Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2015/12/16 9:1 p.m.•33 views

Updated cups-filters packages fix CVE-2015-8560

Updated cups-filters package fixes security vulnerability: Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands CVE-2015-8560...

7.5CVSS7.8AI score0.05251EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary...

10CVSS8.7AI score0.06058EPSS
Exploits1References10
Mageia
Mageia
•added 2015/12/10 8:57 p.m.•68 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Type confusion in extensions CVE-2015-6788. Use-after-free in Blink CVE-2015-6789. Escaping issue in saved pages CVE-2015-6790. Various fixes from internal audits, fuzzing and other initiatives CVE-2015-6791...

10CVSS9.3AI score0.03199EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/10 8:57 p.m.•18 views

Updated imagemagick packages fix security vulnerabilities

Updated imagemagick packages fix security vulnerabilities: This update fixes denial of service issues in miff, vicar, hdr, and pdb image handling, a buffer overflow issue in icon handling, and double-free issues in pict and tga image handling...

3.3AI score
Exploits0References10
Mageia
Mageia
•added 2015/12/10 8:57 p.m.•45 views

Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities: It was found that smaldecodesegment function do not handle index carefully, which may cause index overflow CVE-2015-8366. It was found that phaseonecorrect function does not handle memory object's initialization correctly, which may have...

9.8CVSS9.6AI score0.05454EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/09 10:53 a.m.•57 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 47.0.2526.73 fixes several security issues: Use-after-free bugs in AppCache CVE-2015-6765, CVE-2015-6766, CVE-2015-6767. Cross-origin bypass problems in DOM CVE-2015-6768, CVE-2015-6770, CVE-2015-6772. A cross-origin bypass problem in core CVE-2015-6769. Out of bounds access bugs...

10CVSS9.9AI score0.08115EPSS
Exploits6References2
Mageia
Mageia
•added 2015/12/09 10:53 a.m.•63 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.554 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves heap buffer overflow vulnerabilities that could lead to code execution CVE-2015-8438,...

10CVSS9.9AI score0.43408EPSS
Exploits25References2
Mageia
Mageia
•added 2015/12/05 10:3 a.m.•71 views

Updated moodle packages fix security vulnerability

In Moodle before 2.8.9, if guest access is open on the site, unauthenticated users can store Atto draft data through the editor autosave area, which could be exploited in a denial of service attack CVE-2015-5332. In Moodle before 2.8.9, due to a CSRF issue in the site registration form, it is...

8.8CVSS5.9AI score0.01684EPSS
Exploits0References12
Mageia
Mageia
•added 2015/12/05 10:3 a.m.•38 views

Updated cups-filters packages fix security vulnerability

Michal Kowalczyk discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands CVE-2015-8327...

7.5CVSS7.7AI score0.10171EPSS
Exploits0References2
Mageia
Mageia
•added 2015/12/05 10:3 a.m.•61 views

Updated openssl packages fix security vulnerability

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack CVE-2015-1794. Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NU...

7.5CVSS7AI score0.44016EPSS
Exploits1References3
Mageia
Mageia
•added 2015/12/04 11:31 p.m.•42 views

Updated python-django packages fix security vulnerability

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format CVE-2015-8213...

5CVSS6.2AI score0.04284EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/27 11:11 p.m.•16 views

Updated python-cryptography packages fix security vulnerability

The OpenSSL backend prior to 1.0.2 made extensive use of assertions to check response codes where our tests could not trigger a failure. However, when Python is run with -O these asserts are optimized away. If a user ran Python with this flag and got an invalid response code this could result in...

1.5AI score
Exploits0References3
Mageia
Mageia
•added 2015/11/27 11:11 p.m.•59 views

Updated thunderbird packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198,...

7.5CVSS9.6AI score0.04219EPSS
Exploits0References8
Mageia
Mageia
•added 2015/11/27 11:11 p.m.•29 views

Updated lightdm packages fix security vulnerability

Updated lightdm corrects a possible denial of service attack CVE-2015-8316...

5.9CVSS5.9AI score0.01748EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•43 views

Updated libsndfile packages fix security vulnerability

Due to a heap overflow in libsndfile, a specially crafted AIFF header can manage index values in order to use memcpy to overwrite memory the heap CVE-2015-7805...

9.3CVSS6.3AI score0.13294EPSS
Exploits1References4
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•33 views

Updated tigervnc packages fix security vulnerabilities

Updated tigervnc packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the clien...

9.8CVSS9.6AI score0.03547EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•18 views

Updated python-m2crypto packages fix security vulnerability

A bug was found in pbkdf2 function of m2crypto package, such that when given a 74 byte result, a buffer overflow occurs leading to crash of the application rhbz1271165...

4.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•21 views

Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

5.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•57 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service CVE-2015-5312. In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to...

9.8CVSS8.3AI score0.0721EPSS
Exploits1References5
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•35 views

Updated gcc packages fix security vulnerability

It was discovered that the std::randomdevice class in libstdc++ would not properly detect short reads and could return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random. CVE-2015-5276...

5CVSS6.8AI score0.02941EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•39 views

Updated libpng/libpng12 packages fix security vulnerability

Multiple buffer overflows in the pngsetPLTE and pnggetPLTE functions in libpng before 1.6.19 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a small bit-depth value in an IHDR aka image header chunk in a PNG image CVE-2015-8126...

7.5CVSS8.5AI score0.10339EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•41 views

Updated latex2rtf packages fix security vulnerability

A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable 'keywords' in the function CmdKeywords may hold a malicious input strin...

9.3CVSS7.8AI score0.03556EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.1.13 longterm kernel and fixes the following security issues: The virtnetprobe function in drivers/net/virtionet.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause...

10CVSS6.2AI score0.02501EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•41 views

Updated uglify-js packages fix security vulnerability

The UglifyJS node module has a problem where the combination of De Morgan's Law and non-boolean values can lead to a case where code is incorrectly minified, which can lead to possibly malicious minified JS code...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•18 views

Updated dovecot packages fix security vulnerability

A buffer overflow may occur when handling pop3deletedflag setting. This can lead to crashing POP3 sessions in normal use...

1.8AI score
Exploits0References3
Mageia
Mageia
•added 2015/11/16 9:36 p.m.•47 views

Updated krb5 packages fix CVE-2015-2698

Updated krb5 packages fix security vulnerabilities: In any MIT krb5 release with the patches for CVE-2015-2696 applied, an application which calls gssexportseccontext may experience memory corruption if the context was established using the IAKERB mechanism. Historically, some vulnerabilities of...

8.5CVSS8.4AI score0.02891EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/16 9:36 p.m.•66 views

Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

7.5CVSS10.6AI score0.0449EPSS
Exploits0References14
Mageia
Mageia
•added 2015/11/16 9:36 p.m.•36 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin...

7.5CVSS8.8AI score0.01864EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/16 9:36 p.m.•67 views

Updated mariadb packages fix security vulnerabilities

This update provides the upstream 10.0.22 maintenance release and fixes the following security issues: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server :...

4CVSS6.1AI score0.30146EPSS
Exploits6References2
Mageia
Mageia
•added 2015/11/11 7:20 p.m.•41 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.548 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution CVE-2015-7659. This...

10CVSS7.3AI score0.40682EPSS
Exploits4References1
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•33 views

Updated putty packages fix security vulnerability

Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator CVE-2015-5309...

4.3CVSS9.3AI score0.03467EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•17 views

Updated sudo packages fix security vulnerability

An unauthorized privilege escalation was found in sudoedit in sudo before 1.8.15 when a user is granted with root access to modify a particular file that could be located in a subset of directories. It seems that sudoedit does not check the full path if a wildcard is used twice e.g...

7.2CVSS7.3AI score0.01458EPSS
Exploits5References3
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•27 views

Updated python-curl packages fix security vulnerability

A use-after-free vulnerability was found in Curl object's HTTPPOST setopt when a Unicode value is passed as a value with a FORMBUFFERPTR. The str object created from the passed in unicode object would have its buffer used but the unicode object would be stored instead of the str object rhbz127748...

0.5AI score
Exploits0References3
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•41 views

Updated libreoffice packages fix security vulnerability

Federico Scrinzi discovered that LibreOffice incorrectly handled documents inserted into Writer or Calc via links. If a user were tricked into opening a specially crafted document, a remote attacker could possibly obtain the contents of arbitrary files CVE-2015-4551. It was discovered that...

6.8CVSS8.1AI score0.13826EPSS
Exploits0References14
Mageia
Mageia
•added 2015/11/10 6:41 p.m.•42 views

Updated kernel-linus packages fixes security vulnerability

This update of kernel-linus provides the upstream 4.1.12 longterm kernel and fixes at least the following security issue: Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device...

4.9CVSS8.4AI score0.00445EPSS
Exploits0References5
Mageia
Mageia
•added 2015/11/07 8:11 p.m.•38 views

Updated kernel packages fixes security vulnerability

This kernel update is based on the upstream 4.1.12 longterm kernel and fixes at least the following security issue: Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that,...

4.9CVSS8.4AI score0.00445EPSS
Exploits0References8
Mageia
Mageia
•added 2015/11/07 8:11 p.m.•47 views

Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: In MIT krb5 1.5 and later, applications which call gssinquirecontext on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. This bug may go unnotice...

7.1CVSS7.7AI score0.06243EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/07 8:11 p.m.•23 views

Updated roundcubemail packages fix security vulnerability

The roundcubemail package has been updated to version 1.0.7, which fixes a XSS issue in drag-n-drop file uploads and other bugs. See the upstream release announcement for more details...

3.3AI score
Exploits0References3
Mageia
Mageia
•added 2015/11/07 8:11 p.m.•15 views

Updated owncloud packages fix security vulnerabilities

Updated owncloud package fixes security vulnerabilities: The owncloud package has been updated to version 8.0.9, which fixes undisclosed security issues and other bugs...

4.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•39 views

Updated libtorrent-rasterbar packages fixes security vulnerability

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." Note while this CVE was reported against BitTorrent DHT Bootstrapt server, the same vulnerable code is available in...

7.5CVSS7.3AI score0.05511EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•41 views

Updated sddm packages fixes security vulnerability

Pavel Avgustinov discovered that SDDM does not disable the KDE crash handler, and certain themes would allow shell access to the sddm user as a result in case of a crash CVE-2015-0856. Only SDDM users using the Breeze theme from plasma-workspace are affected...

4.6CVSS6.4AI score0.00414EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•38 views

Updated libxslt packages fix security vulnerability

A type confusion vulnerability in libxslt in xsltStylePreCompute in preproc.c can lead to a denial of service CVE-2015-7995...

5CVSS7.7AI score0.04156EPSS
Exploits1References2
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•25 views

Updated xscreensaver package fixes security vulnerability

The updated xscreensaver packages fix a security issue when used, in some cases, with dual screen and unplugging one of them...

2.1CVSS6.4AI score0.00508EPSS
Exploits1References2
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•18 views

Updated libebml packages fix security vulnerability

In EbmlMaster::Read in libebml before 1.3.3, when the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting i...

2.1AI score
Exploits0References4
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•35 views

Updated util-linux packages fix security vulnerability

A buffer overflow in the colcrt command in util-linux can lead to a crash when given a large input CVE-2015-5218...

2.1CVSS9.5AI score0.00612EPSS
Exploits1References2
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•49 views

Updated libxml2 packages fix security vulnerability

A denial of service in libxml2 when parsing a specially crafted XML file if XZ support is enabled may cause applications to hang as the parsing never terminates CVE-2015-8035...

2.6CVSS7.4AI score0.03199EPSS
Exploits1References2
Mageia
Mageia
•added 2015/11/04 6:3 p.m.•33 views

Updated drupal package fixes security vulnerability

The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...

6.1CVSS6.2AI score0.01774EPSS
Exploits0References7
Mageia
Mageia
•added 2015/11/04 6:3 p.m.•49 views

Updated springframework packages fix security vulnerability

Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...

9.6CVSS7.8AI score0.0257EPSS
Exploits1References2
Mageia
Mageia
•added 2015/11/04 6:3 p.m.•54 views

Updated firefox, nspr, nss packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196,...

9.8CVSS9.7AI score0.10238EPSS
Exploits0References13
Mageia
Mageia
•added 2015/11/02 8:21 p.m.•20 views

Updated exfat-utils package fixes security vulnerabilities

Fix heap overflow and endless loop in exfatfsck exfat-utils is a collection of tools to work with the exFAT filesystem. Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a write heap overflow and an endless loop. Especially at risk are systems that are configured to run...

1AI score
Exploits0References2
Total number of security vulnerabilities6011