Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2019/03/15 4:56 p.m.•54 views

Updated ikiwiki packages fix security vulnerability

Several security issues identified in ikiwiki fixed by updating to version 3.20190228. See references for details...

9.8CVSS3.8AI score0.03461EPSS
Exploits1References6
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•57 views

Updated apache packages fix security vulnerability

By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections in Apache HTTP Server versions 2.4.37 and prior CVE-2018-17189. In Apache HTTP Serv...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References3
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•38 views

Updated hiawatha packages fix security vulnerability

Verison 10.8.4 fixed a vulnerability which allowed a remote atacker to perform directory traversal when AllowDotFiles was enabled CVE-2019-8358...

8.1CVSS5.6AI score0.01499EPSS
Exploits0References2
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•41 views

Updated gnupg2 packages fix security vulnerability

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...

8.8CVSS4.4AI score0.01041EPSS
Exploits1References3
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•46 views

Updated rsyslog packages fix security vulnerability

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash CVE-2018-16881...

7.5CVSS4.2AI score0.02238EPSS
Exploits0References2
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•25 views

Updated gnome-keyring packages fix security vulnerability

It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials CVE-2018-20781...

7.8CVSS2.7AI score0.01483EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/13 8:41 p.m.•57 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.104 and fixes at least the following security issue: Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware...

7.7CVSS6.6AI score0.039EPSS
Exploits0References5
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•43 views

Updated nagios packages fix security vulnerability

A flaw was found in Nagios Core version 4.4.1 and earlier. The qhhelp function is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket CVE-2018-13441. A flaw was found in...

5.5CVSS2.7AI score0.0451EPSS
Exploits8References2
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•61 views

Updated openssl packages fix security vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS1.8AI score0.17139EPSS
Exploits0References2
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•49 views

Updated gnutls packages fix security vulnerability

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.6CVSS2.8AI score0.00573EPSS
Exploits0References2
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•37 views

Updated python-gnupg packages fix security vulnerability

When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...

7.5CVSS2.6AI score0.08548EPSS
Exploits2References2
Mageia
Mageia
•added 2019/02/22 1:8 a.m.•44 views

Updated spice-gtk packages fix security vulnerability

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

10CVSS3.8AI score0.05544EPSS
Exploits0References6
Mageia
Mageia
•added 2019/02/22 1:8 a.m.•53 views

Updated libreoffice packages fix security vulnerability

Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document CVE-2018-16858. The libreoffice package has been updated to version 6.1.5.2, fixing this issue, and including several other bug fixes and...

9.8CVSS1.6AI score0.67321EPSS
Exploits10References3
Mageia
Mageia
•added 2019/02/22 12:35 a.m.•43 views

Updated libtiff packages fix security vulnerability

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tifdirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file...

6.5CVSS5.4AI score0.03372EPSS
Exploits1References3
Mageia
Mageia
•added 2019/02/22 12:35 a.m.•42 views

Updated spice packages fix security vulnerability

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 A vulnerability was discovered in SPICE before versio...

8.8CVSS3.6AI score0.03934EPSS
Exploits0References8
Mageia
Mageia
•added 2019/02/20 11:50 p.m.•68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...

8.8CVSS0.16523EPSS
Exploits10References23
Mageia
Mageia
•added 2019/02/20 11:50 p.m.•75 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.100 and fixes at least the following security issues: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error...

8.8CVSS0.5AI score0.16523EPSS
Exploits5References12
Mageia
Mageia
•added 2019/02/20 10:18 p.m.•33 views

Updated libexif packages fix security vulnerability

It was found that specially crafted XIFIFDINTEROPERABILITY and EXIFIFDEXIF tags could be used for a denial of service CVE-2018-20030...

7.8CVSS2.7AI score0.03798EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/20 10:18 p.m.•50 views

Updated tcpreplay packages fix security vulnerability

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

9.8CVSS2.2AI score0.02254EPSS
Exploits4References2
Mageia
Mageia
•added 2019/02/20 10:18 p.m.•45 views

Updated zziplib packages fix security vulnerability

In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzipdiskfread function zzip/mmapped.c because the size variable is not validated against the amount of file-stored data CVE-2018-6381. An unaligned memory access bug was found in the way ZZIPlib handled ZIP...

6.5CVSS3.1AI score0.02854EPSS
Exploits11References9
Mageia
Mageia
•added 2019/02/20 10:18 p.m.•26 views

Updated giflib packages fix security vulnerability

Null dereferences in main of gifclrmp. Heap Buffer Overflow-2 in function DGifDecompressLine in cgif.c. CVE-2018-11490 Segmentation fault in PrintCodeBlock. Segmentation fault of giftool reading a crafted file. Floating point exception in giftext utility. Heap buffer overflow in DumpScreen2RGB in...

8.8CVSS2.2AI score0.02479EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/20 8:56 p.m.•43 views

Updated poppler packages fix security vulnerability

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. CVE-2018-18897 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of...

7.8CVSS5.3AI score0.03422EPSS
Exploits4References6
Mageia
Mageia
•added 2019/02/20 8:56 p.m.•32 views

Updated irssi packages fix security vulnerability

It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code CVE-2019-5882...

9.8CVSS4.9AI score0.02543EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/17 5:17 p.m.•36 views

Updated flash-player-plugin packages fix security vulnerability

Information disclosure in the context of the current user. CVE-2019-7090...

6.5CVSS1.5AI score0.04795EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/17 5:17 p.m.•44 views

Updated firefox packages fix security vulnerability

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash CVE-2018-18356. An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash CVE-2019-57...

8.8CVSS3.7AI score0.0313EPSS
Exploits0References3
Mageia
Mageia
•added 2019/02/17 5:17 p.m.•57 views

Updated thunderbird packages fix security vulnerability

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. CVE-2018-18356 An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash...

8.8CVSS2.9AI score0.03724EPSS
Exploits0References3
Mageia
Mageia
•added 2019/02/17 12:31 a.m.•35 views

Updated lxc packages fix security vulnerability

LXC allows attackers to overwrite the host LXC binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker...

9.3CVSS4.5AI score0.9857EPSS
Exploits33References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•41 views

Updated dom4j packages fix security vulnerability

dom4j version prior to version 2.1.1 contains an XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appears to be exploitable via an attacker specifying attributes or...

7.5CVSS5.1AI score0.0657EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•37 views

Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS6.6AI score0.07501EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•47 views

Updated libwmf packages fix security vulnerability

The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected. CVE-2019-6978...

9.8CVSS2AI score0.04416EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•17 views

Updated kauth packages fix security vulnerability

KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins...

3.8AI score
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•35 views

Updated avahi packages fix security vulnerability

It was found that avahi responds to unicast queries coming from outside of local network which may cause an information leak, such as disclosing the device type/model that responds to the request or the operating system. The mDNS response may also be used to amplify denial of service attacks...

9.1CVSS2.4AI score0.03082EPSS
Exploits1References3
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•52 views

Updated python packages fix security vulnerability

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted...

7.5CVSS3.9AI score0.20743EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•15 views

Updated radvd packages fix security vulnerability

A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd rhbz1669297...

1.6AI score
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•33 views

Updated python-django packages fix security vulnerability

If django.utils.numberformat.format -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ':f'.format CVE-2019-6975...

7.5CVSS2.6AI score0.05399EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•30 views

Updated mad packages fix security vulnerability

The maddecoderrun function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file CVE-2017-11552. The maddecoderrun function in decoder.c in Underbit libmad through 0.15.1b allows attackers to cause a denial of service SIGABRT...

9.8CVSS6.1AI score0.0656EPSS
Exploits4References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•28 views

Updated gvfs packages fix security vulnerability

The backend currently allows to access and modify files without prompting for password if any polkit authentication agent isn't available. This affects only users which belong to wheel group i.e. those who are already allowed to use sudo. It doesn't allow privilege escalation for users, who don't...

7CVSS4.2AI score0.00368EPSS
Exploits0References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•54 views

Updated golang packages fix security vulnerability

Remote code execution in go get, when executed with the -u flag CVE-2018-16873. An arbitrary filesystem write in go get, which could lead to code execution CVE-2018-16874. Denial of Service in the crypto/x509 package during certificate chain validation CVE-2018-16875. Go before 1.11.5 mishandles...

8.2CVSS4.2AI score0.66252EPSS
Exploits0References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•40 views

Updated libarchive packages fix security vulnerability

libarchive contains an out-of-bounds read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be exploitable via the victim opening a specially crafted 7zip file CVE-2019-1000019. libarchive contains...

6.5CVSS4.5AI score0.03407EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•83 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

6.5CVSS7AI score0.05074EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•31 views

Updated transfig packages fix security vulnerability

It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code CVE-2018-16140...

7.8CVSS2.4AI score0.01381EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•49 views

Updated libvncserver packages fix security vulnerability

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c CVE-2018-20750...

9.8CVSS1.7AI score0.03335EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•44 views

Updated docker packages fix security vulnerability

Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go CVE-2018-20699...

4.9CVSS5.7AI score0.02231EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•49 views

Updated openssh packages fix security vulnerability

In OpenSSH, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename CVE-2018-20685...

5.3CVSS5AI score0.03681EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•64 views

Updated jruby packages fix security vulnerability

Several vulnerabilities were discovered in jruby. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code CVE-2018-1000073, CVE-2018-1000074,...

9.8CVSS3.1AI score0.05076EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•35 views

Updated libtiff packages fix security vulnerability

The TIFFFdOpen function in tifunix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. CVE-2019-6128...

8.8CVSS3.1AI score0.03869EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•42 views

Updated dovecot packages fix security vulnerability

CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field sslcertusernamefield, under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing...

7.7CVSS4AI score0.02462EPSS
Exploits1References4
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•50 views

Updated opencontainers-runc packages fix security vulnerability

Not using pivotroot2 leaves the host /proc around in the mount namespace so that it is possible to mount another /proc without any other submount, even if /proc in the container is not fully visible. This flaw allows an attacker to read and modify some parts of the Linux kernel memory rhbz1663068...

9.3CVSS5AI score0.9857EPSS
Exploits33References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•29 views

Updated cinnamon packages fix security vulnerability

A flaw was found in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face locatio...

8.1CVSS4.5AI score0.02201EPSS
Exploits0References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•30 views

Updated python-marshmallow packages fix security vulnerability

In the marshmallow library before 2.15.1 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the "only" option, and there...

5.3CVSS3.3AI score0.01858EPSS
Exploits0References2
Total number of security vulnerabilities6012