Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2017/08/24 7:52 a.m.•57 views

Updated apache packages fix security vulnerabilities

In Apache httpd before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized poo...

9.1CVSS1.2AI score0.5677EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/23 3:43 p.m.•76 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to cod...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/23 3:43 p.m.•34 views

Updated graphicsmagick packages fix security vulnerability

Invalid memory read in SetImageColorCallBack in image.c CVE-2017-12935. Use-after-free in ReadWMFImage in wmf.c CVE-2017-12936. Heap-based buffer overflow in ReadSUNImage in sun.c CVE-2017-12937...

8.8CVSS3.8AI score0.25065EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/21 8:58 p.m.•15 views

Updated avidemux packages fix security vulnerabilities

The avidemux package has been updated to version 2.7.0. Avidemux includes a bundled copy of the ffmpeg libraries, which have been updated from version 3.0.7 to version 3.3.3, fixing several security issues and other bugs...

4.4AI score
Exploits0References3
Mageia
Mageia
•added 2017/08/21 8:28 p.m.•20 views

Updated php-pear-CAS package fixes security vulnerability

It was discovered that php-pear-CAS contained a possible authentication bypass in validateCAS20...

2.6AI score
Exploits0References3
Mageia
Mageia
•added 2017/08/21 8:28 p.m.•39 views

Updated nasm packages fix security vulnerabilities

Multiple heap use after free vulnerabilities CVE-2017-10686. Heap-based buffer overflow and application crash CVE-2017-11111...

7.8CVSS1.4AI score0.02946EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/21 8:0 p.m.•32 views

Updated shutter packages fix security vulnerability

Remote attackers could trick users into assisting them in executing arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action CVE-2016-10081...

9.3CVSS7.2AI score0.06618EPSS
Exploits4References2
Mageia
Mageia
•added 2017/08/21 8:0 p.m.•36 views

Updated clamav packages fix security vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service CVE-2017-6418. It was discovered that ClamAV incorrectly handled parsing certain PE files with WWPack...

5.5CVSS3.6AI score0.01415EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/20 9:10 a.m.•56 views

Updated ruby packages fix security vulnerabilities

It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. CVE-2015-9096 Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this...

9.8CVSS8.6AI score0.06204EPSS
Exploits5References2
Mageia
Mageia
•added 2017/08/20 8:48 a.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to cod...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/20 8:48 a.m.•61 views

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/20 8:48 a.m.•49 views

Updated mariadb packages fix security vulnerabilities

Difficult to exploit vulnerability in MariaDB Server allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this...

5.6CVSS4.1AI score0.03198EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/19 10:54 a.m.•36 views

Updated taglib packages fix security vulnerability

Denial of service vulnerability via specially crafted ID3v2 data CVE-2017-12678...

8.8CVSS2.8AI score0.02207EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/19 10:16 a.m.•40 views

Updated cvs package fixes security vulnerability

It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...

7.5CVSS4.7AI score0.05968EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/19 10:16 a.m.•14 views

Updated fossil package fixes security vulnerability

Potential XSS vulnerability on the /help webpage boo1053267...

2.6AI score
Exploits0References2
Mageia
Mageia
•added 2017/08/19 9:58 a.m.•65 views

Updated curl packages fix security vulnerabilities

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

6.5CVSS0.3AI score0.03958EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/19 9:58 a.m.•56 views

Updated mercurial packages fix security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

10CVSS3AI score0.05734EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/19 9:58 a.m.•47 views

Updated libmspack packages fix security vulnerabilities

It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-6419. It was discovered that libmspack incorrectly handled certain...

7.8CVSS3.2AI score0.02067EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/19 9:22 a.m.•33 views

Updated potrace packages fix security vulnerability

Potrace 1.14 has a heap-based buffer over-read in the interpolatecubic function in mkbitmap.c CVE-2017-12067...

7.5CVSS3.3AI score0.01079EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/18 5:6 p.m.•47 views

Updated jetty packages fix security vulnerability

Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords CVE-2017-9735...

7.5CVSS4.5AI score0.05795EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/18 5:6 p.m.•53 views

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

7.8CVSS2.6AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/18 5:6 p.m.•68 views

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

7.8CVSS2.6AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/17 8:2 a.m.•61 views

Updated vim packages fix security vulnerabilities

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened CVE-2016-1248. A...

9.8CVSS1.5AI score0.25314EPSS
Exploits2References4
Mageia
Mageia
•added 2017/08/17 8:2 a.m.•41 views

Updated poppler packages fix security vulnerabilities

Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service CVE-2017-7511. It was discovered that the...

7.8CVSS2.8AI score0.04338EPSS
Exploits1References4
Mageia
Mageia
•added 2017/08/16 10:32 p.m.•33 views

Updated kauth and kdelibs4 packages fix security vulnerability

Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account CVE-2017-8422...

7.8CVSS4.6AI score0.01805EPSS
Exploits3References3
Mageia
Mageia
•added 2017/08/16 9:10 p.m.•45 views

Updated subversion packages fix security vulnerability

A Subversion client sometimes connects to URLs provided by the repository. A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to an honest server to attack...

9.8CVSS2.6AI score0.18892EPSS
Exploits3References6
Mageia
Mageia
•added 2017/08/16 12:1 a.m.•36 views

Updated libsoup packages fix security vulnerability

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability CVE-2017-28...

9.8CVSS3.3AI score0.24337EPSS
Exploits4References2
Mageia
Mageia
•added 2017/08/16 12:1 a.m.•17 views

Updated mingw-nsis packages fix security vulnerability

The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...

4.1AI score
Exploits0References2
Mageia
Mageia
•added 2017/08/15 9:57 a.m.•34 views

Updated phpldapadmin packages fix security vulnerability

phpLDAPadmin through 1.2.3 has XSS in htdocs/entrychooser.php via the form, element, rdn, or container parameter CVE-2017-11107...

6.1CVSS3.1AI score0.02069EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/15 9:57 a.m.•43 views

Updated x11-server packages fix security vulnerabilities

Eric Sesterhenn discovered that the X.Org X server incorrectly compared MIT cookies. An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie CVE-2017-2624. It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X...

8.8CVSS2.9AI score0.03877EPSS
Exploits3References4
Mageia
Mageia
•added 2017/08/15 9:57 a.m.•41 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801,...

10CVSS3.9AI score0.04187EPSS
Exploits13References4
Mageia
Mageia
•added 2017/08/13 10:19 p.m.•56 views

Updated cacti packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php CVE-2017-10970. Cross-site scripting XSS vulnerability in...

9.8CVSS3.4AI score0.02921EPSS
Exploits2References6
Mageia
Mageia
•added 2017/08/13 10:19 p.m.•49 views

Updated git packages fix security vulnerability

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules CVE-2017-1000117...

8.8CVSS3.7AI score0.77823EPSS
Exploits9References6
Mageia
Mageia
•added 2017/08/13 1:36 p.m.•37 views

Updated heimdal packages fix security vulnerability

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks CVE-2017-11103...

8.1CVSS3.6AI score0.05118EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•48 views

Updated ffmpeg packages fix security vulnerabilities

This update provides ffmpeg version 3.3.3, which fixes several security vulnerabilities and other bugs which were corrected upstream...

6.5CVSS3.8AI score0.04542EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•44 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.9AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•45 views

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS1.4AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•45 views

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.7AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•47 views

Updated supervisor packages fix security vulnerability

A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root...

9CVSS2.9AI score0.87544EPSS
Exploits10References2
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•54 views

Updated php-phpmailer packages fix security vulnerability

It was discovered that php-phpmailer has a XSS vulnerability in the "From Email Address" and "To Email Address" fields of codegenerator.php CVE-2017-11503...

6.1CVSS1.6AI score0.024EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•32 views

Updated ruby-rubyzip packages fix security vulnerability

A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory CVE-2017-5946...

9.8CVSS3.7AI score0.0347EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.7AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/08/12 10:13 a.m.•38 views

Updated krb5 packages fix security vulnerability

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request CVE-2017-11368...

6.5CVSS3.6AI score0.02397EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/11 10:24 p.m.•94 views

Updated jackson-databind packages fix security vulnerability

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper CVE-2017-7525...

9.8CVSS3.4AI score0.37925EPSS
Exploits7References2
Mageia
Mageia
•added 2017/08/10 8:26 p.m.•34 views

Updated perl-XML-LibXML packages fix security vulnerability

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows attackers to execute arbitrary code by controlling the arguments to a replaceChild call CVE-2017-10672...

9.8CVSS6.7AI score0.07929EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/09 8:1 p.m.•26 views

Updated varnish packages fix security vulnerability

A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process CVE-2017-12425...

7.5CVSS1.1AI score0.02416EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/09 10:44 a.m.•31 views

Updated perl-SOAP-Lite packages fix security vulnerability

It was discovered that there was a "Billion Laughs" 0 XML expansion vulnerability in SOAP::Lite CVE-2015-8978...

7.5CVSS7.4AI score0.01555EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/08 8:24 p.m.•107 views

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.1.26 maintenance release, fixing security and other issues: This Critical Patch Update contains 14 new unspcified security fixes for Oracle VM VirtualBox. According to currently known info, none of these vulnerabilities may be remotely exploitable without...

8.8CVSS1.9AI score0.01643EPSS
Exploits7References2
Mageia
Mageia
•added 2017/08/08 8:24 p.m.•34 views

Updated mpg123 packages fix security vulnerabilities

The nexttext function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service buffer over-read via a crafted mp3 file CVE-2017-9545. Invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes CVE-2017-10683. Extend pow tables for...

5.5CVSS3.9AI score0.01167EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/08 8:24 p.m.•30 views

Updated atril packages fix security vulnerability

It was discovered that Atril made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely CVE-2017-1000083...

7.8CVSS2.5AI score0.50826EPSS
Exploits9References2
Total number of security vulnerabilities6012