Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2019/01/05 6:30 p.m.•37 views

Updated ldb, talloc, and samba packages fix security vulnerabilities

Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service CVE-2018-14629. Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC's KDC when configured to accept smart-card...

6.5CVSS1.9AI score0.05192EPSS
Exploits1References18
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•41 views

Updated freerdp packages fix security vulnerabilities

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-8784, CVE-2018-8785. Eyal Itkin discovered FreeRDP incorrectly handled...

9.8CVSS2.5AI score0.08357EPSS
Exploits6References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•37 views

Updated pdns packages fix security vulnerabilities

A vulnerability was in found in PowerDNS Authoritative Server. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows an authorized user to...

7.5CVSS2.6AI score0.06041EPSS
Exploits0References4
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•25 views

Updated libpgf packages fix security vulnerability

Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32 CVE-2015-6673...

9.8CVSS9.2AI score0.01908EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•17 views

Updated units package fixes security vulnerability

A flaw was found in units. unitscur doesn't sanitize downloaded data. This allows a maliciously intended server to execute arbitrary code remotely on the client rhbz1598913...

4AI score
Exploits0References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•31 views

Updated plexus-archiver packages fix security vulnerability

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...

5.5CVSS2.2AI score0.13179EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•14 views

Updated imagemagick packages fix security vulnerabilities & bugs

Imagemagick has been updated to fix several bugs and security issues...

2.1AI score
Exploits0References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•32 views

Updated libextractor packages fix security vulnerabilities

Several vulnerabilities were discovered in libextractor which may lead to denial of service or memory disclosure if a malformed OLE file is processed CVE-2018-20430, CVE-2018-20431...

6.5CVSS2.9AI score0.02237EPSS
Exploits2References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•86 views

Updated xmlrpc packages fix security vulnerabilities

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD CVE-2016-5002. A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that...

9.8CVSS4.2AI score0.14876EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•42 views

Updated pdns-recursor packages fix security vulnerabilities

A vulnerability was in found in PowerDNS Recursor. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows a malicious auth server to cause a...

7.5CVSS2.7AI score0.59469EPSS
Exploits0References6
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•50 views

Updated openjpeg2 packages fix security vulnerabilities

A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter CVE-2017-17479. A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter CVE-2017-17480. A flaw was found in OpenJPEG 2.3.0, there is an integer overfl...

9.8CVSS5.3AI score0.05135EPSS
Exploits3References4
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•39 views

Updated php-phpmailer package fixes security vulnerability

Potential object injection vulnerability CVE-2018-19296...

8.8CVSS3.2AI score0.02211EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•32 views

Updated libgxps packages fix security vulnerabilities

A flaw was found in libgxps through 0.3.0. There is a heap-based buffer over-read in the function ftfontfacehash of gxps-fonts.c. A crafted input will lead to a remote denial of service attack CVE-2018-10733. An integer overflow flaw exists within the "gxpsimagescreatefrompng" function in...

6.5CVSS3.9AI score0.02263EPSS
Exploits1References3
Mageia
Mageia
•added 2018/12/31 10:42 p.m.•46 views

Updated python-lxml packages fix security vulnerability

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer CVE-2018-19787...

6.1CVSS2.5AI score0.02438EPSS
Exploits1References2
Mageia
Mageia
•added 2018/12/31 10:42 p.m.•60 views

Updated graphicsmagick packages fix security vulnerabilities & bugs

Graphicsmagick has been updated to fix several bugs and security issues...

7.1CVSS1.8AI score0.49324EPSS
Exploits8References2
Mageia
Mageia
•added 2018/12/31 10:42 p.m.•39 views

Updated poppler packages fix security vulnerability

Poppler before 0.70.0 has a NULL pointer dereference in popplerattachmentnew when called from popplerannotfileattachmentgetattachment. CVE-2018-19149...

6.5CVSS2.4AI score0.0274EPSS
Exploits1References2
Mageia
Mageia
•added 2018/12/31 10:42 p.m.•61 views

Updated python packages fix security vulnerabilities

Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided CVE-2017-18207. Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service...

9.8CVSS1.5AI score0.20807EPSS
Exploits1References4
Mageia
Mageia
•added 2018/12/29 11:24 p.m.•43 views

Updated libtiff packages fix security vulnerabilities

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service crash or possibly have unspecified other impact via a crafted TIFF file. CVE-2018-12900 LibTIFF 4.0.9 with JBIG enabled decodes arbitrarily-sized...

8.8CVSS4.1AI score0.25183EPSS
Exploits5References4
Mageia
Mageia
•added 2018/12/29 11:24 p.m.•52 views

Updated keepalived package fixes security vulnerabilities

keepalived before version 2.0.9 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data ...

9.8CVSS1.8AI score0.03746EPSS
Exploits2References2
Mageia
Mageia
•added 2018/12/28 10:16 a.m.•32 views

Updated ruby-i18n packages fix security vulnerability

A flaw was found in the i18n gem before 0.8.0 for Ruby. The Hashslice in lib/i18n/coreext/hash.rb allows remote attackers to cause a denial of service application crash via a call in a situation where :somekey is present in keepkeys but not present in the hash CVE-2014-10077...

7.5CVSS7.1AI score0.0339EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/28 10:16 a.m.•28 views

Updated tcpdump package fixes security vulnerability

Fixed a stack-based buffer over-read in the printprefix function CVE-2018-19519...

5.5CVSS2.1AI score0.02364EPSS
Exploits1References2
Mageia
Mageia
•added 2018/12/26 11:8 p.m.•20 views

Updated thunderbird packages fix security vulnerabilities & bugs

The updated packages fix several bugs and some security issues...

2AI score
Exploits0References4
Mageia
Mageia
•added 2018/12/26 11:8 p.m.•19 views

Updated monit packages fix security vulnerability

There is a use-after-free in monit that shows up if you run it for a while on an active system with address sanitizer enabled...

3.3AI score
Exploits0References2
Mageia
Mageia
•added 2018/12/26 11:8 p.m.•49 views

Updated sqlite3 packages fix security vulnerability

A security issue fixed upstream in sqlite3 has been announced: https://www.openwall.com/lists/oss-security/2018/12/21/1 The issue is fixed in 3.25.3...

8.1CVSS0.5AI score0.09683EPSS
Exploits1References3
Mageia
Mageia
•added 2018/12/21 9:28 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...

7.8CVSS0.4AI score0.01902EPSS
Exploits5References12
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•57 views

Updated php packages fix security vulnerability

Bypassing disabled exec functions in PHP via imapopen CVE-2018-19518...

8.5CVSS3.4AI score0.9523EPSS
Exploits6References1
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•54 views

Updated netty & jctools packages fix security vulnerability

handler/ssl/OpenSslEngine.java in Netty before 4.0.37.Final allows remote attackers to cause a denial of service infinite loop CVE-2016-4970...

7.8CVSS5.3AI score0.11259EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•47 views

Updated phpmyadmin packages fix security vulnerabilities

- XSS vulnerability in navigation tree was discovered - Local file inclusion through transformation feature...

6.5CVSS1.5AI score0.03254EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/15 9:29 p.m.•47 views

Updated firefox packages fix security vulnerabilities

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash CVE-2018-17466. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to...

9.8CVSS0.9AI score0.09646EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/15 9:29 p.m.•30 views

Updated libwpd packages fix security vulnerability

It was discovered there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack CVE-2018-19208...

6.5CVSS3.1AI score0.01488EPSS
Exploits1References3
Mageia
Mageia
•added 2018/12/15 9:29 p.m.•45 views

Updated nss packages fix security vulnerability

Cache side-channel variant of the Bleichenbacher attack.CVE-2018-12404...

5.9CVSS2.7AI score0.44398EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/15 9:29 p.m.•63 views

Updated thunderbird packages fix security issues & bugs

- Buffer overflow using computed size of canvas element. CVE-2018-12359 - Use-after-free when using focus. CVE-2018-12360 - Integer overflow in SwizzleData. CVE-2018-12361 - Integer overflow in SSSE3 scaler. CVE-2018-12362 - Media recorder segmentation fault when track type is changed during...

9.8CVSS0.1AI score0.04831EPSS
Exploits7References13
Mageia
Mageia
•added 2018/12/09 9:20 p.m.•62 views

Updated tomcat packages fix security vulnerabilities

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service CVE-2018-1336. The defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins. It is expected that user...

9.8CVSS7.1AI score0.94494EPSS
Exploits3References4
Mageia
Mageia
•added 2018/12/07 12:53 p.m.•55 views

Updated flash-player-plugin packages fix security vulnerability

Use after free flaw enabling arbitrary code execution. CVE-2018-15982 Insecure Library Loading DLL hijacking flaw enabling privilege escalation. CVE-2018-15983...

10CVSS2.9AI score0.81971EPSS
Exploits13References2
Mageia
Mageia
•added 2018/12/06 12:10 p.m.•33 views

Updated kio-extras packages fix security vulnerability

The HTML thumbnailer was incorrectly accessing some content of remote URLs listed in HTML files. This meant that the owners of the servers referred in HTML files in your system could have seen in their access logs your IP address every time the thumbnailer tried to create the thumbnail...

7.5CVSS2AI score0.01455EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/03 10:13 p.m.•29 views

Updated messagelib packages fix security vulnerability

Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. This happens even if the option to allow the HTML emails to access remote servers is disabled in KMail settings. This means that the owners of the servers referred in the email can see in...

5.3CVSS2.1AI score0.01104EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/02 10:15 p.m.•50 views

Updated python-requests packages fix security vulnerability

It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information CVE-2018-18074...

7.5CVSS1.6AI score0.07443EPSS
Exploits2References3
Mageia
Mageia
•added 2018/12/02 10:15 p.m.•34 views

Updated apache-mod_perl packages fix security vulnerability

A flaw was found in modperl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processi...

10CVSS3AI score0.08946EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/01 9:39 p.m.•19 views

Updated kdeconnect-kde packages fix security vulnerability

The kdeconnect-kde package has been updated to version 1.3.3, which fixes an issue with modern encryption algorithms being disabled with SSH, and also fixes several bugs and updates compatibility with the Android app...

3.9AI score
Exploits0References3
Mageia
Mageia
•added 2018/11/28 8:50 p.m.•26 views

Updated yaml-cpp packages fix security vulnerability

The SingleDocParser::HandleNode function in yaml-cpp aka LibYaml-C++ 0.5.1 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file. CVE-2017-5950...

5.5CVSS5.3AI score0.02034EPSS
Exploits1References3
Mageia
Mageia
•added 2018/11/28 8:50 p.m.•32 views

Updated icecast packages fix security vulnerability

Buffer overflows in URL auth code if there is a "mount" definition that enables URL authentication. A malicious client could send long HTTP headers, leading to a buffer overflow and potential remote code execution CVE-2018-18820...

8.1CVSS4.8AI score0.48944EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/27 3:26 p.m.•59 views

Updated openssl packages fix security vulnerabilities

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS6AI score0.12154EPSS
Exploits4References3
Mageia
Mageia
•added 2018/11/27 3:26 p.m.•47 views

Updated libpng(12) packages fix security vulnerability

In libpng until version 1.6.35, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVE-2018-13785 This update fixes it, also providing the...

6.5CVSS5.6AI score0.0447EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/27 3:26 p.m.•65 views

Updated mariadb packages fix security vulnerabilities

Some easily exploitable vulnerabilities allowing high privileged attacker with network access via multiple protocols to compromise MySQL Server have been fixed...

9.8CVSS4.6AI score0.0595EPSS
Exploits0References1
Mageia
Mageia
•added 2018/11/22 10:26 p.m.•41 views

Updated poppler packages fix security vulnerabilities

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. CVE-2018-16646 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service becau...

6.5CVSS3.4AI score0.02882EPSS
Exploits4References1
Mageia
Mageia
•added 2018/11/22 10:26 p.m.•16 views

Updated Ghostscript packages fixes security issues

The ghostscript 9.26 update is focusing on security issues, including solving several well publicised real and potential exploits. For other fixes in this release, see the referenced News...

1.5AI score
Exploits0References2
Mageia
Mageia
•added 2018/11/22 10:26 p.m.•47 views

Updated flash-player-plugin packages fix security vulnerability

A critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE-2018-15981...

10CVSS5.2AI score0.11702EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/21 5:51 p.m.•17 views

Updated roundcubemail packages fix security vulnerability & bugs

This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability in handling invalid style tag content plus updates to ensure compatibility with PHP 7.3 an...

2.5AI score
Exploits0References2
Mageia
Mageia
•added 2018/11/21 5:51 p.m.•48 views

Updated gettext packages fix security vulnerability

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt. CVE-2018-18751...

9.8CVSS1.7AI score0.04293EPSS
Exploits1References2
Mageia
Mageia
•added 2018/11/20 11:11 a.m.•66 views

Updated apache packages fix security vulnerabilities

modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...

9.8CVSS1.1AI score0.86006EPSS
Exploits0References6
Total number of security vulnerabilities6012