Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2016/08/31 3:32 p.m.•77 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS4.4AI score0.05676EPSS
Exploits13References4
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•42 views

Updated postgresql packages fix security vulnerability

It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution CVE-2016-5423. It was found that PostgreSQL client programs mishandle database and role names...

8.3CVSS3.2AI score0.05962EPSS
Exploits0References4
Mageia
Mageia
•added 2016/08/09 8:58 a.m.•40 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 52.0.2743.116 fixes security issues: two heap overflow issues in pdfium CVE-2016-5139 and CVE-2016-5140; an address bar spoofing problem CVE-2016-5141; a use-after-free bug CVE-2016-5142 and a same origin bypass problem CVE-2016-5145 in blink; two parameter sanitization...

9.8CVSS2.3AI score0.01849EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/09 8:58 a.m.•53 views

Updated openntpd/busybox packages fix security vulnerability

The busybox NTP implementation doesn't check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of...

7.8CVSS2AI score0.08894EPSS
Exploits5References2
Mageia
Mageia
•added 2016/08/09 8:58 a.m.•37 views

Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252,...

9.8CVSS4AI score0.04577EPSS
Exploits3References15
Mageia
Mageia
•added 2016/08/06 10:51 a.m.•12 views

Updated ruby-eventmachine packages fix security vulnerability

EventMachine could be crashed by opening a high number of parallel connections = 1024 towards a server using the EventMachine engine. The crash happens due to the file descriptors overwriting the stack...

1.9AI score
Exploits0References4
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•42 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect of ZendFramework is vulnerable to an SQL injection CVE-2016-6233...

9.8CVSS2.3AI score0.02047EPSS
Exploits1References3
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•47 views

Updated chromium-browser-stable packages fix security vulnerability

Multiple unspecified vulnerabilities in chromium before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1705 The PPAPI implementation in Chromium before 52.0.2743.82 does not validate the origin of IPC messages to the plugin...

9.6CVSS3.4AI score0.0246EPSS
Exploits1References2
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•46 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610. Multiple denial of service flaws were found i...

9.6CVSS2.1AI score0.0669EPSS
Exploits0References3
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•39 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.0.5, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

5.9CVSS2.9AI score0.0771EPSS
Exploits2References12
Mageia
Mageia
•added 2016/07/31 8:39 p.m.•63 views

Updated glibc and libtirpc packages fixes security vulnerability

A stack-based buffer overflow in the clntudpcall function in sunrpc/clntudp.c in the GNU C Library aka glibc or libc6 allows remote servers to cause a denial of service crash or possibly unspecified other impact via a flood of crafted ICMP and UDP packets CVE-2016-4429. A similar issue was fixed ...

5.9CVSS3.6AI score0.03922EPSS
Exploits0References1
Mageia
Mageia
•added 2016/07/31 8:39 p.m.•52 views

Updated kernel packages fix security vulnerability

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS3.9AI score0.15073EPSS
Exploits16References4
Mageia
Mageia
•added 2016/07/26 10:11 p.m.•28 views

Updated libidn packages fix security vulnerability

Out-of-bounds stack read in libidn before 1.33 in idnatoascii4i CVE-2016-6261. Out-of-bounds-read in libidn when reading one zero byte as input CVE-2015-8948, CVE-2016-6262. In libidn before 1.33, stringpreputf8nfkcnormalize would crash when presented with invalid UTF-8 CVE-2016-6263...

7.5CVSS7.7AI score0.06721EPSS
Exploits0References4
Mageia
Mageia
•added 2016/07/26 10:11 p.m.•31 views

Updated mupdf packages fix security vulnerability

Use-after-free issue in mupdf in pdfloadxref can cause a denial of service CVE-2016-6265...

5.5CVSS3AI score0.0163EPSS
Exploits1References2
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•41 views

Updated harfbuzz packages fix security vulnerability

Two memory access issues, including a heap-based buffer overflow CVE-2015-8947 and incorrect table length check CVE-2016-2052 could lead to a denial of service when rendering a crafted OpenType font...

7.6CVSS7.8AI score0.02451EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•46 views

Updated mariadb packages fix security vulnerability

The mariadb package has been updated to version 10.0.26. It fixes several security issues CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440 and other bugs. See the upstream release notes for details...

8.1CVSS4.1AI score0.05826EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•59 views

Updated libxml2 packages fix security vulnerability

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the...

10CVSS8.9AI score0.1398EPSS
Exploits11References4
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•33 views

Updated libupnp packages fix security vulnerability

libupnp's default behavior allows an unauthenticated user access to a server's filesystem through POST and GET requests CVE-2016-6255...

7.5CVSS3.6AI score0.26818EPSS
Exploits4References2
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•65 views

Updated php/xmlrpc-epi/timezone packages fix security vulnerability

Stack-based buffer overflow vulnerability in virtualfileex CVE-2016-6289. Use After Free in unserialize with Unexpected Session Deserialization CVE-2016-6290. Out of bound read in exifprocessIFDinMAKERNOTE CVE-2016-6291. NULL Pointer Dereference in exifprocessusercomment CVE-2016-6292...

9.8CVSS2.6AI score0.06271EPSS
Exploits7References7
Mageia
Mageia
•added 2016/07/26 9:16 p.m.•44 views

Updated tomcat/apache-commons-fileupload packages fix security vulnerability

The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive,...

7.8CVSS1.4AI score0.35927EPSS
Exploits0References4
Mageia
Mageia
•added 2016/07/26 9:16 p.m.•25 views

Updated sudo packages fix security vulnerability

A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve to execute the binary. This results in a race condition if the digest functionalit...

7CVSS6.9AI score0.00542EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/26 9:16 p.m.•65 views

Updated apache packages fix security vulnerability

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

8.1CVSS0.3AI score0.55724EPSS
Exploits0References4
Mageia
Mageia
•added 2016/07/26 7:11 p.m.•37 views

Updated VirtualBox 5.1 packages fix security vulnerability

This update provides the new VirtualBox 5.1 series, currently based on 5.1.2 providing several perfomance enhancements The highlights include: VMM: new APIC and I/O APIC implementations that result in significantly improved performance in certain situations for example with networking VMM: activa...

5.5CVSS1AI score0.00388EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/26 7:11 p.m.•39 views

Updated libgd packages fix security vulnerability

Updated libgd packages fix security vulnerabilities: A read out-of-bounds was found in the parsing of TGA files when the header reports an incorrect size CVE-2016-6132 or invalid bpp CVE-2016-6214 or RLE value upstream issue 248. Integer overflow error within gdContributionsAlloc CVE-2016-6207. A...

6.5CVSS1.9AI score0.06256EPSS
Exploits0References6
Mageia
Mageia
•added 2016/07/19 12:47 p.m.•53 views

Updated imagemagick packages fix security vulnerabilities

Updated imagemagick package fixes security vulnerabilities: The OpenBlob function in blob.c in ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename CVE-2016-5118. Integer overflow in MagickCore/profile.c CVE-2016-5841. Buffer overread in...

10CVSS5.3AI score0.49982EPSS
Exploits3References5
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•57 views

Updated util-linux packages fix security vulnerability

The util-linux libblkid is vulnerable to a Denial of Service attack during MSDOS partition table parsing, in the extended partition boot record EBR. If the next EBR starts at relative offset 0, parsedosextended will loop until running out of memory. An attacker could install a specially crafted...

4.9CVSS4.1AI score0.00464EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•38 views

Updated pdfbox packages fix security vulnerability

Apache PDFBox before 1.8.12 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF CVE-2016-2175...

7.8CVSS5.9AI score0.04758EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•40 views

Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-2805, CVE-2016-2807, CVE-2016-2818. This update...

10CVSS5.6AI score0.04692EPSS
Exploits0References10
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•45 views

Updated sqlite3 packages fix security vulnerability

It was discovered that sqlite3 would reject a temporary directory e.g., as specified by the TMPDIR environment variable to which the executing user did not have read permissions. This could result in information leakage as less secure global temporary directories e.g., /var/tmp or /tmp would be...

5.9CVSS2.1AI score0.0048EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•72 views

Updated graphicsmagick packages fix security vulnerability

- A read out-of-bound in the parsing of gif files using GraphicsMagick CVE-2015-8808. - Infinite loop caused by converting a circularly defined svg file CVE-2016-5240. - Fix another case of CVE-2016-2317 heap buffer overflow in the MVG rendering code also impacts SVG. - arithmetic exception...

10CVSS8.5AI score0.49982EPSS
Exploits2References6
Mageia
Mageia
•added 2016/07/12 7:49 p.m.•42 views

Updated flash-player-plugin packages fix 52 security vulnerabilities

Adobe Flash Player 11.2.202.632 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a race condition vulnerability that could lead to information disclosure CVE-2016-424...

9.3CVSS1.6AI score0.36456EPSS
Exploits26References2
Mageia
Mageia
•added 2016/07/08 8:41 p.m.•35 views

Updated spice packages fix security vulnerabilities

Updated spice packages fix security vulnerabilities: A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to cra...

10CVSS1.5AI score0.08492EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/08 7:50 p.m.•16 views

Updated drupal packages fix security vulnerabilities

Updated drupal packages fix security vulnerability: A vulnerability exists in the User module, where if some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all user roles on the site. This would typically result in the user gainin...

3.2AI score
Exploits0References4
Mageia
Mageia
•added 2016/07/08 7:50 p.m.•38 views

Updated libreoffice packages fix security vulnerability

Updated libreoffice packages fix security vulnerability: Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container CVE-2016-4324...

7.8CVSS3.7AI score0.02819EPSS
Exploits1References3
Mageia
Mageia
•added 2016/07/08 7:50 p.m.•31 views

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerability: Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication o...

9.8CVSS1.6AI score0.03623EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/08 7:50 p.m.•18 views

Updated mbedtls packages fix security vulnerabilities

Updated mbedtls packages fix security vulnerabilities: The mbedtls package has been updated to version 1.3.17, which fixes a few minor security issues in mbedtlsrsarsaespkcs1v15encrypt and mbedtlsrsarsaesoaepencrypt and fixes a handful of other bugs as well. See the upstream release announcement...

2.6AI score
Exploits0References2
Mageia
Mageia
•added 2016/07/08 7:50 p.m.•28 views

Updated tcpreplay packages fixes CVE-2016-6160

Updated tcpreplay package fixes security vulnerability: The tcprewrite program, part of the tcpreplay suite, does not check the size of the frames it processes. Huge frames may trigger a segmentation fault, and they occur on interfaces with an MTU of or close to 65536. For example, the loopback...

7.5CVSS1.9AI score0.02133EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/08 7:50 p.m.•44 views

Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

8.2CVSS1.6AI score0.25737EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•32 views

Updated pidgin packages fix security vulnerability

A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...

8.1CVSS0.5AI score0.04554EPSS
Exploits17References18
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•29 views

Updated squidguard packages fix security vulnerability

The squidGuard.cgi program is vulnerable to a reflected cross site scripting vulnerability in the blocking script squidGuard.cgi. The vulnerability is triggered when a user clicks a link to a blocked site where the url has scripting instructions added CVE-2015-8936. In Mageia's squidguard package...

6.1CVSS6AI score0.01022EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•39 views

Updated libarchive packages fix security vulnerability

An out of bounds read in the rar parser: invalid read in function copyfromlzsswindow when unpacking malformed rar CVE-2015-8934. An exploitable heap overflow vulnerability exists in the 7zip readSubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow...

7.8CVSS7.7AI score0.04919EPSS
Exploits7References12
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•31 views

Updated gimp packages fix security vulnerability

It was discovered that there was a use-after-free vulnerability in the channel and layer properties parsing process in GIMP CVE-2016-4994...

7.8CVSS2.6AI score0.03113EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•78 views

Updated libgd packages fix security vulnerability

Stack overflow with imagefilltoborder CVE-2015-8874. Integer Overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766. Integer Overflow in gdImagePaletteToTrueColor resulting in heap overflow CVE-2016-5767. Improperly handling invalid color index in gdImageCropThreshold could result in...

8.8CVSS7.9AI score0.08276EPSS
Exploits2References4
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•30 views

Updated iperf packages fix security vulnerability

A malicious process can connect to an iperf server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf server. A malicious iperf...

9.8CVSS2.3AI score0.06963EPSS
Exploits2References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•30 views

Updated libtorrent-rasterbar packages fix security vulnerability

A specially crafted HTTP response from a tracker or potentially a UPnP broadcast can crash libtorrent-rasterbar in the parsechunkheader function. Although this function is not present in this version, upstream's additional sanity checks were added to abort the program if necessary instead of...

7.5CVSS1.4AI score0.01948EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•66 views

Updated php packages fix security vulnerability

php-mbstring phpmbregexeregreplaceexec - double free CVE-2016-5768. php-mcrypt heap Overflow due to integer overflows CVE-2016-5769. php-SPL int/sizet confusion in SplFileObject::fread CVE-2016-5770. php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize CVE-2016-5771. php-WDD...

9.8CVSS1.7AI score0.15484EPSS
Exploits9References2
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•34 views

Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker CVE-2016-4464...

9.8CVSS4.8AI score0.03986EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•41 views

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a BBCode injection to setup script in case it's not accessed on https CVE-2016-5701. In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control...

9.8CVSS0.3AI score0.02948EPSS
Exploits0References10
Mageia
Mageia
•added 2016/06/22 7:8 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumptio...

10CVSS7.7AI score0.06386EPSS
Exploits4References17
Mageia
Mageia
•added 2016/06/22 7:8 p.m.•81 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption ...

10CVSS7.7AI score0.06386EPSS
Exploits16References17
Total number of security vulnerabilities6011