Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2016/05/18 8:14 p.m.•29 views

Updated dosfstools packages fix security vulnerabilities

Updated dosfstools package fixes security vulnerabilities: In dosfstools before 4.0, if the third to last entry was written on a FAT12 filesystem with an odd number of clusters, the second to last entry would be corrupted. This corruption may also lead to invalid memory accesses when the corrupte...

6.2CVSS6.8AI score0.00448EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•42 views

Updated xymon packages fix security vulnerabilities

Updated xymon packages fix security vulnerabilities: The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service via application crash or remote code execution CVE-2016-2054. The incorrect handling of user-supplie...

9.8CVSS1.1AI score0.54507EPSS
Exploits7References2
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•37 views

Updated libarchive packages fix CVE-2016-1541

Updated libarchive packages fix security vulnerability: Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive CVE-2016-1541. The...

8.8CVSS7.1AI score0.10284EPSS
Exploits1References3
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•44 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 50.0.2661.102 fixes several security issues: same origin bypass vulnerabilities in DOM CVE-2016-1667 and the Blink V8 bindings CVE-2016-1668, a buffer overflow in V8 CVE-2016-1669, and a race condition in the loader CVE-2016-1670...

9.3CVSS3.1AI score0.04227EPSS
Exploits2References2
Mageia
Mageia
•added 2016/05/18 8:14 p.m.•53 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: An out-of-bounds flaw was found in the QEMU emulator built using 'addressspacetranslate' to map an address to a MemoryRegionSection. The flaw could occur while doing pcidmaread/write calls, resulting in an out-of-bounds read-write access error. ...

9.8CVSS8.7AI score0.06336EPSS
Exploits0References8
Mageia
Mageia
•added 2016/05/13 9:54 p.m.•70 views

Updated jackson-dataformat-xml packages fix CVE-2016-3720

Updated jackson-dataformat-xml packages fix security vulnerability: It was reported that XmlMapper in jackson-dataformat-xml is vulnerable to XXE attack "Improper Restriction of XML External Entity Reference" CVE-2016-3720...

9.8CVSS2.8AI score0.0278EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/13 9:54 p.m.•69 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin...

7.2CVSS1.6AI score0.15081EPSS
Exploits4References5
Mageia
Mageia
•added 2016/05/12 8:0 p.m.•48 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.621 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-1105,...

10CVSS2.6AI score0.94354EPSS
Exploits14References2
Mageia
Mageia
•added 2016/05/12 8:0 p.m.•44 views

Updated mercurial packages fix security vulnerability

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...

8.8CVSS9.5AI score0.02655EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/11 7:27 p.m.•35 views

Updated libtasn1 package fixes security vulnerability

Updated libtasn1 packages fix security vulnerability: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service...

5.9CVSS2.4AI score0.29572EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/11 7:27 p.m.•50 views

Updated squid packages fix security vulnerability

Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache...

8.6CVSS0.7AI score0.79969EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/07 9:22 p.m.•81 views

Updated openssl packages fix security vulnerability

An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...

7.8CVSS2.2AI score0.89058EPSS
Exploits6References2
Mageia
Mageia
•added 2016/05/07 9:19 a.m.•15 views

Updated vlc packages fix security vulnerability

Updated vlc packages fix security vulnerabilities: The vlc package has been updated to version 2.2.3, which fixes several bugs and possible security issues. See the NEWS file for details...

3.5AI score
Exploits0References2
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•26 views

Updated ansible packages fix CVE-2016-3096

Updated ansible package fixes security vulnerability: A vulnerability in lxccontainer, ansible module, was found allowing to get root inside the container. The problem is in the createscript function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can wri...

7.8CVSS4.8AI score0.00468EPSS
Exploits0References3
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•33 views

Updated quassel packages fix CVE-2016-4414

Updated quassel packages fix security vulnerability: It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match in handshake data, in which case PeerFactory::createPeer returns a nullptr,...

7.5CVSS3.1AI score0.02934EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•17 views

Updated owncloud packages fix security vulnerabilities

Updated owncloud package fixes security vulnerabilities: The owncloud package has been updated to version 8.0.12, which fixes undisclosed security issues and other bugs...

4.2AI score
Exploits0References3
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•45 views

Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

9CVSS5.7AI score0.82697EPSS
Exploits23References3
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•36 views

Updated quagga packages fix CVE-2016-4049

Updated quagga packages fix security vulnerability: A denial of dervice vulnerability have been found in BGP daemon from Quagga routing software bgpd: if the following conditions are satisfied: - regular dumping is enabled - bgpd instance has many BGP peers then BGP message packets that are big...

7.5CVSS0.9AI score0.04642EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•33 views

Updated xstream packages fix CVE-2016-3674

Updated xstream packages fix security vulnerability: XStream x-stream.github.io is a Java library to marshal Java objects into XML and back. For this purpose it supports a lot of different XML parsers. Some of those can also process external entities which was enabled by default. An attacker coul...

7.5CVSS3.6AI score0.08179EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/05 9:5 a.m.•32 views

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially...

6.8CVSS3.1AI score0.19628EPSS
Exploits0References6
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•56 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...

10CVSS3.9AI score0.04692EPSS
Exploits0References6
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•24 views

Updated pgpdump packages fix security vulnerability

When pgpdump is run on specially crafted input, a denial of service condition occurs. The program runs with 100% CPU usage for an indefinite amount of time. A remote attacker is able to create a specially crafted input that is leading to CPU resource consumption resulting in denial of service...

7.8CVSS3.9AI score0.01824EPSS
Exploits2References2
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•47 views

Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling CVE-2015-8864. Lack of protection for attachment download URLs against CSRF CVE-2016-4069. The roundcubemail...

8.8CVSS7.6AI score0.02713EPSS
Exploits0References4
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•13 views

Updated php-ZendFramework packages fix security vulnerability

The php-ZendFramework package has been updated to version 1.12.18 to fix a potential information disclosure and insufficient entropy vulnerability in the word CAPTCHA ZF2015-09 and several other functions ZF2016-01...

3.8AI score
Exploits0References5
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•19 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.21, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.1AI score
Exploits0References2
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•58 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 50.0.2661.94 fixes several security issues: an out-of-bounds write problem in Blink CVE-2016-1660, memory corruption in cross-process frames CVE-2016-1661, use-after-free bugs in extensions CVE-2016-1662 and in Blink's V8 bindings CVE-2016-1663, an address bar spoofing...

10CVSS7.8AI score0.03881EPSS
Exploits0References3
Mageia
Mageia
•added 2016/04/26 6:2 p.m.•42 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The NCP dissector could crash CVE-2016-4076. TShark could crash due to a packet reassembly bug CVE-2016-4077. The IEEE 802.11 dissector could crash CVE-2016-4078. The PKTC dissector could crash CVE-2016-4079. The PKTC dissector could crash...

5.9CVSS1.4AI score0.02401EPSS
Exploits1References12
Mageia
Mageia
•added 2016/04/26 6:2 p.m.•42 views

Updated libgd packages fix CVE-2016-3074

Updated libgd packages fix security vulnerability: A signedness vulnerability exists in libgd 2.1.1 and earlier which may result in a heap overflow when processing compressed gd2 data CVE-2016-3074...

9.8CVSS1.9AI score0.36974EPSS
Exploits8References2
Mageia
Mageia
•added 2016/04/26 6:2 p.m.•61 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerability: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibl...

7.5CVSS8.4AI score0.3693EPSS
Exploits0References8
Mageia
Mageia
•added 2016/04/26 6:2 p.m.•19 views

Updated w3m packages fix security vulnerabilities

Updated w3m package fixes security vulnerability: A vulnerability was found in w3m package. A maliciously crafted html file opened with specific command could cause the application to crash rhbz1324348...

0.8AI score
Exploits0References2
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•40 views

Updated squid packages fix CVE-2016-4051

Updated squid packages fix security vulnerability: Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. This problem allows any client to seed the Squid manager reports with data that will...

8.8CVSS3.1AI score0.16893EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•23 views

Updated vtun packages fix security vulnerabilities

Updated vtun package fixes security vulnerability: A vulnerability was found in the vtun package. When you send a SIGHUP to a vtun client process and it cannot connect to the remote server, vtun tries to reconnect without sleep between each attempt. In result, the vtun process uses a lot of CPU,...

1.9AI score
Exploits0References2
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•60 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-0686, CVE-2016-0687. It wa...

10CVSS2.4AI score0.92334EPSS
Exploits1References3
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•27 views

Updated libcryptopp packages fix CVE-2016-3995

Updated libcryptopp packages fix security vulnerability: In libcryptopp, for both Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock there is some code to avoid timing attacks, however it is removed by the compiler due to optimizations, making the binary vulnerable to timing...

7.5CVSS2.5AI score0.01858EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/25 7:57 a.m.•34 views

Updated varnish packages fix CVE-2015-8852

Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies CVE-2015-8852...

7.5CVSS7.7AI score0.03524EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/21 2:52 p.m.•35 views

Updated imlib2 packages fix CVE-2016-4024

Updated imlib2 packages fix security vulnerability: Integer overflow in imlib2 1.4.8 on 32-bit machines leads to insufficient heap allocation and heap overwrite in many image loaders, potentially resulting in remote code execution CVE-2016-4024...

9.8CVSS6AI score0.05839EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/21 2:52 p.m.•17 views

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerability: A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash fdo93476...

2AI score
Exploits0References3
Mageia
Mageia
•added 2016/04/21 2:52 p.m.•44 views

Updated lha packages fix CVE-2016-1925

Updated lha package fixes security vulnerability: The lha command is vulnerable to a buffer overflow while processing level 0 and level 1 headers while extracting an archive CVE-2016-1925...

9.8CVSS4.7AI score0.02985EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/21 2:52 p.m.•39 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 50.0.2661.75 fixes security issues: Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary we...

10CVSS5.1AI score0.02573EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•57 views

Updated apache-commons-collections packages fix CVE-2015-8103

Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...

9.8CVSS9.3AI score0.86829EPSS
Exploits12References2
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•31 views

Updated python-pillow packages fix CVE-2016-3076

This update fixes an integer overflow in Jpeg2KEncode.c causing a buffer overflow CVE-2016-3076...

5.5CVSS4.6AI score0.02561EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•39 views

Updated optipng packages fix security vulnerabilities

An updated optipng package fixes a number of bugs and security vulnerabilities. CVE-2015-7802 - Buffer over-read issue CVE-2016-2191 - An invalid write and segmentation fault may occur while processing bitmap images...

6.5CVSS6.6AI score0.03519EPSS
Exploits1References4
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•35 views

Updated mercurial packages fix security vulnerabilities

Updated mercurial packages fix security vulnerabilities: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone CVE-2016-3068. Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git...

8.8CVSS3.5AI score0.05405EPSS
Exploits0References2
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•37 views

Updated imlib2 packages fix security vulnerabilities

Updated imlib2 packages fix security vulnerabilities: An out-of-bounds read caused by an off-by-one error in imlibMergeUpdate in src/lib/updates.c in imlib2 1.4.8 and earlier CVE-2016-3993. An out-of-bounds read from colormap in the GIF loader in imlib2 1.4.8 and earlier can result in denial of...

8.2CVSS1.8AI score0.02915EPSS
Exploits0References4
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•45 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

9.1CVSS1AI score0.03347EPSS
Exploits0References4
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•11 views

Updated thunderbird packages fix security vulnerabilities

The thunderbird package has been updated to version 38.7.2, which fixes several bugs, including a potential crash in the handling of SSL certificates...

3.8AI score
Exploits0References2
Mageia
Mageia
•added 2016/04/08 6:17 a.m.•36 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout...

10CVSS2.1AI score0.25639EPSS
Exploits5References2
Mageia
Mageia
•added 2016/04/06 2:9 p.m.•16 views

Updated file packages fix security vulnerability

The file command was vulnerable to a buffer over-write in with a malformed magic file...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2016/04/06 2:9 p.m.•46 views

Updated java packages fix CVE-2016-0636

Updated java-1.8.0-openjdk packages fix security vulnerability: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions CVE-2016-0636. Also, the icedtea-web package has been updated to...

9.3CVSS3.5AI score0.05765EPSS
Exploits0References3
Mageia
Mageia
•added 2016/04/06 2:9 p.m.•18 views

Updated php packages fix security vulnerability

The php package has been updated to version 5.6.20, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.3AI score
Exploits0References2
Total number of security vulnerabilities6011