CVSS3.2AI score0.0151EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•48 views

Updated python3 packages fix security vulnerability

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

9.8CVSS1.4AI score0.20743EPSS
Exploits2References4
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•43 views

Updated ntp packages fix security vulnerability

A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. CVE-2019-8936...

7.5CVSS3.1AI score0.05726EPSS
Exploits2References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•16 views

Updated wget packages fix security vulnerability

Wget 1.20.3 fixes buffer overflow vulnerability...

3.2AI score
Exploits0References3
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•36 views

Updated dovecot packages fix security vulnerability

CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files...

8.8CVSS3.1AI score0.01178EPSS
Exploits0References3
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•36 views

Updated ming packages fix security vulnerability

The printDefineFont2 function util/listfdb.c in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. CVE-2018-6358 There is a heap-based buffer overflow in the getString...

8.8CVSS4AI score0.01884EPSS
Exploits6References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•41 views

Updated imagemagick packages fix security vulnerability

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. CVE-2019-10649 In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage o...

8.1CVSS4.7AI score0.04092EPSS
Exploits2References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•51 views

Updated ghostscript packages fix security vulnerability

It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3835 It was found that the forceput operator...

7.3CVSS1.2AI score0.02642EPSS
Exploits0References3
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•39 views

Updated python-yaml packages fix security vulnerability

It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...

9.8CVSS3.5AI score0.06031EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•30 views

Updated gnutls packages fix security vulnerability

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVE-2019-3829...

7.5CVSS3.7AI score0.58969EPSS
Exploits1References4
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•50 views

Updated firefox packages fix security vulnerability

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow CVE-2019-9810. Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and...

8.8CVSS2.8AI score0.29514EPSS
Exploits13References3
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•44 views

Updated libjpeg packages fix security vulnerability

get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries...

6.5CVSS5.2AI score0.03104EPSS
Exploits1References3
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•28 views

Updated cfitsio packages fix security vulnerability

CVE-2018-3846: Unsafe use of sprintf can allow a remote unauthenticated attacker to execute arbitrary code CVE-2018-3848: Stack-based buffer overflow in ffghbn allows for potential code execution CVE-2018-3849: Stack-based buffer overflow in ffghtb allows for potential code execution...

8.8CVSS5AI score0.04034EPSS
Exploits3References4
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•33 views

Updated advancecomp packages fix security vulnerability

advancecomp has been updated to fix a security issue that could be triggered when pressented with a malformed PNG file. advancecomp contained an integer overflow upon encountering an invalid PNG size, which could result in a buffer overflow CVE-2019-9210, as well as a heap-based buffer over-read...

7.8CVSS3.1AI score0.01424EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•61 views

Updated thunderbird packages fix security vulnerability

Use-after-free when removing in-use DOM elements. CVE-2019-9790 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey. CVE-2019-9791 IonMonkey leaks JSOPTIMIZEDOUT magic value to script. CVE-2019-9792 Improper bounds checks when Spectre mitigations are...

9.8CVSS2AI score0.29514EPSS
Exploits24References6
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•54 views

Updated ruby-ox packages fix security vulnerability

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parseobj CVE-2017-15928. Also, the package was broken and has been fixed to function properly...

7.5CVSS2.5AI score0.01713EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•53 views

Updated SDL12 packages fix security vulnerability

This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7577 a buffer overread in MSADPCMdecode rhbz1676510 - Fix CVE-2019-7575 a buffer overwrite in MSADPCMdecode rhbz1676744 - Fix CVE-2019-7574 a buffer overread in...

8.8CVSS3.3AI score0.03299EPSS
Exploits8References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•32 views

Updated ocaml packages fix security vulnerability

The camlbadeserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrar...

9.8CVSS7.1AI score0.04216EPSS
Exploits0References4
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•50 views

Updated libpng packages fix security vulnerability

pngimagefree in png.c in libpng 1.6.0 up to 1.6.36 had a use-after-free because pngimagefreefunction is called under pngsafeexecute CVE-2019-7317...

5.3CVSS2.1AI score0.09393EPSS
Exploits3References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•41 views

Updated live, mplayer, vlc packages fix security vulnerability

The updated live, mplayer, vlc packages fix security vulnerabilities: liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash Segmentation fault...

9.8CVSS2.1AI score0.03192EPSS
Exploits0References4
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•37 views

Updated pdns packages fix security vulnerability

Updated pdns packages fix security vulnerability: An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode without post=1 set, allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured...

8.8CVSS2AI score0.1286EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•49 views

Updated file packages fix security vulnerabilities

The updated file packages fix security vulnerabilities: docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 docorenote in readelf.c in libmagic.a in file 5.35 allows remote...

8.8CVSS7.4AI score0.03465EPSS
Exploits2References6
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•51 views

Updated poppler packages fix security vulnerabilities

The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data...

8.8CVSS2.3AI score0.03473EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•35 views

Updated openjpeg2 packages fix security vulnerability

Updated openjpeg2 packages fix security vulnerability: Division-by-zero vulnerabilities in the functions pinextpcrl, pinextcprl, and pinextrpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service CVE-2018-14423...

7.5CVSS5.4AI score0.03218EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•80 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.106 and fixes at least the following security issue: In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on...

5.5CVSS1.3AI score0.05667EPSS
Exploits6References3
Mageia
Mageia
•added 2019/03/21 4:36 p.m.•44 views

Updated ImageMagick/GraphicsMagick packages fix security vulnerability

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. CVE-2019-7397...

7.5CVSS2.2AI score0.03802EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/21 4:36 p.m.•45 views

Updated ansible packages fix security vulnerability

The user module leaked parameters passed to ssh-keygen to the process environment CVE-2018-16837. The fetch module was susceptible to path traversal CVE-2019-3828...

4.2CVSS2.9AI score0.00522EPSS
Exploits0References2
Mageia
Mageia
•added 2019/03/21 4:36 p.m.•59 views

Updated firefox packages fix security vulnerability

Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...

9.8CVSS1.5AI score0.19762EPSS
Exploits11References4
Total number of security vulnerabilities6012