Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/10/26 6:47 p.m.•47 views

Updated dhcp packages fix security vulnerability

Buffer overflow in dhclient possibly allowing code execution triggered by malicious server CVE-2018-5732. Reference count overflow in dhcpd allows denial of service CVE-2018-5733...

7.5CVSS4.2AI score0.20242EPSS
Exploits0References4
Mageia
Mageia
•added 2018/10/26 6:47 p.m.•83 views

Updated ruby packages fix security vulnerability

Ruby before 2.2.10 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick CVE-2017-17742. Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10 might allow...

9.8CVSS0.4AI score0.10715EPSS
Exploits0References10
Mageia
Mageia
•added 2018/10/20 1:55 p.m.•53 views

Updated libtiff packages fix security vulnerabilities

Heap-based buffer overflow in tifpackbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file CVE-2016-5319. In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tifpackbits.c CVE-2017-17942. TIFFWriteScanlin...

8.8CVSS5.8AI score0.0374EPSS
Exploits2References1
Mageia
Mageia
•added 2018/10/19 6:36 p.m.•39 views

Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. CVE-2018-17961 Saved execution stacks can leak operator arrays. CVE-2018-18073 1Policy operator gives access to .forceput. CVE-2018-18284...

8.6CVSS1.8AI score0.16288EPSS
Exploits3References5
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•32 views

Updated vlc packages fix security vulnerability

This update provides vlc 3.0.4 and fixes at least the following security issue: A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played CVE-2018-11529 For other fixes in this update, see...

8CVSS3.6AI score0.40612EPSS
Exploits10References3
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•33 views

Updated tcpflow packages fix security vulnerability

pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handleprism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the functio...

9.1CVSS3.7AI score0.02753EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•48 views

Updated 389-ds-base packages fix security vulnerabilities

Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search CVE-2018-10850 ldapsearch with server side sort allows users to cause a crash CVE-2018-10935 a server crash through the modify command with large DN CVE-2018-1462...

7.5CVSS4.2AI score0.02451EPSS
Exploits1References5
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•37 views

Updated clamav packages fix security vulnerability

The updated clamav packages fix a security vulnerability: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition on an affected device CVE-2018-15378...

5.5CVSS3.6AI score0.01315EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•37 views

Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack appear to be exploitable via...

9.8CVSS5.1AI score0.02955EPSS
Exploits0References1
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•47 views

Updated glib2.0 packages fix security vulnerabilities

The updated glib2.0 packages fix security vulnerabilities: In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference CVE-2018-16428. GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...

9.8CVSS2.4AI score0.04693EPSS
Exploits2References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•38 views

Updated php-smarty packages fix security vulnerability

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...

7.5CVSS5.9AI score0.03463EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•88 views

Updated docker packages fix security vulnerabilities

Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing CVE-2017-14992. The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi...

6.5CVSS3AI score0.0247EPSS
Exploits0References4
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•26 views

Updated calibre packages fix security vulnerability

Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8CVSS5.3AI score0.04665EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•38 views

Updated mgetty packages fix security vulnerabilities

Updated mgetty packages fix security vulnerabilities: The function doactivate did not properly sanitize shell metacharacters to prevent command injection CVE-2018-16741. Stack-based buffer overflow that could have been triggered via a command-line parameter CVE-2018-16742. The command-line...

7.8CVSS3.5AI score0.01323EPSS
Exploits6References2
Mageia
Mageia
•added 2018/10/14 12:58 a.m.•43 views

Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

9.8CVSS3.3AI score0.97356EPSS
Exploits12References1
Mageia
Mageia
•added 2018/10/14 12:58 a.m.•41 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered CVE-2018-12386. A vulnerability...

9.1CVSS1.6AI score0.13417EPSS
Exploits3References2
Mageia
Mageia
•added 2018/10/14 12:58 a.m.•38 views

Updated nextcloud packages fix security vulnerability

Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...

5.4CVSS2.5AI score0.00769EPSS
Exploits0References4
Mageia
Mageia
•added 2018/10/14 12:58 a.m.•50 views

Updated texlive packages fix security vulnerability

Updated texlive packages fix security vulnerability: A buffer overflow in the handling of Type 1 fonts allowed arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex CVE-2018-17407...

7.8CVSS2.2AI score0.02058EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/01 8:44 a.m.•45 views

Updated firefox packages fix security vulnerability

Firefox 60 is now the only supported version of the ESR series and it brings a completely new browser engine, designed to take full advantage of the processing power in modern devices. Firefox also now exclusively supports extensions built using the WebExtension API. This update brings Firefox...

5.9CVSS1.8AI score0.01496EPSS
Exploits0References1
Mageia
Mageia
•added 2018/09/27 7:24 a.m.•17 views

Updated rsyslog packages fix security vulnerability

A buffer overflow was found in the SanitizeMsg function of rsyslogd in runtime/parser.c which may cause a denial of service or other consequences...

4.7AI score
Exploits0References2
Mageia
Mageia
•added 2018/09/22 7:23 p.m.•95 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.70 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets targeti...

7.8CVSS1.1AI score0.24575EPSS
Exploits5References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•35 views

Updated libcgroup packages fix security vulnerability

The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...

8.1CVSS3AI score0.02316EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•56 views

Updated php packages fix security vulnerability

- Int Overflow lead to Heap OverFlow in exifthumbnailextract of exif.c CVE-2018-14883 - heap-buffer-overflow READ of size 48 while reading exif data CVE-2018-14851 - XSS due to the header Transfer-Encoding: chunked...

7.5CVSS2.1AI score0.08975EPSS
Exploits1References3
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•48 views

Updated dropbear packages fix security vulnerability

Dropbear is prone to a user enumeration vulnerability CVE-2018-15599. An external user without credentials can determine whether a given username exists on a server...

5.3CVSS2.6AI score0.02709EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•14 views

Updated mpg123 packages fix security vulnerability

The mpg123 project has fixed several bugs in the player, including an invalid read. We upgrade to the latest version which cumulates all those fixes...

3.4AI score
Exploits0References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•48 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.20.5, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.02571EPSS
Exploits0References4
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•29 views

Updated mailman packages fix security vulnerability

Updated mailman package fixes security vulnerability: It was discovered that mailman prior to 2.1.29 mishandled URLs in Utils.py:GetPathPieces which allowed attackers to display arbitrary text on trusted sites CVE-2018-13796...

6.5CVSS4.7AI score0.02541EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•44 views

Updated libextratcor packages fix security vulnerability

Several vulnerabilities were discovered in libextractor which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened CVE-2018-14346, CVE-2018-14347, CVE-2018-16430...

8.8CVSS3.7AI score0.02089EPSS
Exploits4References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•19 views

Updated xml-security-c packages fix security vulnerability

It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data...

2AI score
Exploits0References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•31 views

Updated soundtouch packages fix security vulnerability

Updated soundtouch package fixes security vulnerabilities: - Reachable assertion in FIRFilter.cpp causing denial of service CVE-2018-14045. - Reachable assertion in RateTransposer::setChannels causing denial of service CVE-2018-14044. - Heap-based buffer overflow in...

8.8CVSS4.1AI score0.02609EPSS
Exploits1References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•67 views

Updated unixODBC packages fix security vulnerability

unixODBC before version 2.3.5 is vulnerable to a buffer overflow in the DriverManager/info.c:unicodetoansicopy method. An attacker could exploit this to cause a denial of service or other unspecified impact CVE-2018-7409. The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3....

9.8CVSS6.7AI score0.03082EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•34 views

Updated lcms2 packages fix security vulnerability

Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. CVE-2018-16435...

5.5CVSS3.7AI score0.01746EPSS
Exploits1References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•33 views

Updated okular packages fix security vulnerability

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive..." in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular...

5.5CVSS5.1AI score0.0183EPSS
Exploits1References2
Mageia
Mageia
•added 2018/09/20 11:17 p.m.•91 views

Updated bouncycastle packages fix security vulnerabilities

Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of...

9.8CVSS1.1AI score0.24282EPSS
Exploits0References4
Mageia
Mageia
•added 2018/09/20 11:17 p.m.•39 views

Updated libx11 packages fix security vulnerabilities

Updated libx11 packages fix security vulnerabilities: An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS...

9.8CVSS2.5AI score0.09341EPSS
Exploits0References4
Mageia
Mageia
•added 2018/09/20 11:17 p.m.•48 views

Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix several security vulnerabilities including: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files CVE-2018-15908. In Artifex Ghostscript 9.23 before 2018-08-24, a typ...

9.3CVSS1.2AI score0.92499EPSS
Exploits5References7
Mageia
Mageia
•added 2018/09/14 8:41 p.m.•59 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes at least the following security issues: Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux...

7.8CVSS4.5AI score0.00506EPSS
Exploits0References6
Mageia
Mageia
•added 2018/09/14 8:41 p.m.•64 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes at least the following security issues: Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kerne...

7.8CVSS4.5AI score0.00506EPSS
Exploits0References6
Mageia
Mageia
•added 2018/09/14 8:41 p.m.•17 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. Other fixes in this update: all SPIINTELSPI config options have been disable to prevent a potential bios corrupting bug mga23560 For other changes in this update, see the...

2.1AI score
Exploits0References6
Mageia
Mageia
•added 2018/09/13 8:38 p.m.•44 views

Updated ntp packages fix security vulnerability

Updated ntp packages fix security vulnerability: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter CVE-2018-12327...

9.8CVSS5.8AI score0.29037EPSS
Exploits5References2
Mageia
Mageia
•added 2018/09/13 8:38 p.m.•34 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin packages fix security vulnerability: Successful exploitation of the currently un-disclosed vulerability could lead to information disclosure CVE-2018-15967...

7.5CVSS1.5AI score0.076EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/07 10:15 a.m.•47 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: Bluetooth Attribute Protocol dissector crash CVE-2018-16056. Radiotap dissector crash CVE-2018-16057. Bluetooth AVDTP dissector crash CVE-2018-16058...

7.5CVSS1.8AI score0.03459EPSS
Exploits0References6
Mageia
Mageia
•added 2018/09/07 10:15 a.m.•42 views

Updated libxkbcommon packages fix security vulnerabilities

Updated libxkbcommon packages fix security vulnerabilities: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation CVE-2018-15853...

7.8CVSS1.8AI score0.00535EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/07 10:15 a.m.•57 views

Updated sleuthkit packages fix security vulnerabilities

Updated sleuthkit packages fix security vulnerabilities: In The Sleuth Kit TSK 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660procdir in tsk/fs/iso9660dent.c in libtskfs.a, as demonstrated by fls CVE-2017-13755. In The Sleuth Kit TSK 4.4.2, opening a crafted disk...

8.1CVSS1.4AI score0.01326EPSS
Exploits6References2
Mageia
Mageia
•added 2018/09/02 7:7 p.m.•47 views

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...

7.5CVSS2.4AI score0.49268EPSS
Exploits0References5
Mageia
Mageia
•added 2018/09/02 7:7 p.m.•49 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Updated java-1.8.0-openjdk packages fixes at least the following security vulnerability: OpenJDK: insufficient index validation in PatternSyntaxException getMessage CVE-2018-2952...

4.3CVSS2.7AI score0.04184EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/02 7:7 p.m.•42 views

Updated libgd packages fix security vulnerabilities

The updated packages fix security vulnerabilities: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated...

8.8CVSS7.8AI score0.13204EPSS
Exploits1References2
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•49 views

Updated mercurial packages fix security vulnerabilities

This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data CVE-2018-13346. Fix mpatch.c that mishandles integer addition and...

9.8CVSS2.1AI score0.02687EPSS
Exploits0References3
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•69 views

Updated mariadb packages fix security vulnerability

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...

6.5CVSS4.3AI score0.03683EPSS
Exploits0References4
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•40 views

Updated libarchive packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader CVE-2017-14501. libarchive 3.3.2 suffe...

6.5CVSS4.5AI score0.02147EPSS
Exploits0References2
Total number of security vulnerabilities6012