Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
added 2017/03/31 8:28 p.m.55 views

Updated kernel-tmb packages fixes security vulnerability

This kernel-tmb update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root...

7.8CVSS4.6AI score0.01902EPSS
Exploits4References5
Mageia
Mageia
added 2017/03/31 6:14 a.m.17 views

Updated deluge packages fix security vulnerability

Updated deluge package fixes a CSRF Cross-site request forgery vulnerability using upstream patch. Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target...

3AI score
Exploits0References3
Mageia
Mageia
added 2017/03/31 6:14 a.m.48 views

Updated mariadb packages fix security vulnerability

Crash in libmysqlclient.so in MariaDB 10.0.x through 10.0.29 CVE-2017-3302. Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: MyISAM. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to...

7.5CVSS4.9AI score0.04905EPSS
Exploits0References3
Mageia
Mageia
added 2017/03/27 9:27 p.m.31 views

Updated mbedtls packages fix security vulnerability

In mbedTLS before 1.3.19, if a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. Depending on the platform, this could result in a Denial of Service client crash or...

8.1CVSS2.5AI score0.0339EPSS
Exploits2References4
Mageia
Mageia
added 2017/03/27 9:27 p.m.31 views

Updated putty packages fix security vulnerability

In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data CVE-2017-6542...

9.8CVSS2.2AI score0.21816EPSS
Exploits4References3
Mageia
Mageia
added 2017/03/27 9:27 p.m.28 views

Updated roundcubemail package fixes security vulnerability

rcubeutils.php in Roundcube before 1.1.8 and before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element CVE-2017-6820...

6.1CVSS1.8AI score0.01293EPSS
Exploits1References2
Mageia
Mageia
added 2017/03/27 1:55 p.m.46 views

Updated glibc packages fix security vulnerability

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service CVE-2015-5180. Tim Ruehsen discovered that the getaddrinfo implementation in the GNU C Library did not properly track memory allocations. An...

7.5CVSS7.8AI score0.06219EPSS
Exploits0References1
Mageia
Mageia
added 2017/03/25 8:15 p.m.60 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel-tmb update is based on upstream 4.4.55 and fixes at least the following security issues: Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline...

7.8CVSS4.4AI score0.01021EPSS
Exploits2References6
Mageia
Mageia
added 2017/03/25 8:15 p.m.70 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on upstream 4.4.55 and fixes at least the following security issues: Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline CVE-2017-263...

7.8CVSS4.5AI score0.01021EPSS
Exploits2References6
Mageia
Mageia
added 2017/03/25 8:15 p.m.56 views

Updated kernel-linus packages fixes security vulnerabilities

This kernel-linus update is based on upstream 4.4.55 and fixes at least the following security issues: Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline...

7.8CVSS4.4AI score0.01021EPSS
Exploits2References6
Mageia
Mageia
added 2017/03/25 4:56 p.m.21 views

Updated libquicktime packages fix security vulnerability

Integer overflow in the quicktimereadpascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. CVE-2016-2399...

7.8CVSS7.2AI score0.07184EPSS
Exploits5References3
Mageia
Mageia
added 2017/03/25 4:56 p.m.40 views

Updated freetype2 packages fix security vulnerability

The parsecharstrings function in type1/t1load.c in FreeType 2 did not ensure that a font contains a glyph name, which could allow remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file CVE-2016-10244...

7.8CVSS6.4AI score0.03235EPSS
Exploits1References3
Mageia
Mageia
added 2017/03/25 4:56 p.m.31 views

Updated tnef packages fix security vulnerability

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can le...

7.8CVSS2AI score0.0154EPSS
Exploits0References3
Mageia
Mageia
added 2017/03/25 4:56 p.m.44 views

Updated libwmf packages fix security vulnerability

The gdImageCreate function in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service system hang via an oversized image. CVE-2016-9317 The gdImageCreateFromGd2Ctx function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.4 allows remote...

7.8CVSS5.7AI score0.03736EPSS
Exploits0References1
Mageia
Mageia
added 2017/03/25 4:56 p.m.39 views

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin installs latest version for the flash plugin from adobe. See the referenced security bulletin for details...

9.3CVSS3AI score0.0836EPSS
Exploits1References2
Mageia
Mageia
added 2017/03/23 9:21 p.m.53 views

Updated thunderbird packages fix security vulnerability

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. CVE-2017-5400 A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may...

10CVSS9.1AI score0.17484EPSS
Exploits8References3
Mageia
Mageia
added 2017/03/23 9:21 p.m.55 views

Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,...

10CVSS3.9AI score0.17484EPSS
Exploits8References9
Mageia
Mageia
added 2017/03/23 7:19 a.m.39 views

Updated icoutils packages fix security vulnerability

Multiple vulnerabilities were discovered in the icotool CVE-2017-6010, CVE-2017-6011 and wrestool CVE-2017-6009 tools of icoutils, a set of programs that deal with MS Windows icons and cursors, which may result in denial of service or the execution of arbitrary code if a malformed .ico or .exe fi...

5.5CVSS4.8AI score0.01538EPSS
Exploits3References3
Mageia
Mageia
added 2017/03/23 7:19 a.m.63 views

Updated virtualbox packages fixes security vulnerabilities

This update provides virtualbox 5.1.18 maintenance release and resolves at least the following security issues: A vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read access to a...

8.4CVSS3.3AI score0.06961EPSS
Exploits5References2
Mageia
Mageia
added 2017/03/23 7:19 a.m.43 views

Updated kdelibs4 packages fix security vulnerability

Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part user:password@host, and in the path and th...

5.5CVSS0.3AI score0.00828EPSS
Exploits0References2
Mageia
Mageia
added 2017/03/17 11:12 a.m.31 views

Updated wavpack packages fix security vulnerability

Hanno Böck discovered a global buffer overread vulnerability in WavPack's word parsing logic CVE-2016-10169, this update fixes it...

5.5CVSS2.3AI score0.02123EPSS
Exploits1References3
Mageia
Mageia
added 2017/03/12 8:33 p.m.27 views

Updated potrace packages fix security vulnerability

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service invalid memory access and crash via a crafted BMP image. CVE-2016-8685 The bmnew function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image,...

7.8CVSS6.7AI score0.01514EPSS
Exploits0References3
Mageia
Mageia
added 2017/03/12 8:33 p.m.12 views

Updated flac packages fix security vulnerability

FLAC 1.3.2 fixes a NULL pointer dereference bug and adds bounds checking in the encoder. It also fixes various non security-relevant issues...

1.8AI score
Exploits0References2
Mageia
Mageia
added 2017/03/12 8:33 p.m.35 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.0.11, which fixes two security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.8CVSS3.1AI score0.02942EPSS
Exploits0References12
Mageia
Mageia
added 2017/03/12 8:33 p.m.33 views

Updated flash-player-plugin packages fix security vulnerability

flash-player-plugin update fixes the following issues: A type confusion vulnerability that could lead to code execution CVE-2017-2995. An integer overflow vulnerability that could lead to code execution CVE-2017-2987. Use-after-free vulnerabilities that could lead to code execution CVE-2017-2982,...

9.3CVSS3AI score0.32676EPSS
Exploits10References2
Mageia
Mageia
added 2017/03/03 10:9 a.m.38 views

Updated quagga packages fix security vulnerability

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host CVE-2017-5495...

7.8CVSS3.2AI score0.18803EPSS
Exploits0References3
Mageia
Mageia
added 2017/03/03 10:9 a.m.39 views

Updated util-linux packages fix security vulnerability

With the su command from util-linux before 2.29.2, it is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. SIGKILL can only be sent to processes which were executed after the su proces...

5.5CVSS2.4AI score0.00279EPSS
Exploits0References2
Mageia
Mageia
added 2017/03/03 10:9 a.m.37 views

Updated ming packages fix security vulnerability

Global-buffer-overflow in printMP3Headers. CVE-2016-9264 Divide-by-zero in printMP3Headers. CVE-2016-9265 Left shift in listmp3.c. CVE-2016-9266 Heap-based buffer overflow in iprintf. CVE-2016-9827 NULL pointer dereference in dumpBuffer. CVE-2016-9828 Heap-based buffer overflow in...

7.8CVSS3.5AI score0.02131EPSS
Exploits4References8
Mageia
Mageia
added 2017/03/02 3:11 p.m.55 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.14.5, fixing several security issues and other bugs...

9.6CVSS3.4AI score0.66788EPSS
Exploits31References11
Mageia
Mageia
added 2017/02/26 10:2 p.m.31 views

Updated php-tcpdf packages fix security vulnerability

A local file inclusion vulnerability in TCPDF allows to upload files from the server generating PDF files to an external FTP server CVE-2017-6100. The updated php-tcpdf-6.0.098-1.1.mga5 package fixes this issue by setting KTCPDFCALLSINHTML configuration parameter to false by default...

7.5CVSS1.6AI score0.0146EPSS
Exploits0References1
Mageia
Mageia
added 2017/02/26 10:2 p.m.45 views

Updated libevent packages fix security vulnerability

The DNS code of Libevent contains an OOB read which can trigger a crash CVE-2016-10197 The libevent evutilparsesockaddrport contains a buffer overflow which can cause a segmentation fault CVE-2016-10196 The nameparse function in libevent's DNS code is vulnerable to a buffer overread CVE-2016-1019...

9.8CVSS4.3AI score0.06681EPSS
Exploits3References3
Mageia
Mageia
added 2017/02/26 10:2 p.m.20 views

Updated firebird packages fix security vulnerability

A serious security problem existed with the access to undesired external modules, even if 'Restrict' configuration mode was specified for UdfAccess CORE-5474...

2.7AI score
Exploits0References4
Mageia
Mageia
added 2017/02/25 8:29 a.m.82 views

Updated kernel and kmod packages fixes security vulnerabilities

This kernel update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access to a...

9.8CVSS4.2AI score0.0596EPSS
Exploits13References12
Mageia
Mageia
added 2017/02/25 8:29 a.m.98 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel-tmb update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access to ...

9.8CVSS4AI score0.0596EPSS
Exploits13References12
Mageia
Mageia
added 2017/02/25 8:29 a.m.87 views

Updated kernel-linus fixes security vulnerabilities

This kernel-linus update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access t...

9.8CVSS3.9AI score0.0596EPSS
Exploits13References12
Mageia
Mageia
added 2017/02/23 2:58 p.m.37 views

Updated spice packages fix security vulnerability

An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. CVE-2016-9578...

8.8CVSS2.4AI score0.03844EPSS
Exploits0References2
Mageia
Mageia
added 2017/02/23 2:58 p.m.50 views

Updated libpcap/tcpdump packages fix security vulnerability

The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ahprint. CVE-2016-7922 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arpprint. CVE-2016-7923 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oamprint. CVE-2016-7924...

9.8CVSS2.3AI score0.06196EPSS
Exploits0References3
Mageia
Mageia
added 2017/02/20 10:19 p.m.33 views

Updated ruby-archive-tar-minitar packages fix security vulnerability

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry. CVE-2016-10173 Moreover the updated packages replace deprecated requiregem by gem to make minitar wo...

7.5CVSS5.7AI score0.04742EPSS
Exploits1References3
Mageia
Mageia
added 2017/02/20 1:24 p.m.46 views

Updated iceape packages fix security vulnerability

Updated Iceape packages derived from Seamonkey include security fixes from Mozilla Firefox: Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Seamonkey before 2.46 allows remote attackers to cause a denial of service boolean out-of-bounds write or possib...

9.8CVSS6.2AI score0.05037EPSS
Exploits0References2
Mageia
Mageia
added 2017/02/20 1:0 p.m.35 views

Updated libarchive packages fix security vulnerability

An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. CVE-2017-5601...

7.5CVSS5.6AI score0.04447EPSS
Exploits0References3
Mageia
Mageia
added 2017/02/20 1:0 p.m.85 views

Updated gnutls packages fix security vulnerability

Remote denial of service in SSL alert handling. CVE-2016-8610 In gnutlsx509extimportproxy: if the language was set but the policy wasn't, that could lead to a double free. CVE-2017-5334 Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows. CVE-2017-5335,...

9.8CVSS2.3AI score0.39657EPSS
Exploits1References4
Mageia
Mageia
added 2017/02/20 1:0 p.m.58 views

Updated mariadb packages fix security vulnerability

Root Privilege Escalation CVE-2016-6664. Unspecified vulnerability affecting the Optimizer component CVE-2017-3238. Unspecified vulnerability affecting the Charsets component CVE-2017-3243. Unspecified vulnerability affecing the DML component CVE-2017-3244. Unspecified vulnerability affecting...

7CVSS1.7AI score0.04792EPSS
Exploits10References4
Mageia
Mageia
added 2017/02/20 1:0 p.m.30 views

Updated lynx packages fix security vulnerability

Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. CVE-2016-9179...

7.5CVSS2.8AI score0.01987EPSS
Exploits0References2
Mageia
Mageia
added 2017/02/20 1:0 p.m.25 views

Updated gtk-vnc packages fix security vulnerability

It was found that gtk-vnc code does not properly check boundaries of subrectangle-containing tiles. A malicious server can use this to overwrite parts of the client memory CVE-2017-5884. In addition, the vncconnectionservermessage and vnccolormapset functions do not check for integer overflow...

9.8CVSS3.3AI score0.04985EPSS
Exploits2References4
Mageia
Mageia
added 2017/02/20 1:0 p.m.42 views

Updated libgd packages fix security vulnerability

OOB reads of the TGA decompression buffer CVE-2016-6906. Double-free in gdImageWebPtr CVE-2016-6912. gdImageCreate doesn't check for oversized images and as such is prone to DoS vulnerabilities CVE-2016-9317. Potential unsigned underflow in gdinterpolation.c CVE-2016-10166. DOS vulnerability in...

9.8CVSS5.4AI score0.10687EPSS
Exploits0References5
Mageia
Mageia
added 2017/02/20 1:0 p.m.37 views

Updated netpbm packages fix security vulnerability

Version 10.73.07 fixes security vulnerabilities: Out-of-bounds write in writeRasterPbm CVE-2017-2581 Out-of-bounds read in expandCodeOntoStack CVE-2017-2579 Out-of-bounds write of heap data in addPixelToRaster CVE-2017-2580 Null pointer dereference in stringToUint CVE-2017-2586 Insufficient size...

7.8CVSS3AI score0.01614EPSS
Exploits0References2
Mageia
Mageia
added 2017/02/18 9:50 p.m.45 views

Updated openjpeg2 packages fix security vulnerabilities

Floating Point Exception aka FPE or divide by zero in opjpinextcprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. CVE-2016-9112 There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-comps0.data is not assigned a value after initializationNULL...

7.5CVSS2.7AI score0.03168EPSS
Exploits7References2
Mageia
Mageia
added 2017/02/18 9:5 p.m.55 views

Updated tomcat packages fix security vulnerability

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure CVE-2016-8745...

7.5CVSS0.2AI score0.16038EPSS
Exploits0References3
Mageia
Mageia
added 2017/02/18 4:29 p.m.41 views

Updated jitsi packages fix security vulnerability

An incorrect implementation of XEP-0280: Message Carbons in Jitsi and other XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks CVE-2017-5603...

5.9CVSS5.5AI score0.0155EPSS
Exploits2References2
Mageia
Mageia
added 2017/02/18 4:29 p.m.31 views

Updated viewvc packages fix security vulnerability

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...

6.1CVSS3.5AI score0.01318EPSS
Exploits0References2
Total number of security vulnerabilities6011