Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2016/04/06 2:9 p.m.•16 views

Updated file packages fix security vulnerability

The file command was vulnerable to a buffer over-write in with a malformed magic file...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2016/03/31 8:22 p.m.•15 views

Updated thunderbird/thunderbird-l10n packages fix security vulnerability

Disables the Graphite2 font shaping library due to security issues...

2.1AI score
Exploits0References2
Mageia
Mageia
•added 2016/03/31 8:22 p.m.•80 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 49.0.2623.108 fixes security issues: Multiple security issues were found in upstream chromium 49.0.2623.87: an out-of-bounds read problem in V8 CVE-2016-1646, use-after-free bugs in Navigation CVE-2016-1647 and Extensions CVE-2016-1648; a buffer overflow in libANGLE...

10CVSS4.5AI score0.4811EPSS
Exploits5References7
Mageia
Mageia
•added 2016/03/31 8:22 p.m.•35 views

Updated proftpd packages fix security vulnerability

A bug with security implications was found in the modtls module in ProFTPD before 1.3.5b. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. The software would ignore the user-defined parameters and use Diffie Hellman key exchanges with 1024...

7.5CVSS1.9AI score0.06979EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/26 3:7 p.m.•32 views

Updated quagga packages fix security vulnerability

A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked CVE-2016-2342...

8.1CVSS3.1AI score0.1211EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•28 views

Updated libotr packages fix security vulnerability

A remote attacker may crash or execute arbitrary code in libotr before 4.1.1 by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds CVE-2016-2851...

9.8CVSS3.9AI score0.254EPSS
Exploits5References2
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•28 views

Updated openafs packages fix security vulnerability

In OpenAFS before 1.6.17, users from foreign Kerberos realms can create groups as if they were administrators CVE-2016-2860. In OpenAFS before 1.6.17, information leakage over the network due to uninitialized memory CVE-2016-4536...

6.5CVSS4.1AI score0.01501EPSS
Exploits0References8
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•33 views

Updated pidgin-otr packages fix security vulnerability

The pidgin-otr plugin before 4.0.2 is vulnerable to a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog CVE-2015-8833...

10CVSS9.2AI score0.07032EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•34 views

Updated moodle packages fix security vulnerability

In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...

8.8CVSS1.6AI score0.01931EPSS
Exploits0References13
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•58 views

Updated iceape packages fix security vulnerability

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. CVE-2015-7214 The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive...

10CVSS10.4AI score0.06058EPSS
Exploits1References18
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•40 views

Updated filezilla packages fix security vulnerability

Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious server and...

9.8CVSS4.3AI score0.34216EPSS
Exploits4References4
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•37 views

Updated git packages fix security vulnerability

There is a buffer overflow vulnerability possibly leading to remote code execution in git. It can happen while pushing or cloning a repository with a large filename or a large number of nested trees CVE-2016-2315, CVE-2016-2324. The git package has been updated to version 2.7.4, which fixes this...

10CVSS2.5AI score0.18808EPSS
Exploits0References15
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•31 views

Updated krb5 packages fix security vulnerability

It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modifyprincipal command, if kadmind is configured to use the LDAP KDB module...

5.3CVSS3.2AI score0.39969EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•44 views

Updated webkit packages fix security vulnerability

The webkit package has been updated to version 2.4.10, fixing several security issues and other bugs...

6.8CVSS7.4AI score0.10946EPSS
Exploits2References3
Mageia
Mageia
•added 2016/03/25 6:38 a.m.•54 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs...

9.3CVSS7.5AI score0.10946EPSS
Exploits4References18
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•14 views

Updated shotwell packages fix security vulnerabilities

Updated shotwell package fixes security vulnerabilities: Shotwell is vulnerable to numerous security vulnerabilities, due to its use of the old APIs of the Webkit library which are no longer maintained the "webkit" package in Mageia. The shotwell package has been updated to use the current Webkit...

2.9AI score
Exploits0References2
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•41 views

Updated putty packages fix CVE-2016-2563

Updated putty package fixes security vulnerability: Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited,...

9.8CVSS3.4AI score0.34216EPSS
Exploits4References3
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•57 views

Updated nss packages fix CVE-2016-1950

Updated rootcerts and nss packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute...

8.8CVSS4.7AI score0.04192EPSS
Exploits0References4
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•42 views

Updated dropbear packages fix CVE-2016-3116

Updated dropbear package fixes security vulnerability: Missing validation of X11 forwarding input could allow bypassing of authorizedkeys command= restrictions CVE-2016-3116...

6.4CVSS3.1AI score0.19302EPSS
Exploits4References2
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,...

9.3CVSS4.2AI score0.30946EPSS
Exploits9References12
Mageia
Mageia
•added 2016/03/10 11:49 p.m.•20 views

Updated php/timezone/php-timezonedb packages fix security vulnerability

The php package has been updated to version 5.6.19, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. The timezone information in the timezone and php-timezonedb packages has also been updated to the latest, version 2016a...

3AI score
Exploits0References4
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•31 views

Updated samba packages fix security vulnerability

Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks CVE-2015-7560...

6.5CVSS6.7AI score0.12938EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•40 views

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P4, an error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c CVE-2016-1285. In ISC BIND before 9.10.3-P4, a problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in...

8.6CVSS1.4AI score0.621EPSS
Exploits0References5
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•50 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.577 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves integer overflow vulnerabilities that could lead to code execution CVE-2016-0963,...

9.3CVSS2.9AI score0.29839EPSS
Exploits5References2
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•51 views

Updated openssh packages fix security vulnerability

Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1 CVE-2016-3115...

6.4CVSS3.2AI score0.37016EPSS
Exploits13References3
Mageia
Mageia
•added 2016/03/09 10:57 p.m.•32 views

Updated libvirt packages fix security vulnerability

A path-traversal flaw was found in the way the libvirt daemon handled file-system names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges CVE-2015-5313...

2.5CVSS5.4AI score0.00451EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/09 10:57 p.m.•59 views

Updated firefox packages fix security vulnerabilities

Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...

10CVSS8.7AI score0.30946EPSS
Exploits9References20
Mageia
Mageia
•added 2016/03/09 10:57 p.m.•19 views

Updated pigz packages fix security vulnerability

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a full pathname or .. dot dot in an archive CVE-2015-1191...

5CVSS6.7AI score0.03029EPSS
Exploits1References2
Mageia
Mageia
•added 2016/03/07 9:51 p.m.•38 views

Updated botan packages fix security vulnerability

The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution CVE-2015-5726. The BER...

10CVSS9.6AI score0.06677EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/07 7:58 p.m.•16 views

Updated exempi exiv2 packages fix security vulnerability

exempi contains code to protect against a denial-service-attack related to XML entity expansion "billion laughs attack", but it was not compiled into the Mageia package because BanAllEntityUsage was not defined when the package was compiled. This has been corrected by recompiling it with the...

2.7AI score
Exploits0References2
Mageia
Mageia
•added 2016/03/07 6:3 p.m.•49 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image CVE-2016-2089. Jacob Baines discovered that a double free...

7.6CVSS5.6AI score0.03269EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/07 6:3 p.m.•35 views

Updated perl packages fix CVE-2016-2381

Updated perl packages fix security vulnerability: Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV,...

7.5CVSS1.2AI score0.09007EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/07 11:20 a.m.•44 views

Updated python-django packages fix security vulnerability

Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. CVE-2016-2512 Sjoerd Job Postmus discovered that Djan...

7.4CVSS1.6AI score0.04035EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/07 11:20 a.m.•78 views

Updated xen packages fix security vulnerabilities

This xen update is based on upstream 4.5.2 maintenance release, and fixes the following security issues: The vgicv2tosgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller GIC version 2, allows local guest users to cause a denial of service...

10CVSS9.1AI score0.15275EPSS
Exploits4References51
Mageia
Mageia
•added 2016/03/07 11:20 a.m.•49 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerability: Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses CVE-2016-2569, CVE-2016-2570, CVE-2016-2571...

7.5CVSS0.7AI score0.31187EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/07 11:20 a.m.•59 views

Updated graphite2 package fixes security vulnerabilities

Updated graphite2 packages fix security vulnerabilities: Multiple security flaws were found in the graphite2 font library. A web page or document containing malicious content could cause an application using graphite2 to crash or, potentially, execute arbitrary code with the privileges of the use...

9.3CVSS3.5AI score0.04889EPSS
Exploits1References5
Mageia
Mageia
•added 2016/03/03 5:43 p.m.•58 views

Updated samba packages fix security vulnerabilities

Updated ldb and samba packages fix security vulnerabilities: A malicious client can send packets that cause the LDAP server in the samba daemon process to become unresponsive, preventing the server from servicing any other requests CVE-2015-3223. Versions of Samba from 3.0.0 to 4.3.2 inclusive ar...

7.5CVSS7AI score0.13584EPSS
Exploits1References8
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•51 views

Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 7.x before 7.0.65 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used b...

8.8CVSS8.3AI score0.1838EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•42 views

Updated xdelta3 packages fix CVE-2014-9765

Updated xdelta3 package fixes security vulnerability: Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the maingetappheader function, which may lead to the execution of arbitrary code CVE-2014-9765...

8.8CVSS9.2AI score0.04157EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•16 views

Updated drupal packages fix security vulnerabilities

Updated drupal packages fix security vulnerabilities: The drupal package has been update to version 7.43, which fixes several security issues and other bugs. See the upstream advisory and release notes for details...

3.9AI score
Exploits0References6
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•29 views

Updated asterisk packages fix CVE-2016-2316

Updated asterisk packages fix security vulnerability: chansip in Asterisk Open Source 11.x before 11.21.1, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service file descriptor consumption via vectors related to large...

7.1CVSS5.2AI score0.04973EPSS
Exploits1References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•21 views

Updated perl-FCGI packages fix CVE-2012-6687

Updated fcgi packages fix security vulnerability: FCGI does not perform range checks for file descriptors before use of the FDSET macro. This FDSET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial o...

5CVSS2.9AI score0.06086EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•38 views

Updated xerces-c packages fix CVE-2016-0729

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse...

9.8CVSS5.3AI score0.09115EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•60 views

Updated openssl packages fix security vulnerabilities

Update openssl packages fix security vulnerabilities: Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the...

10CVSS3.7AI score0.32414EPSS
Exploits1References3
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•42 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors CVE-2016-0766...

9CVSS6.3AI score0.06948EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•35 views

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: Multiple cross-site scripting XSS issues in phpMyAdmin before 4.4.15.5 CVE-2016-2560, CVE-2016-2561...

6.1CVSS1.5AI score0.03109EPSS
Exploits0References5
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•36 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: ASN.1 BER dissector crash CVE-2016-2522. DNP dissector infinite loop CVE-2016-2523. X.509AF dissector crash CVE-2016-2524. HTTP/2 dissector crash CVE-2016-2525. HiQnet dissector crash CVE-2016-2526. 3GPP TS 32.423 Trace file parser crash...

7.1CVSS1.4AI score0.03104EPSS
Exploits1References20
Mageia
Mageia
•added 2016/02/26 9:45 p.m.•21 views

Updated vlc packages fix security vulnerabilities

Updated vlc packages fix security vulnerabilities: The vlc package has been updated to version 2.2.2, which fixes several bugs and possible security issues. See the NEWS file for details...

3.5AI score
Exploits0References2
Mageia
Mageia
•added 2016/02/24 5:6 p.m.•35 views

Updated libssh packages fix CVE-2016-0739

Updated libssh packages fix security vulnerability: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the...

5.9CVSS6.5AI score0.02431EPSS
Exploits0References3
Mageia
Mageia
•added 2016/02/23 12:23 p.m.•37 views

Updated 389-ds-base packages fix security vulnerability

An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and st...

7.8CVSS1.7AI score0.0399EPSS
Exploits0References2
Total number of security vulnerabilities6011