Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2019/02/13 11:8 a.m.•50 views

Updated opencontainers-runc packages fix security vulnerability

Not using pivotroot2 leaves the host /proc around in the mount namespace so that it is possible to mount another /proc without any other submount, even if /proc in the container is not fully visible. This flaw allows an attacker to read and modify some parts of the Linux kernel memory rhbz1663068...

9.3CVSS5AI score0.9857EPSS
Exploits33References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•53 views

Updated golang packages fix security vulnerability

Remote code execution in go get, when executed with the -u flag CVE-2018-16873. An arbitrary filesystem write in go get, which could lead to code execution CVE-2018-16874. Denial of Service in the crypto/x509 package during certificate chain validation CVE-2018-16875. Go before 1.11.5 mishandles...

8.2CVSS4.2AI score0.66252EPSS
Exploits0References3
Mageia
Mageia
•added 2019/02/03 7:36 p.m.•39 views

Updated firefox packages fix security vulnerabilities

Use-after-free parsing HTML5 stream CVE-2018-18500. Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 CVE-2018-18501. Privilege escalation through IPC channel messages CVE-2018-18505...

10CVSS3.2AI score0.12658EPSS
Exploits1References5
Mageia
Mageia
•added 2019/02/03 7:36 p.m.•36 views

Updated netatalk packages fix security vulnerability

Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, allowing an unauthenticated user to execute arbitrary code with root privileges CVE-2018-1160...

10CVSS3.3AI score0.86539EPSS
Exploits10References3
Mageia
Mageia
•added 2019/01/31 10:55 p.m.•37 views

Updated gitolite packages fixes security vulnerability

In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P CVE-2018-20683...

8.1CVSS5.3AI score0.02009EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/31 10:55 p.m.•37 views

Updated libvorbis packages fix security vulnerabilities

The vorbis library version 1.3.6 fix security vulnerabilities: - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbisblockclear function in lib/block.c - CVE-2017-11333 libvorbis: Memory exhaustion in vorbisanalysiswrote function in lib/block.c...

5.5CVSS3.7AI score0.04838EPSS
Exploits3References4
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•37 views

Updated bluez packages fix security vulnerability

A buffer overflow in pincodereplydump function CVE-2016-9800. A buffer overflow in setextctrl function CVE-2016-9801. A buffer overflow in commandsdump function CVE-2016-9804...

5.3CVSS4AI score0.02923EPSS
Exploits3References3
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•13 views

Updated php-tcpdf packages fix security vulnerabilities

- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. - Merge various fixes for PHP 7.3 compatibility and security...

2.6AI score
Exploits0References2
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•41 views

Updated ghostscript packages fix a security vulnerability

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...

7.8CVSS2.3AI score0.43901EPSS
Exploits2References4
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•39 views

Updated zeromq packages fix security vulnerability

CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow...

9CVSS3.8AI score0.09444EPSS
Exploits2References1
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•14 views

Updated phpmyadmin packages fix security vulnerabilities

- Possible SQL injection in Designer feature - When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access...

3.6AI score
Exploits0References3
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•118 views

Updated virtualbox packages fix security vulnerabilities

Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM...

8.8CVSS3.1AI score0.04255EPSS
Exploits2References5
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•39 views

Updated perl-Email-Address package fixes security vulnerability

The parse method in the Email::Address module through 1.912 for Perl can consume a large amount of resources on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f" CVE-2018-12558...

7.5CVSS4.6AI score0.0265EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•38 views

Updated php-pear-HTML_QuickForm package fixes security vulnerability

A vulnerability in the HTMLQuickForm package has been found which potentially allows remote code execution...

9.8CVSS4.2AI score0.02209EPSS
Exploits0References1
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•47 views

Updated wavpack packages fix security vulnerabilities

Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service CVE-2018-6767. It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cau...

7.8CVSS2.6AI score0.09905EPSS
Exploits10References5
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•29 views

Updated libcaca packages fix security vulnerabilities

It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service CVE-2018-20544. It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS2.4AI score0.02389EPSS
Exploits6References2
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•64 views

Updated podofo packages fix security vulnerabilities

The podofo package has been updated to fix several security issues...

8.8CVSS2AI score0.02359EPSS
Exploits9References5
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•28 views

Updated libmp4v2 packages fix security vulnerability

This release address a potential security issue in libmp4v2 for Mageia 6: CVE-2018-14054: libmp4v2: Double free in the MP4StringProperty class in mp4property.cpp...

9.8CVSS2.3AI score0.02596EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•65 views

Updated libxml2 packages fix security vulnerabilities

A flaw was found in libxml2 2.9.8. The xzdecomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint CVE-2018-9251, CVE-2018-14567. A null pointer...

7.5CVSS3.3AI score0.043EPSS
Exploits1References3
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•34 views

Updated pdns-recursor package fixes security vulnerabilities

An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua CVE-2019-3806. An issue has been found in PowerDNS Recursor where records in the...

9.8CVSS4AI score0.0146EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/20 12:2 a.m.•42 views

Updated libssh packages fix security vulnerability

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could successfully...

9.1CVSS5AI score0.91789EPSS
Exploits11References4
Mageia
Mageia
•added 2019/01/18 10:19 p.m.•11 views

Updated php packages fix security vulnerabilities

Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed...

2.7AI score
Exploits0References13
Mageia
Mageia
•added 2019/01/18 10:19 p.m.•33 views

Updated python-django16 package fixes security vulnerability

It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL CVE-2019-3498...

6.5CVSS2.3AI score0.03685EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/18 10:19 p.m.•31 views

Updated rdesktop package fixes security vulnerabilities

rdesktop has been updated to fix multiple CVE's. Fix memory corruption in processbitmapdata - CVE-2018-8794 Fix remote code execution in processbitmapdata - CVE-2018-8795 Fix remote code execution in processplane - CVE-2018-8797 Fix Denial of Service in mcsrecvconnectresponse - CVE-2018-20175 Fix...

9.8CVSS7.4AI score0.08214EPSS
Exploits9References2
Mageia
Mageia
•added 2019/01/17 11:51 p.m.•41 views

Updated gthumb packages fix security vulnerability

An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the addthemesfromdir method in dlg-contact-sheet.c because of two successive calls of gfree, each of which frees the same buffer. CVE-2018-18718...

7.8CVSS2.3AI score0.00411EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/15 10:15 p.m.•45 views

Updated nss packages fix security vulnerability

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys CVE-2018-0495...

4.7CVSS2.6AI score0.00887EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/15 10:15 p.m.•26 views

Updated aria2 package fixes security vulnerability

It was observed that URL's which gets downloaded via "--log=" attribute stores sensitive information. This update fixes that...

7.8CVSS4.1AI score0.00351EPSS
Exploits1References1
Mageia
Mageia
•added 2019/01/15 10:15 p.m.•53 views

Updated libvncserver & x11vnc packages fix security vulnerabilities

A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity CVE-2018-6307. A heap use-after-free vulnerability in the server code of the file transfer extension,...

9.8CVSS2.2AI score0.26543EPSS
Exploits0References6
Mageia
Mageia
•added 2019/01/11 9:7 p.m.•45 views

Updated spice-vdagent package fixes security vulnerability

Improperly escaped save directory that is passed to the shell allows local attacker with access to the session the agent runs to inject arbitrary commands to be executed CVE-2017-15108...

7.8CVSS4AI score0.00419EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/11 9:7 p.m.•37 views

Updated python-django packages fix security vulnerability

An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the...

6.5CVSS2.2AI score0.03685EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/11 9:7 p.m.•42 views

GNU tar has been updated to fix CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

4.7CVSS3.6AI score0.00526EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/11 9:7 p.m.•52 views

Updated graphicsmagick packages fix security vulnerabilities

It was discovered that graphicsmagick was subject to vulnerabilities. heap-based buffer overflow in the WriteTGAImage function of tga.c CVE-2018-20184. denial of service vulnerability in ReadDIBImage function of coders/dib.c CVE-2018-20189. heap-based buffer over-read in the ReadBMPImage function...

6.5CVSS6.8AI score0.02307EPSS
Exploits3References3
Mageia
Mageia
•added 2019/01/11 5:54 a.m.•59 views

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

7.8CVSS2.9AI score0.02654EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/11 5:54 a.m.•42 views

Updated libarchive packages fix security vulnerabilities

readheader in archivereadsupportformatrar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archivereadformatrarreadheader CVE-2017-14502. Multiple security issues were found in libarchive: Processing malformed RAR archive...

8.8CVSS4.1AI score0.04575EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/10 10:53 a.m.•34 views

Updated mbedtls packages fix security vulnerability

A vulnerability was found in mbedTLS which allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-ECDHE cipher suites CVE-2018-19608...

4.7CVSS4.6AI score0.00336EPSS
Exploits0References5
Mageia
Mageia
•added 2019/01/10 10:53 a.m.•46 views

Updated live, ffmpeg, mplayer, and vlc packages fix security vulnerabilities

A bug in the server implementation of RTSP-over-HTTP in live could allow a denial-of-service attack. A bug in the server implementation of RTSP-over-HTTP could allow a buffer overflow, which could result in the execution of arbitrary code when parsing a malformed RTSP stream CVE-2018-4013. The...

10CVSS5AI score0.09487EPSS
Exploits3References4
Mageia
Mageia
•added 2019/01/10 10:53 a.m.•37 views

Updated krb5 packages fix security vulnerability

An authenticated user who can obtain a TGT using an older encryption type DES, DES3, or RC4 can cause an assertion failure in the KDC by sending an S4U2Self request CVE-2018-20217...

5.3CVSS1.7AI score0.01417EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•39 views

Updated openafs packages fix security vulnerabilities

Jeffrey Altman reported that the backup tape controller butc process does accept incoming RPCs but does not require or allow for authentication of those RPCs, allowing an unauthenticated attacker to perform volume operations with administrator credentials CVE-2018-16947. Mark Vitale reported that...

9.8CVSS2.2AI score0.03075EPSS
Exploits0References6
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•35 views

Updated opensc packages fix security vulnerabilities

Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.8CVSS3.2AI score0.00692EPSS
Exploits12References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•60 views

Updated ansible package fixes security vulnerability

It was found that when a retry task in ansible run with -vvv fails, it will log the raw return code, stdout and stderr from ssh which could have contained sensitive data CVE-2018-16876...

5.3CVSS2AI score0.02462EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•18 views

Updated avidemux packages fix security vulnerabilities

The avidemux package has been updated to version 2.7.1. Avidemux includes a bundled copy of the ffmpeg libraries, which have been updated from version 3.3.3 to version 3.3.9, fixing several security issues and other bugs...

4.4AI score
Exploits0References3
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•30 views

Updated discount packages fix security vulnerabilities

The mkdtrimline function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted file CVE-2018-11468. DISCOUNT through version 2.2.3a is vulnerable to a Heap-based buffer-overflow in the markdown.c:isfootnote...

5.5CVSS6.2AI score0.01785EPSS
Exploits2References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•42 views

Updated coreutils packages fix security vulnerabilities

A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions chown and chgrp do not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition...

8.8CVSS3.4AI score0.02515EPSS
Exploits2References5
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•40 views

Updated nettle packages fix security vulnerability

A leaky data conversion exposing a manager oracle CVE-2018-16869...

5.7CVSS4.1AI score0.01495EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•42 views

Updated qtbase5 packages fix security vulnerabilities

Double free in QXmlStreamReader CVE-2018-15518. Denial of Service on malformed BMP file in QBmpHandler CVE-2018-19873...

9.8CVSS2.3AI score0.03382EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/06 4:41 p.m.•19 views

Updated libao packages fix security vulnerability

A flaw was found in libao. The tokenizematrix function in audioout.c in Xiph.Org libao 1.2.0 can cause a denial of servicememory corruption via a crafted mp3 file CVE-2017-11548...

5.5CVSS3.1AI score0.03855EPSS
Exploits3References2
Mageia
Mageia
•added 2019/01/06 4:41 p.m.•37 views

Updated dcraw packages fix security vulnerability

A NULL pointer dereference flaw was found in the way dcraw processed images. An attacker could potentially use this flaw to crash dcraw by tricking it into processing crafted images CVE-2018-5801...

6.5CVSS2.6AI score0.02039EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/06 4:41 p.m.•71 views

Updated aubio packages fix security vulnerabilities

NULL pointer dereference in the function aubiosourceavcodecreadframe which may lead to DoS when playing a crafted audio file CVE-2017-17554. A crash in aubiopitchsetunit CVE-2018-14522. A buffer overrread resulting in crash or information leakage in newaubiopitchyinfft CVE-2018-14523...

8.8CVSS1.7AI score0.01966EPSS
Exploits2References2
Mageia
Mageia
•added 2019/01/05 9:49 p.m.•48 views

Updated wget packages fix security vulnerability

Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes xattrs of the file system - by default. This includes username + password and other credentials or private data if those have been used within the URLs. Anyone with read access to those files...

7.8CVSS1.4AI score0.00659EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•17 views

Updated units package fixes security vulnerability

A flaw was found in units. unitscur doesn't sanitize downloaded data. This allows a maliciously intended server to execute arbitrary code remotely on the client rhbz1598913...

4AI score
Exploits0References2
Total number of security vulnerabilities6012