Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2018/07/11 9:7 p.m.•49 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 CVE-2018-6149 and incorrect handling of content security policy CVE-2018-6148. It also contains a new google API key...

8.8CVSS1.6AI score0.00726EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/11 9:7 p.m.•52 views

Updated graphviz packages fix security vulnerability

NULL pointer dereference vulnerability in the rebuildvlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service application crash via a crafted file. CVE-2018-10196...

5.5CVSS5.3AI score0.01719EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/11 9:7 p.m.•28 views

Updated perl-Archive-Zip packages fix security vulnerability

It was discovered that the Archive::Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information CVE-2018-10860...

7.5CVSS1.9AI score0.48716EPSS
Exploits0References1
Mageia
Mageia
•added 2018/07/11 9:7 p.m.•19 views

Updated nikto packages fix security vulnerability

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report CVE-2018-11652...

10CVSS4.9AI score0.24727EPSS
Exploits5References2
Mageia
Mageia
•added 2018/07/11 9:7 p.m.•42 views

Updated redis packages fix security vulnerability

Multiple vulnerabilities were discovered in the Lua subsystem of Redis which could result in denial of service CVE-2018-11218, CVE-2018-11219...

9.8CVSS2.1AI score0.58529EPSS
Exploits2References3
Mageia
Mageia
•added 2018/07/01 10:17 p.m.•42 views

Updated libcrypt packages fix a security vulnerability

Updated libgcrypt packages fix security vulnerability: When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a...

4.7CVSS2.6AI score0.00887EPSS
Exploits1References3
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•29 views

Updated taglib packages fix security vulnerability

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file. CVE-2018-11439...

6.5CVSS5.4AI score0.02847EPSS
Exploits1References2
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•37 views

Updated ansible packages fix security vulnerability

Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...

5.9CVSS1.2AI score0.03088EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•44 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

5.5CVSS5.5AI score0.60631EPSS
Exploits2References1
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•28 views

Updated ncurses packages fix security vulnerability

A flaw was found in ncurses before 6.1.20180414 where a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax CVE-2018-10754...

3.6AI score
Exploits0References2
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•61 views

Updated libgcrypt packages fix security vulnerability

When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the...

4.7CVSS2.7AI score0.00887EPSS
Exploits1References3
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•47 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.69016EPSS
Exploits28References3
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•36 views

Updated phpmyadmin packages fix security vulnerability

A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name...

6.1CVSS1.8AI score0.01818EPSS
Exploits0References1
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•55 views

Updated firefox packages fix security vulnerability

Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 CVE-2018-5188. Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12359. Mozilla: Use-after-free using focus CVE-2018-12360. Mozilla: Media recorder segmentation fault when track type is changed during capture CVE-2018-515...

9.8CVSS1.2AI score0.04647EPSS
Exploits0References4
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•48 views

Updated file packages fix a security vulnerability

The updated packages fix a security vulnerability: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360...

6.5CVSS5.1AI score0.0341EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•35 views

Updated libvorbis packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The barknoisehybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact via a crafted mp4 file. CVE-2017-14160...

8.8CVSS6.8AI score0.04575EPSS
Exploits1References4
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•25 views

Updated librsvg packages fix a security vulnerability

Updated librsvg package fixes security vulnerability: It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file CVE-2018-1000041...

8.8CVSS5.1AI score0.02239EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues: In the function sbusfbioctlhelper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and...

7.8CVSS5AI score0.02379EPSS
Exploits1References7
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•59 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory rang...

9.8CVSS3.9AI score0.074EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/19 11:42 p.m.•29 views

Updated xdg-utils package fixes security vulnerability

Updated xdg-utils package fixes security vulnerability: The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via ...

8.8CVSS6.3AI score0.02472EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/19 11:42 p.m.•42 views

Updated poppler packages fix security vulnerability

The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 There is a NULL pointer...

6.5CVSS4.5AI score0.02435EPSS
Exploits2References3
Mageia
Mageia
•added 2018/06/19 11:42 p.m.•51 views

Updated gnupg gnupg2 packages fix a security vulnerability

Updated gnupg, gnupg2, and python-gnupg packages fix security vulnerability: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that wou...

7.5CVSS1.4AI score0.08654EPSS
Exploits0References5
Mageia
Mageia
•added 2018/06/19 11:42 p.m.•34 views

Updated roundcubemail packages fix security vulnerability

Updated roundcubemail package fixes security vulnerability: This update fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. CVE-2018-9846...

8.8CVSS2.4AI score0.02289EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/19 11:42 p.m.•32 views

Updated librsvg packages fix a security vulnerability

Updated librsvg package fixes security vulnerability: It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file CVE-2018-1000041...

8.8CVSS5.1AI score0.02239EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/17 9:26 p.m.•43 views

Updated freedink-dfarc package fixes security vulnerability

Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc as well as in the RTsoft's Dink Smallwood HD / ProtonSDK version, allowing an attacker to overwrite arbitrary files on the user's system CVE-2018-0496. This release fixes it, and brings translation updates...

7.5CVSS4.4AI score0.02448EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/16 9:28 a.m.•41 views

Updated imagemagick packages fix security vulnerability

Imagemagick has been updated to version 6.9.10.0 to fix several bugs and possible security issues. - Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts - Missing break when checking "compliance" element. - Fixed errant 'not enough pixel data' - Fixed...

6.5CVSS1.7AI score0.03193EPSS
Exploits1References7
Mageia
Mageia
•added 2018/06/16 9:28 a.m.•57 views

Updated flash-player-plugin packages fixes security issues

Updated flash-player-plugin packages fixes the following security issues A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002. In response to a class of recently...

10CVSS2.1AI score0.25353EPSS
Exploits0References3
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•30 views

Updated scummvm packages fix security vulnerability

Updated scummvm package fixes security vulnerability ScummVM 1.8.1's POSIX backend does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL CVE-2017-17528. This...

8.8CVSS2.9AI score0.01643EPSS
Exploits0References3
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•37 views

Updated leptonica packages fix security vulnerabilities

This update fixes a security issue potential injection attack using gplot rootdir originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0...

9.8CVSS3AI score0.03739EPSS
Exploits1References4
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•48 views

Updated gifsicle package fixes security vulnerability

Updated gifsicle package fixes security vulnerability: A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled CVE-2017-18120...

7.8CVSS5.2AI score0.01795EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•41 views

Updated patch packages fix security vulnerabilities

Updated patch package fixes security vulnerabilities: It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service CVE-2016-10713. It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use th...

7.8CVSS2.8AI score0.08585EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•47 views

Updated jasper packages fix security vulnerabilities

Updated japser packages fix security vulnerabilities: An assertion failure was possible to trigger in JPCNOMINALGAIN CVE-2016-9396. Denial of service via a reachable assertion in the function jpcfirstone in libjasper/jpc/jpcmath.c could lead to denial of service CVE-2018-9055...

7.5CVSS3.1AI score0.05686EPSS
Exploits1References4
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•38 views

Updated firefox packages fix security vulnerability

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash CVE-2018-6126...

8.8CVSS2AI score0.07666EPSS
Exploits1References3
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•48 views

Updated perl-DBD-mysql packages fix security vulnerabilities

Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...

9.8CVSS4.7AI score0.04629EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•32 views

Updated qt3 packages fix security vulnerability

Updated qt3 packages fix security vulnerability: A stack overflow flaw was found in the way Qt parsed XML input with several nested opening tags. An application using Qt's QXmlSimpleReader to parse specially crafted XML input could crash CVE-2016-10040...

5.5CVSS3.7AI score0.01922EPSS
Exploits1References2
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•40 views

Updated gimp packages fix security vulnerabilities

Updated gimp packages fix security vulnerabilities: Several vulnerabilities were discovered in GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787...

7.8CVSS2.4AI score0.01952EPSS
Exploits1References3
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•36 views

Updated corosync packages fix security vulnerability

An integer overflow leading to an out-of-bound read was found in authenticatenss23 in Corosync. An attacker could craft a malicious packet that would lead to a denial of service CVE-2018-1084...

7.5CVSS4.3AI score0.03172EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•18 views

Updated qtpass packages fix security vulnerability

All passwords generated with QtPass' built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers...

2.6AI score
Exploits0References2
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•49 views

Updated SDL_image packages fix security vulnerability

Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-1444...

8.8CVSS2.9AI score0.02677EPSS
Exploits3References2
Mageia
Mageia
•added 2018/06/05 9:42 p.m.•58 views

Updated libreoffice packages fix security vulnerabilities

The updated packages fix security vulnerabilities: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. CVE-2018-6871 sot/source/sdstor/stgstrms.cxx in LibreOffice before...

9.8CVSS5.7AI score0.78683EPSS
Exploits11References7
Mageia
Mageia
•added 2018/06/05 9:42 p.m.•36 views

Updated glpi packages fix security vulnerability

Updated glpi package fixes security vulnerability: An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execu...

6.1CVSS2.6AI score0.01111EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/04 3:11 p.m.•46 views

Updated python3 packages fix security vulnerabilities

Updated python3 packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...

7.5CVSS3AI score0.05103EPSS
Exploits1References4
Mageia
Mageia
•added 2018/06/04 3:11 p.m.•59 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 67.0.3396.62 fixes security issues: Multiple flaws were found in the way Chromium 64.0.3282.140 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

10CVSS2.2AI score0.58822EPSS
Exploits14References11
Mageia
Mageia
•added 2018/06/04 3:11 p.m.•60 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful...

7.7CVSS2.4AI score0.0401EPSS
Exploits0References6
Mageia
Mageia
•added 2018/06/03 11:2 a.m.•42 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The DNS dissector could crash CVE-2018-11356. Multiple dissectors could consume excessive memory CVE-2018-11357. The Q.931 dissector could crash CVE-2018-11358. Multiple dissectors could crash CVE-2018-11359. The GSM A DTAP dissector could...

7.5CVSS2.4AI score0.03509EPSS
Exploits0References9
Mageia
Mageia
•added 2018/06/03 11:2 a.m.•49 views

Updated git packages fix security vulnerabilities

It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory CVE-2018-11233. Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by...

7.8CVSS1.5AI score0.49188EPSS
Exploits10References2
Mageia
Mageia
•added 2018/05/31 8:34 p.m.•80 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.44 and fixes at least the following security issues: The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial...

8CVSS7.1AI score0.60631EPSS
Exploits21References27
Mageia
Mageia
•added 2018/05/31 8:34 p.m.•50 views

Updated libvirt packages fix security vulnerability

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

5.5CVSS5.5AI score0.60631EPSS
Exploits2References2
Mageia
Mageia
•added 2018/05/31 8:34 p.m.•59 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.44 and fixes at least the following security issues: By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other...

5.5CVSS1.3AI score0.60631EPSS
Exploits7References6
Mageia
Mageia
•added 2018/05/31 8:34 p.m.•67 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.44 and fixes at least the following security issues: This update adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump bu...

8CVSS7AI score0.84172EPSS
Exploits22References27
Total number of security vulnerabilities6012