Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
added 2016/02/19 8:40 a.m.41 views

Updated nodejs packages fix security vulnerability

A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...

7.5CVSS1.9AI score0.07013EPSS
Exploits0References4
Mageia
Mageia
added 2016/02/19 8:40 a.m.43 views

Updated glibc packages fix security vulnerabilities

Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...

9.8CVSS9.3AI score0.89557EPSS
Exploits19References1
Mageia
Mageia
added 2016/02/17 7:6 p.m.32 views

Updated cpio packages fix CVE-2016-2037

Updated cpio package fixes security vulnerability: An out-of-bounds write in cpio was found in the parsing of cpio files, in the processcopyin function in src/copyin.c CVE-2016-2037...

6.5CVSS3.8AI score0.05484EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/17 7:6 p.m.28 views

Updated claws-mail packages fix CVE-2015-8708

Updated claws-mail fix security vulnerabilities A stack-based buffer overflow has been found in conveuctojis after applying incomplete patch for CVE-2015-8614. In conveuctojis the comparison is with outlen - 3, but each pass through the loop uses up to 5 bytes and the rest of the function may add...

7.5CVSS7.6AI score0.01539EPSS
Exploits0References4
Mageia
Mageia
added 2016/02/17 7:6 p.m.84 views

Updated nginx packages fix security vulnerabilities

Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...

9.8CVSS3.2AI score0.81958EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/17 7:6 p.m.38 views

Updated gtk+2.0 packages fix CVE-2013-7447

Updated gtk+2.0 packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdkcairosetsourcepixbuf, leading to a crash of the app that called it, for example, eom CVE-2013-7447...

6.5CVSS1.1AI score0.04633EPSS
Exploits0References8
Mageia
Mageia
added 2016/02/17 7:6 p.m.31 views

Updated thunar packages fix CVE-2013-7447

Updated thunar packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in thunargdkcairosetsurface, leading to a crash of thunar CVE-2013-7447...

6.5CVSS1.7AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/17 7:6 p.m.20 views

Updated pinpoint packages fix CVE-2013-7447

Updated pinpoint packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in caironewsurfacefrompixbuf, leading to a crash of pinpoint CVE-2013-7447...

6.5CVSS1.7AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/17 7:6 p.m.28 views

Updated gambas3 packages fix CVE-2013-7447

Updated gambas3 packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gtcairocreatesurface, leading to a crash of gambas3 CVE-2013-7447...

6.5CVSS1.7AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/17 7:6 p.m.39 views

Updated gnome-photos packages fix CVE-2013-7447

Updated gnome-photos package fixes security vulnerabilities: Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of gnome-photos CVE-2013-7447. A similar potential issue in viewhelperdraw in src/gegl-gtk-view-helper.c has also...

6.5CVSS2.5AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/17 7:6 p.m.71 views

Updated thunderbird packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-1930, CVE-2016-1935. Multiple security flaws were foun...

10CVSS4.2AI score0.0831EPSS
Exploits1References14
Mageia
Mageia
added 2016/02/17 7:6 p.m.15 views

Updated libxmp packages fix security vulnerability

The libxmp package has been updated to version 4.3.11, fixing several bugs, including possible crashes when loading corrupted input data. See the upstream changelog for details...

2.5AI score
Exploits0References3
Mageia
Mageia
added 2016/02/17 7:6 p.m.37 views

Updated cacti packages fix CVE-2016-2313

Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...

8.8CVSS3.7AI score0.02686EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/17 7:6 p.m.41 views

Updated python-pillow packages fix security vulnerability

A buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file CVE-2016-0740. A buffer overflow in FliDecode.c causing a segfault when opening FLI files CVE-2016-0775. A buffer overflow in PcdDecode.c causing a segfault...

6.5CVSS4.2AI score0.02689EPSS
Exploits0References4
Mageia
Mageia
added 2016/02/17 7:6 p.m.24 views

Updated eom packages fix CVE-2013-7447

Updated eom packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdkcairosetsourcepixbuf, leading to a crash of eom CVE-2013-7447...

6.5CVSS1.6AI score0.04633EPSS
Exploits0References8
Mageia
Mageia
added 2016/02/17 7:6 p.m.47 views

Updated libgcrypt packages fix security vulnerabilities

Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...

2CVSS5AI score0.00429EPSS
Exploits0References5
Mageia
Mageia
added 2016/02/17 7:6 p.m.26 views

Updated eog packages fix security vulnerability

Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of eog CVE-2013-7447...

6.5CVSS1.6AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/17 7:6 p.m.51 views

Updated graphite2/firefox packages fix security vulnerability

Multiple vulnerabilities in the graphite2 font library can result in information disclosure, denial-of-service application crashes, or code execution via out-of-bounds reads, a NULL pointer dereference, and a heap-based buffer overflow CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526...

9.3CVSS2.9AI score0.0831EPSS
Exploits1References10
Mageia
Mageia
added 2016/02/09 7:5 p.m.39 views

Updated jasper packages fix CVE-2016-1867

Updated jasper packages fix security vulnerabilities: The jpcpinextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG 2000 image CVE-2016-1867...

6.5CVSS5.4AI score0.02314EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/09 7:5 p.m.35 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.569 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2016-0985. This...

9.3CVSS2.9AI score0.55375EPSS
Exploits14References2
Mageia
Mageia
added 2016/02/09 7:5 p.m.44 views

Updated ffmpeg packages fix security vulnerabilities

Updated ffmpeg packages fix security vulnerabilities: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first li...

6.5CVSS3.8AI score0.14621EPSS
Exploits3References5
Mageia
Mageia
added 2016/02/09 7:5 p.m.39 views

Updated nettle packages fix security vulnerabilities

Updated nettle2.7 and nettle packages fix security vulnerabilities: Two carry propagation bugs in elliptic curve scalar multiplications that affect the NIST P-256 curve. The bugs are in the C code and affect multiple architectures CVE-2015-8803, CVE-2015-8805. A carry propagation bug in elliptic...

9.8CVSS9.3AI score0.04212EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/09 1:5 p.m.14 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.18, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

3.1AI score
Exploits0References2
Mageia
Mageia
added 2016/02/09 1:5 p.m.31 views

Updated radicale packages fix CVE-2015-8748

Updated radicale package fixes security vulnerabilities: If an attacker is able to authenticate with a user name like .', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules ownerwrite' read for everybody, write for the calendar owner and owneronly' rea...

5.3CVSS6.3AI score0.02219EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/09 1:5 p.m.37 views

Updated mbedtls/hiawatha/belle-sip/linphone/pdns packages fix security vulnerability

Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS. Heap-based buffer overflow in mbed TLS formerly PolarSSL 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code vi...

6.8CVSS8.6AI score0.03629EPSS
Exploits0References12
Mageia
Mageia
added 2016/02/09 1:5 p.m.29 views

Updated privoxy packages fix security vulnerabilities

This update fixes two denial-of-service vulnerabilities that have been discovered in privoxy 3.0.23: The removechunkedtransfercoding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via crafted chunk-encoded content...

7.5CVSS4.9AI score0.02867EPSS
Exploits0References1
Mageia
Mageia
added 2016/02/09 1:5 p.m.77 views

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerability: OpenSSL before 1.0.2f would allow for a process to re-use the same private Diffie-Hellman exponent repeatedly during its entire lifetime, which, given that it also allows to use custom DH parameters which may be based on unsafe primes, could...

5.9CVSS6.8AI score0.83645EPSS
Exploits2References2
Mageia
Mageia
added 2016/02/05 5:26 p.m.19 views

Updated cakephp package fixes security vulnerability

CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class...

3.4AI score
Exploits0References2
Mageia
Mageia
added 2016/02/05 5:26 p.m.52 views

Updated docker/golang packages fix security vulnerability

Manipulated layer IDs could have lead to local graph poisoning CVE-2014-8178. Manifest validation and parsing logic errors allowed pull-by-digest validation bypass CVE-2014-8179. To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to...

7.5CVSS6.4AI score0.02733EPSS
Exploits0References4
Mageia
Mageia
added 2016/02/05 5:26 p.m.33 views

Updated cyrus-imapd packages fix security vulnerability

Cyrus-imapd versions 2.4.18 and earlier are vulnerable to potential integer and buffer overflows CVE-2015-8077, CVE-2015-8078...

7.5CVSS5AI score0.03261EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/05 5:26 p.m.31 views

Updated cgit packages fix security vulnerability

Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...

9.8CVSS1.7AI score0.03791EPSS
Exploits1References2
Mageia
Mageia
added 2016/02/05 5:26 p.m.38 views

Updated imlib2 packages fix security vulnerability

Various issues in imlib before 1.4.7 in the GIF loader CVE-2014-9762, CVE-2014-9764 and PNM loader CVE-2014-9763 could cause crashes. The imlib2 package has been updated to version 1.4.7, fixing these issues and several other bugs...

7.5CVSS7.7AI score0.02709EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/05 5:26 p.m.20 views

Updated socat packages fix security vulnerability

In socat before 2.0.0-b9, in the OpenSSL address implementation, the hard coded 1024 bit DH p parameter was not prime. It may be possible for an eavesdropper to recover the shared secret from a key exchange CVE-2016-2217. In socat before 2.0.0-b9, a stack overflow vulnerability was found that can...

5.3CVSS1.2AI score0.02529EPSS
Exploits0References4
Mageia
Mageia
added 2016/02/05 5:26 p.m.30 views

Updated phpmyadmin/phpseclib packages fix security vulnerability

Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...

7.5CVSS0.7AI score0.02688EPSS
Exploits0References10
Mageia
Mageia
added 2016/02/05 5:26 p.m.28 views

Updated gajim packages fix security vulnerability

Gajim before 0.16.5 doesn't verify the origin of roster pushes thus allowing third parties to modify the roster via a man-in-the-middle attack CVE-2015-8688...

5.8CVSS5.7AI score0.01723EPSS
Exploits1References2
Mageia
Mageia
added 2016/02/05 5:26 p.m.38 views

Updated curl packages fix security vulnerability

libcurl before 7.47.0 will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. The effect of this flaw is that the application could be reusing a proxy connection using the previously use...

7.3CVSS2.7AI score0.09327EPSS
Exploits0References2
Mageia
Mageia
added 2016/02/05 5:26 p.m.56 views

Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

10CVSS7AI score0.14714EPSS
Exploits0References3
Mageia
Mageia
added 2016/02/05 5:26 p.m.41 views

Updated krb5 packages fix security vulnerability

In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database CVE-2015-8629. In MIT krb5 1.12 and...

7.5CVSS6.5AI score0.04643EPSS
Exploits0References2
Mageia
Mageia
added 2016/01/29 11:2 a.m.47 views

Updated lxc packages fix security vulnerability

A directory traversal flaw while lxc-start in lxc before 1.0.8 in initially setting up the mounts for a container CVE-2015-1335...

7.2CVSS8.5AI score0.00459EPSS
Exploits0References2
Mageia
Mageia
added 2016/01/29 11:2 a.m.39 views

Updated firefox packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-1930, CVE-2016-1935...

10CVSS4.1AI score0.05992EPSS
Exploits0References5
Mageia
Mageia
added 2016/01/29 11:2 a.m.36 views

Updated srtp packages fix security vulnerability

Srtp before 1.5.3 is vulnerable to a potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length CVE-2015-6360...

7.8CVSS7.4AI score0.08277EPSS
Exploits0References2
Mageia
Mageia
added 2016/01/29 11:2 a.m.29 views

Updated chrony packages fix security vulnerability

In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack CVE-2016-1567...

8.1CVSS3.8AI score0.0264EPSS
Exploits1References3
Mageia
Mageia
added 2016/01/29 11:2 a.m.43 views

Updated owncloud packages fix security vulnerability

A Cross-site scripting XSS vulnerability in the OCS discovery provider in ownCloud Server before 8.0.10 allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting CVE-2016-1498. ownCloud Server before 8.0.10 allows remote authenticated...

8.5CVSS6.3AI score0.03471EPSS
Exploits2References5
Mageia
Mageia
added 2016/01/29 11:2 a.m.65 views

Updated ntp packages fix security vulnerability

In ntpd before 4.2.8p6, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack. A server can be attacked by a client in a similar...

7.7CVSS7.9AI score0.11887EPSS
Exploits3References15
Mageia
Mageia
added 2016/01/29 11:2 a.m.39 views

Updated chromium-browser-stable packages fix security vulnerability

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...

9.3CVSS3.9AI score0.01662EPSS
Exploits1References3
Mageia
Mageia
added 2016/01/23 11:46 a.m.46 views

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.0.14 maintenance release. It also fixes the following security issues: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown...

4.3CVSS5.2AI score0.03342EPSS
Exploits0References2
Mageia
Mageia
added 2016/01/21 9:38 p.m.41 views

Updated dhcpcd packages fix security vulnerability

Possible heap overflow in dhcpcd before 6.10.0 caused by malformed dhcp responses due to incorrect option length values CVE-2016-1503. Possible invalid read in dhcpcd before 6.10.0 caused by malformed dhcp responses can lead to a crash CVE-2016-1504. The dhcpcd package has been updated to version...

10CVSS2.2AI score0.06344EPSS
Exploits0References11
Mageia
Mageia
added 2016/01/21 6:9 a.m.40 views

Updated kernel-linus packages fix security vulnerability

Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728...

7.8CVSS2.1AI score0.03646EPSS
Exploits14References1
Mageia
Mageia
added 2016/01/21 6:9 a.m.45 views

Updated kernel packages fix security vulnerability

Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728. Other fixes in this kernel update: - netfilter: nfnatredirect: add missing NULL pointer check...

7.8CVSS1.7AI score0.03646EPSS
Exploits14References1
Mageia
Mageia
added 2016/01/21 6:9 a.m.39 views

Updated kernel-tmb packages fix security vulnerability

Perception Point Research Team found a reference leak in keyring in joinsessionkeyring that can be exploited to successfully escalate privileges from a local user to root CVE-2016-0728. Other fixes in this kernel update: - netfilter: nfnatredirect: add missing NULL pointer check...

7.8CVSS2AI score0.03646EPSS
Exploits14References1
Total number of security vulnerabilities6011