Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2016/01/20 5:53 p.m.•37 views

Updated cacti packages fix security vulnerability

Several SQL injection vulnerabilities have been discovered in Cacti. Specially crafted input can be used by an attacker in the rraid value of the graph.php script to execute arbitrary SQL commands on the database CVE-2015-8369...

8.8CVSS9.9AI score0.02319EPSS
Exploits7References4
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•42 views

Updated encfs packages fix security vulnerability

A local attacker can utilize a possible buffer overflow in the encodeName method of StreamNameIO and BlockNameIO to execute arbitrary code or cause a Denial of Service. Also multiple weak cryptographics practices have been found in encfs CVE-2014-3462...

7.5CVSS8.2AI score0.03112EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•33 views

Updated perl and perl-PathTools packages fix security vulnerability

It was reported that File::Spec::canonpath routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code CVE-2015-8607...

7.5CVSS7.4AI score0.03124EPSS
Exploits0References3
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•41 views

Updated dhcp packages fix security vulnerability

A badly formed packet with an invalid IPv4 UDP length field can cause an ISC DHCP server, client, or relay program to terminate abnormally CVE-2015-8605. The dhcp package has been updated to version 4.3.3-P1, which fixes this issue and several other bugs. Also, the package has also been enhanced ...

6.5CVSS6.7AI score0.7645EPSS
Exploits0References5
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•39 views

Updated moodle packages fix security vulnerability

In Moodle before 2.8.10, web services coreenrolgetcourseenrolmentmethods and enrolselfgetinstanceinfo did not check user permission to access hidden courses CVE-2016-0724. In Moodle before 2.8.10, search string in course management interface was not escaped when being output creating potential fo...

6.1CVSS3AI score0.0194EPSS
Exploits0References5
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•52 views

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P3, a buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c CVE-2015-8704. In ISC BIND before 9.10.3-P3, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the...

7CVSS7.3AI score0.20172EPSS
Exploits0References4
Mageia
Mageia
•added 2016/01/17 12:26 a.m.•37 views

Updated php packages fix security vulnerability

The php package has been updated to version 5.6.17, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

9.1CVSS3.3AI score0.07806EPSS
Exploits1References2
Mageia
Mageia
•added 2016/01/17 12:26 a.m.•54 views

Updated qemu packages fix security vulnerabilities

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...

9CVSS8.4AI score0.0773EPSS
Exploits3References1
Mageia
Mageia
•added 2016/01/15 7:43 p.m.•38 views

Updated openssh packages fix security vulnerabilities

An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client CVE-2016-0777. A buffer overflow flaw...

8.1CVSS2.9AI score0.63468EPSS
Exploits3References4
Mageia
Mageia
•added 2016/01/15 1:52 a.m.•18 views

Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

1.8AI score
Exploits0References3
Mageia
Mageia
•added 2016/01/15 1:52 a.m.•37 views

Updated giflib packages fix security vulnerability

A heap-based buffer overflow vulnerability was found in giffix utility of giflib when processing records of the type 'IMAGEDESCRECORDTYPE' due to the allocated size of 'LineBuffer' equaling the value of the logical screen width, 'GifFileIn-SWidth', while subsequently having 'GifFileIn-Image.Width...

5.5CVSS6.5AI score0.01481EPSS
Exploits1References2
Mageia
Mageia
•added 2016/01/15 1:52 a.m.•35 views

Updated librsvg packages fix security vulnerability

Out-of-bounds heap read in librsvg2 was found when parsing SVG file CVE-2015-7557. Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file CVE-2015-7558. The librsvg package has been updated to version 2.40.13, fixing these issues and...

7.5CVSS7.5AI score0.02399EPSS
Exploits0References3
Mageia
Mageia
•added 2016/01/15 1:52 a.m.•63 views

Updated ffmpeg packages fix security vulnerabilities

The updatedimensions function in libavcodec/vp8.c in FFmpeg before 2.4.12, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...

8.3CVSS8.5AI score0.02482EPSS
Exploits0References4
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•54 views

Updated apache-commons-collections packages fix security vulnerability

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS9.8AI score0.83274EPSS
Exploits8References3
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•50 views

Updated mono packages fix security vulnerability

It was found that float-parsing code used in Mono before 4.2 is derived from code vulnerable to CVE-2009-0689. The issue concerns the 'freelist' array, which is a global array of 16 pointers to 'Bigint'. This array is part of a memory allocation and reuse system which attempts to reduce the numbe...

6.8CVSS3.3AI score0.28167EPSS
Exploits43References3
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•62 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The virtnetprobe function in drivers/net/virtionet.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to...

8.2CVSS8.2AI score0.22374EPSS
Exploits14References4
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•60 views

Updated kernel-tmb packages provides 4.1 longterm kernel and fixes security issues

This kernel-tmb update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.15 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey functio...

10CVSS8.6AI score0.22374EPSS
Exploits15References21
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•16 views

Updated roundcubemail packages fix security vulnerability

The roundcubemail package has been updated to version 1.0.8, which fixes a path traversal issue and other bugs. See the upstream release announcement for more details...

3.6AI score
Exploits0References3
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•60 views

Updated libtiff package fixes security vulnerabilities

In libtiff, in tifnext.c, a potential out-of-bound write in NeXTDecode triggered by the test case for CVE-2015-1547 maptools bugzilla 2508. In libtiff, in tifgetimage.c, out-of-bound reads in the TIFFRGBAImage interface in case of unsupported values of SamplesPerPixel/ExtraSamples for LogLUV /...

6.5CVSS6.9AI score0.03341EPSS
Exploits1References4
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•33 views

Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...

7.5CVSS7.1AI score0.02554EPSS
Exploits0References3
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•41 views

Updated bugzilla packages fix security vulnerability

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...

7.5CVSS5AI score0.03371EPSS
Exploits3References7
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•45 views

Updated ruby packages fix security vulnerability

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi CVE-2015-7551...

8.4CVSS7.7AI score0.005EPSS
Exploits0References3
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•21 views

Updated mariadb packages fix security vulnerability

The mariadb package has been updated to version 10.0.23. An issue with client-side SSL certificate verification has been fixed, as have several other bugs. See the upstream release notes for more details...

4.3AI score
Exploits0References2
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•18 views

Updated openvpn packages fix security vulnerability

OpenVPN versions before 2.3.9 contain an out of bounds read error in resolveremote in the file socket.c. With both IPv4 and IPv6 connections, OpenVPN will read a struct sockaddrin6, but in the IPv4 case the data structure is smaller than in the IPv6 case. The openvpn package has been updated to...

3AI score
Exploits0References3
Mageia
Mageia
•added 2016/01/12 9:13 a.m.•27 views

Updated python-rsa packages fix security vulnerability

A signature forgery vulnerability in python-rsa allows an attacker to fake signatures for arbitrary messages for any key with a low exponent "e", such as the common value of 3 CVE-2016-1494...

5.3CVSS4AI score0.07054EPSS
Exploits1References3
Mageia
Mageia
•added 2016/01/11 10:44 a.m.•80 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The rdsconncreate function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...

8.2CVSS8.1AI score0.22374EPSS
Exploits14References3
Mageia
Mageia
•added 2016/01/09 5:8 p.m.•18 views

Updated armagetron package fixes security vulnerabilities

A practically exploitable bug was fixed in the network error handling. In client mode, any received packet that causes an exception during processing would terminate the connection to the server. Another theoretically exploitable bug was fixed that allowed very short UDP packets to cause a memory...

1AI score
Exploits0References2
Mageia
Mageia
•added 2016/01/09 5:8 p.m.•28 views

Updated pitivi packages fix security vulnerability

In pitivi before 0.95, double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitivi CVE-2015-0855...

10CVSS9.6AI score0.03236EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/09 5:8 p.m.•37 views

Updated phpmyadmin packages fix security vulnerability

By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed CVE-2015-8669...

5.3CVSS5.6AI score0.02197EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/09 5:8 p.m.•16 views

Updated rtmpdump packages fix security vulnerabilities

The rtmpdump package has been updated to the latest upstream code as of January 1, 2016, fixing several security issues...

1.9AI score
Exploits0References2
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•41 views

Updated bouncycastle packages fix security vulnerability

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack" CVE-2015-7940...

5CVSS8.4AI score0.0482EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•38 views

Updated libpng12 packages fix security vulnerability

There is a underflow read in pngcheckkeyword in pngwutil.c in libpng 1.2.x before 1.2.56 CVE-2015-8540...

9.3CVSS8.9AI score0.06431EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•43 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS7.6AI score0.06058EPSS
Exploits1References8
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•27 views

Updated perl-HTML-Scrubber packages fix CVE-2015-5667

Updated perl-HTML-Scrubber package fixes security vulnerability: Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

2.6CVSS5.6AI score0.02092EPSS
Exploits0References1
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•38 views

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerability: Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies CVE-2015-5343. This allows remote attackers with wri...

8CVSS8.8AI score0.30216EPSS
Exploits0References5
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•35 views

Updated blueman packages fix security vulnerability

Privilege escalation vulnerability in blueman before 2.0.3 in the dbus API CVE-2015-8612...

8.4CVSS8.5AI score0.0634EPSS
Exploits4References3
Mageia
Mageia
•added 2015/12/28 7:23 p.m.•43 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.559 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-8644. This...

10CVSS9.6AI score0.67922EPSS
Exploits4References2
Mageia
Mageia
•added 2015/12/24 11:8 a.m.•40 views

Updated keepassx packages fix CVE-2015-8378

Updated keepassx package fixes security vulnerability: Cancelling an export operation creates clear text copy of all of the user's KeePassX password database entries. CVE-2015-8378...

7.5CVSS7.6AI score0.0119EPSS
Exploits0References1
Mageia
Mageia
•added 2015/12/24 11:8 a.m.•39 views

Updated php-phpmailer packages fix CVE-2015-8476

Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

5CVSS9.4AI score0.01988EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/24 11:8 a.m.•18 views

Updated proftpd packages fix security vulnerabilities

Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...

0.7AI score
Exploits0References5
Mageia
Mageia
•added 2015/12/24 11:8 a.m.•49 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

9.8CVSS6.9AI score0.01888EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/23 8:12 p.m.•38 views

Updated dpkg packages fix CVE-2015-0860

Updated dpkg packages fix security vulnerability: Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary...

7.5CVSS7.5AI score0.05035EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/20 9:15 a.m.•38 views

Updated grub2 packages fix security vulnerability

A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system CVE-2015-8370...

7.4CVSS8.6AI score0.01104EPSS
Exploits1References3
Mageia
Mageia
•added 2015/12/20 9:15 a.m.•35 views

Updated bind packages fix security vulnerability

An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible...

5CVSS7.6AI score0.5469EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/17 8:19 p.m.•36 views

Updated chromium-browser-stable packages fix CVE-2015-6792

Updated chromium-browser-stable packages fix security vulnerabilities: Fixes from internal audits and fuzzing CVE-2015-6792...

10CVSS9.2AI score0.03961EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/17 8:19 p.m.•30 views

Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

9.3CVSS9AI score0.06664EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•32 views

Updated quassel packages fix security vulnerability

The Quassel core could be crashed by a client using the op command, causing a denial of service CVE-2015-8547...

7.5CVSS7.3AI score0.02825EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•47 views

Updated redis packages fix CVE-2015-8080

Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer overflow in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service application crash CVE-2015-8080...

7.5CVSS7.8AI score0.05362EPSS
Exploits1References2
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•23 views

Updated potrace packages fix security vulnerabilities

Potrace before 1.13 has some critical bugs in the processing of BMP files. These bugs allowed the program to be crashed, or potentially to be abused in other ways, by feeding it specially crafted BMP files, due to heap overflow, null pointer dereference, and divide by zero issues...

2.4AI score
Exploits0References3
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•45 views

Updated libpng packages fix security vulnerabilities

Updated libpng and libpng12 packages fix security vulnerability: The fix for CVE-2015-8126 was incomplete. While it defended against the potential overrun while reading PNG files, it did not detect a potential overrun by applications using pngsetPLTE directly CVE-2015-8472...

7.5CVSS7.9AI score0.06054EPSS
Exploits0References3
Total number of security vulnerabilities6011