Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2017/05/26 6:54 a.m.•55 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel-tmb update is based on upstream 4.4.68 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadloc...

10CVSS4.2AI score0.17827EPSS
Exploits23References10
Mageia
Mageia
•added 2017/05/26 6:54 a.m.•53 views

Updated kernel-linus packages fixes security vulnerabilities

This kernel-linus update is based on upstream 4.4.68 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and...

10CVSS4.2AI score0.17827EPSS
Exploits23References10
Mageia
Mageia
•added 2017/05/25 2:37 p.m.•52 views

Updated samba packages fix security vulnerability

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process CVE-2016-2126. Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this...

10CVSS2.6AI score0.99448EPSS
Exploits27References8
Mageia
Mageia
•added 2017/05/21 8:28 p.m.•13 views

Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.840, which fixes cross-site scripting XSS issues, and has other bug fixes and enhancements. See the upstream release announcements and change log for details...

2.6AI score
Exploits0References3
Mageia
Mageia
•added 2017/05/21 8:28 p.m.•46 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 25.0.0.171 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves a use-after-free vulnerability that could lead to code execution CVE-2017-3071. This...

9.3CVSS4.1AI score0.20353EPSS
Exploits2References2
Mageia
Mageia
•added 2017/05/21 8:28 p.m.•18 views

Updated vlc packages fix security vulnerability

The VLC packages have been updated to version 2.2.5.1, which includes various security improvements in demuxers and decoders, as well as other bug fixes...

4.2AI score
Exploits0References3
Mageia
Mageia
•added 2017/05/19 9:28 a.m.•20 views

Updated mhonarc packages fix security vulnerability

MHonArc before 2.6.19 is vulnerable to PHP code injection via commentized subjects. This update fixes it...

3AI score
Exploits0References2
Mageia
Mageia
•added 2017/05/19 8:57 a.m.•16 views

Updated radicale package fixes security vulnerability

Radicale before 1.1.2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method CVE-2017-8342...

8.1CVSS1.4AI score0.02016EPSS
Exploits1References2
Mageia
Mageia
•added 2017/05/10 8:47 p.m.•59 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on upstream 4.4.65 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadlock vi...

9.3CVSS3.8AI score0.17827EPSS
Exploits23References7
Mageia
Mageia
•added 2017/05/10 8:47 p.m.•54 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434,...

9.8CVSS3.9AI score0.18756EPSS
Exploits21References4
Mageia
Mageia
•added 2017/05/10 8:47 p.m.•36 views

Updated feh package fixes security vulnerability

Updated feh package to fix a double-free/OOB-write in E17 IPC. This was a potential security issue as a malicious X11 app running alongside feh and pretending to be an E17 window manager could have had access to out-of-bound memory. Security vulnerability: CVE-2017-7875...

9.8CVSS3.5AI score0.02266EPSS
Exploits0References3
Mageia
Mageia
•added 2017/05/10 8:47 p.m.•27 views

Updated lxterminal package fixes security vulnerability

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control. CVE-2016-10369...

7.8CVSS3.6AI score0.00319EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/09 6:35 a.m.•61 views

Updated virtualbox packages fixes security vulnerabilities

This update provides virtualbox 5.1.22 maintenance release and resolves at least the following security issues: A vulnerability in the core subcomponent of virtualbox allows high privilegied attacker unauthorized read access to a subset of VirtualBox accessible data CVE-2017-3513. A vulnerability...

8.8CVSS4AI score0.02912EPSS
Exploits10References2
Mageia
Mageia
•added 2017/05/09 6:35 a.m.•43 views

Updated ntp packages fix security vulnerability

A vulnerability was found in NTP, in the legacy MX4200 refclock implementation. If this refclock was compiled in and used, an attacker may be able to induce stack overflow, leading to a crash or potential code execution CVE-2017-6451. A vulnerability was found in NTP, in the building of response...

8.8CVSS2.7AI score0.06515EPSS
Exploits0References3
Mageia
Mageia
•added 2017/05/07 10:16 p.m.•58 views

Updated ghostscript packages fix security vulnerability

Various userparams in Ghostscript allow %pipe% in paths, allowing remote shell command execution CVE-2016-7976. The .libfile function in Ghostscript doesn't check PermitFileReading array, allowing remote file disclosure CVE-2016-7977. Reference leak in the .setdevice function in Ghostscript allow...

9.8CVSS5.2AI score0.96968EPSS
Exploits12References3
Mageia
Mageia
•added 2017/05/07 8:20 p.m.•25 views

Updated ettercap packages fix security vulnerability

Etterfilter utility of Ettercap have an out-of-bounds read denial-of-service vulnerability when parsing a crafted file. This occurs in the compiletree function of the efcompiler.c source file when processing corrupted filters CVE-2017-6430...

5.5CVSS2.7AI score0.01972EPSS
Exploits2References2
Mageia
Mageia
•added 2017/05/07 8:20 p.m.•17 views

Updated libsamplerate packages fix security vulnerability

It was discovered that libsamplerate contained a global buffer overflow in calcoutputsingle CVE-2017-7697...

5.5CVSS3.2AI score0.00913EPSS
Exploits0References3
Mageia
Mageia
•added 2017/05/07 8:20 p.m.•39 views

Updated libarchive packages fix security vulnerabilities

The archivewstringappendfrommbs function in archivestring.c in libarchive 3.2.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive file. CVE-2016-10209 The archivele32dec function in archiveendian.h in libarchive 3.2.2 allows...

5.5CVSS4.9AI score0.0191EPSS
Exploits1References2
Mageia
Mageia
•added 2017/05/06 12:17 p.m.•30 views

Updated audiofile packages fix security vulnerabilities

Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,...

7.8CVSS3.9AI score0.03241EPSS
Exploits1References2
Mageia
Mageia
•added 2017/05/03 10:17 p.m.•21 views

Updated minicom packages fix security vulnerability

In minicom before version 2.7.1, the escparms buffer in vt100.c is vulnerable to an overflow that may allow for remote code execution CVE-2017-7467...

9.8CVSS5.5AI score0.02757EPSS
Exploits1References2
Mageia
Mageia
•added 2017/05/03 9:48 a.m.•33 views

Updated texlive packages fix security vulnerability

It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document...

9.8CVSS3.6AI score0.07146EPSS
Exploits1References2
Mageia
Mageia
•added 2017/05/02 1:34 p.m.•49 views

Updated python-lshell package fixes security vulnerabilities

Shell outbreak due to bad syntax parse CVE-2016-6902. Shell outbreak with multiline commands CVE-2016-6903...

9.9CVSS3.6AI score0.05081EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•40 views

Updated openjpeg packages fix security vulnerability

Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2016-51...

8.8CVSS5.8AI score0.07114EPSS
Exploits2References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•27 views

Updated 389-ds-base packages fix security vulnerability

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. CVE-2017-2668...

6.5CVSS1.9AI score0.02627EPSS
Exploits0References3
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•46 views

Updated libxslt packages fix security vulnerability

Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service application crash or possible execute arbitrary code CVE-2017-5029...

8.8CVSS3.4AI score0.02131EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•56 views

Updated freetype2 packages fix security vulnerability

It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-10328. FreeType 2...

9.8CVSS4.8AI score0.04188EPSS
Exploits0References3
Mageia
Mageia
•added 2017/05/01 7:41 p.m.•37 views

Updated squirrelmail packages fix security vulnerability

Squirrelmail version 1.4.22 and probably prior is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server CVE-2017-7692...

9CVSS5.5AI score0.32156EPSS
Exploits7References2
Mageia
Mageia
•added 2017/04/30 11:33 p.m.•51 views

Updated java-1.8.0-openjdk packages fix security vulnerability

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges CVE-2017-3511. It was found that the JAXP component of...

7.7CVSS0.5AI score0.03311EPSS
Exploits2References6
Mageia
Mageia
•added 2017/04/30 11:33 p.m.•11 views

Updated xstream packages fix security vulnerability

A vulnerability was found in XStream. Parsing a maliciously crafted file could cause the application to crash. The processed stream at unmarshalling type contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. Th...

1.5AI score
Exploits0References2
Mageia
Mageia
•added 2017/04/27 10:21 p.m.•47 views

Updated tomcat packages fix security vulnerability

A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests...

9.1CVSS0.6AI score0.1684EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/27 10:21 p.m.•60 views

Updated firefox packages fix security vulnerability

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

9.8CVSS3.5AI score0.18756EPSS
Exploits19References6
Mageia
Mageia
•added 2017/04/24 7:27 a.m.•45 views

Updated icu packages fix security vulnerability

It was discovered that icu did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code CVE-2017-7867, CVE-2017-7868...

7.5CVSS4.9AI score0.0463EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/24 7:27 a.m.•44 views

Updated proftpd packages fix security vulnerability

ProFTPD before 1.3.5e controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...

5.5CVSS1.7AI score0.00419EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/21 7:24 a.m.•45 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.0.12, which fixes multiple security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.8CVSS2.8AI score0.03284EPSS
Exploits0References13
Mageia
Mageia
•added 2017/04/21 7:24 a.m.•29 views

Updated flash-player-plugin package fixes security vulnerability

This update fixes the following critical security issues: use-after-free vulnerabilities that could lead to code execution CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063. memory corruption vulnerabilities that could lead to code execution CVE-2017-3060, CVE-2017-3061, CVE-2017-3064...

10CVSS3AI score0.24728EPSS
Exploits2References2
Mageia
Mageia
•added 2017/04/21 7:24 a.m.•55 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser 57.0.2987.133 fixes security issues: Multiple flaws were found in the way Chromium 55 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.6CVSS2.1AI score0.41603EPSS
Exploits6References6
Mageia
Mageia
•added 2017/04/21 7:24 a.m.•47 views

Updated gimp packages fix security vulnerability

Context-dependent attackers were able to cause a denial of service via an ICO file with an InfoHeader containing a Height of zero CVE-2007-3126...

5CVSS3.1AI score0.02722EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/16 6:29 a.m.•63 views

Updated mediawiki packages fix security vulnerability

API parameters may now be marked as "sensitive" to keep their values out of the logs CVE-2017-0361. "Mark all pages visited" on the watchlist now requires a CSRF token CVE-2017-0362. Special:UserLogin and Special:Search allow redirect to interwiki links CVE-2017-0363, CVE-2017-0364. XSS in...

8.8CVSS1.2AI score0.01525EPSS
Exploits1References2
Mageia
Mageia
•added 2017/04/16 6:29 a.m.•49 views

Updated webkit2 packages fix security vulnerability

Multiple security fixes in latest webkit2 update...

8.8CVSS1.8AI score0.08511EPSS
Exploits44References6
Mageia
Mageia
•added 2017/04/15 10:22 p.m.•40 views

Updated ming packages fix security vulnerability

The update fixes CVE-2017-7578: Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service listswf application crash or possibly have unspecified other impact via a crafted SWF file. NOTE: This issue exists because of an incomplete fix fo...

7.8CVSS6.8AI score0.01248EPSS
Exploits0References1
Mageia
Mageia
•added 2017/04/15 10:22 p.m.•19 views

Updated unshield packages fix security vulnerability

unshield is vulnerable to directory traversal via "../" sequences CVE-2015-1386...

7.5CVSS7.5AI score0.02666EPSS
Exploits1References3
Mageia
Mageia
•added 2017/04/14 7:40 p.m.•35 views

Updated python-django packages fix security vulnerability

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

6.1CVSS1.4AI score0.02384EPSS
Exploits2References3
Mageia
Mageia
•added 2017/04/04 6:44 a.m.•24 views

Updated munin packages fix security vulnerability

Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...

5.5CVSS2.2AI score0.00421EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/04 6:44 a.m.•33 views

Updated jhead packages fix security vulnerability

It was discovered that jhead, a tool to manipulate the non-image part of EXIF compliant JPEG files, is prone to an out-of-bounds access vulnerability, which may result in denial of service or, potentially, the execution of arbitrary code if an image with specially crafted EXIF data is processed...

7.8CVSS3.3AI score0.01267EPSS
Exploits0References3
Mageia
Mageia
•added 2017/04/04 6:44 a.m.•40 views

Updated pidgin packages fix security vulnerability

A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side CVE-2017-2640. The pidgin package has been updated to version 2.12.0, which fixes this issue...

9.8CVSS1.9AI score0.06258EPSS
Exploits0References4
Mageia
Mageia
•added 2017/04/04 6:44 a.m.•31 views

Updated wget packages fix security vulnerability

Wget up untill version 1.19.1 does not ensure control characters are not used in the hostname part of a url. This security update rejects control characters in host part of a url...

6.1CVSS2.7AI score0.03086EPSS
Exploits1References3
Mageia
Mageia
•added 2017/04/04 6:44 a.m.•36 views

Updated mxml packages fix security vulnerability

Two stack exhaustion issues based on uncontrolled recursion were found in mxml. A maliciously crafted xml file can cause the application to crash. Recursion using mxmlDelete at mxml-node.c:217 reproducer is stack-exhaustion-1.xml CVE-2016-4570. Recursion using mxmlwritenode at mxml-file.c:2739...

7.1CVSS2.6AI score0.01589EPSS
Exploits0References4
Mageia
Mageia
•added 2017/04/03 8:31 p.m.•18 views

Updated phpmyadmin packages fix security vulnerability

A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set even if the administrator has set $cfg'Servers'$i'AllowNoPassword' to false which is also th...

2.9AI score
Exploits0References2
Mageia
Mageia
•added 2017/03/31 8:28 p.m.•53 views

Updated kernel-linus packages fixes security vulnerability

This kernel-linus update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain roo...

7.8CVSS4.6AI score0.01902EPSS
Exploits4References5
Mageia
Mageia
•added 2017/03/31 8:28 p.m.•55 views

Updated kernel packages fixes security vulnerability

This kernel update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root...

7.8CVSS4AI score0.01902EPSS
Exploits4References5
Total number of security vulnerabilities6011