Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/10/21 1:7 p.m.•74 views

Updated kernel packages fix security vulnerabilities

A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP...

8.8CVSS8.9AI score0.07693EPSS
Exploits9References14
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•74 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Bypass of boundary checks in nio.Buffer via concurrent access. CVE-2020-14583 Incomplete bounds checks in Affine Transformations. CVE-2020-14593 Incorrect handling of access control context in ForkJoinPool. CVE-2020-14556 Unexpected exception raised by DerInputStream. CVE-2020-14578 Unexpected...

8.3CVSS1.4AI score0.04315EPSS
Exploits0References3
Mageia
Mageia
•added 2020/03/13 11:19 p.m.•74 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.5.9 and fixes at least the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu...

7.5CVSS7.2AI score0.0415EPSS
Exploits3References5
Mageia
Mageia
•added 2019/05/30 9:1 a.m.•74 views

Updated kernel packages fix security vulnerabilities

This kernel update provides the upstream 4.14.121. It adds additional fixes to the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities. It also fixes the following security issues: A flaw was found in the Linux kernel's freescale...

7.8CVSS6.6AI score0.00645EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/24 8:9 p.m.•74 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

7.1CVSS0.9AI score0.01155EPSS
Exploits4References5
Mageia
Mageia
•added 2017/05/26 6:54 a.m.•74 views

Updated perl-CGI-Emulate-PSGI packages fix security vulnerability

This update removes the setting of the HTTPPROXY environment value. This works around the httproxy vulnerability aka CVE-2016-5387...

8.1CVSS0.8AI score0.55724EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•74 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a...

10CVSS7.5AI score0.09828EPSS
Exploits15References10
Mageia
Mageia
•added 2014/05/19 6:30 p.m.•74 views

Updated kernel-rt packages fix multiple vulnerabilities

Updated kernel-rt provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service...

7.2CVSS6.6AI score0.22475EPSS
Exploits9References3
Mageia
Mageia
•added 2026/06/16 4:58 a.m.•73 views

Updated libsndfile packages fix security vulnerabilities

CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption a...

8.2CVSS6AI score0.00585EPSS
Exploits3References1
Mageia
Mageia
•added 2024/03/20 3:35 a.m.•73 views

Updated sqlite3 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Heap buffer overflow in sqlite. CVE-2023-2137 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make...

8.8CVSS7.6AI score0.01249EPSS
Exploits1References3
Mageia
Mageia
•added 2024/03/15 10:51 p.m.•73 views

Updated imagemagick packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation...

7.5CVSS7.1AI score0.0272EPSS
Exploits2References2
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•73 views

Updated pam packages fix a security vulnerability

The updated packages fix a security vulnerability: pamnamespace: protectdir: use ODIRECTORY to prevent local DoS situations. CVE-2024-22365...

5.5CVSS6.8AI score0.00459EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/27 9:49 p.m.•73 views

Updated bind packages fix security vulnerabilities

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

7.5CVSS6.9AI score0.02626EPSS
Exploits0References2
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•73 views

Updated webkit2 packages fix security vulnerability

Out-of-bounds read CVE-2023-28204 Use-after-free issue CVE-2023-32373...

8.8CVSS7.1AI score0.14292EPSS
Exploits0References4
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•73 views

Updated python-cairosvg packages fix security vulnerability

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS6.8AI score0.00722EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/04 9:16 p.m.•73 views

Updated expat packages fix security vulnerability

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680...

7.5CVSS7.9AI score0.02241EPSS
Exploits1References2
Mageia
Mageia
•added 2022/07/20 8:24 p.m.•73 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and...

7.8CVSS2.5AI score0.05451EPSS
Exploits10References9
Mageia
Mageia
•added 2021/12/08 8:4 p.m.•73 views

Updated gmp packages fix security vulnerability

Integer overflow in mpz/inpraw.c and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

7.5CVSS4.5AI score0.03425EPSS
Exploits1References2
Mageia
Mageia
•added 2021/11/25 1:6 p.m.•73 views

Updated python-reportlab packages fix security vulnerability

Server-side Request Forgery SSRF...

6.5CVSS3AI score0.01487EPSS
Exploits1References2
Mageia
Mageia
•added 2021/01/31 9:34 p.m.•73 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.12 and fixes at least the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPL...

7.8CVSS3.9AI score0.02417EPSS
Exploits1References6
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•73 views

Updated unzip package fixes a security vulnerability

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue CVE-2019-13232...

3.3CVSS2.6AI score0.00495EPSS
Exploits0References3
Mageia
Mageia
•added 2020/09/04 9:16 a.m.•73 views

Updated squid packages fix security vulnerabilities

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any...

8.6CVSS0.7AI score0.05162EPSS
Exploits0References4
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•73 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. TSX...

7.8CVSS1.1AI score0.03133EPSS
Exploits0References6
Mageia
Mageia
•added 2019/05/12 8:58 p.m.•73 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on the upstream 4.14.116 and fixes at least the following security issues: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the...

7CVSS1.2AI score0.00989EPSS
Exploits3References11
Mageia
Mageia
•added 2018/02/11 6:42 p.m.•73 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. WireGuard has been updated to...

5.6CVSS7AI score0.93838EPSS
Exploits12References4
Mageia
Mageia
•added 2018/02/07 1:50 p.m.•73 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution CVE-2018-4877, CVE-2018-4878. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for...

10CVSS4.2AI score0.89618EPSS
Exploits19References2
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•73 views

Updated libtiff packages fix security vulnerability

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service TIFFSetupStrips heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted TIFF file. CVE-2017-17095 In LibTIFF 4.0.8, there is a heap-based buffer overfl...

8.8CVSS2.9AI score0.10639EPSS
Exploits3References4
Mageia
Mageia
•added 2017/11/29 6:52 p.m.•73 views

Updated mediawiki packages fix security vulnerabilities

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...

9.8CVSS0.8AI score0.99999EPSS
Exploits19References2
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•73 views

Updated openssh packages fix security vulnerability

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.8CVSS7.2AI score0.88944EPSS
Exploits17References4
Mageia
Mageia
•added 2015/10/25 9:50 p.m.•73 views

Updated ntp packages fixes security vulnerabilities

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...

9.8CVSS7.2AI score0.81762EPSS
Exploits2References2
Mageia
Mageia
•added 2014/10/31 3:53 p.m.•73 views

Updated dokuwiki packages fix security vulnerabilities

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access...

5CVSS7AI score0.02519EPSS
Exploits0References4
Mageia
Mageia
•added 2014/09/28 12:17 p.m.•73 views

Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

10CVSS9.9AI score0.9994EPSS
Exploits17References2
Mageia
Mageia
•added 2014/05/19 6:37 p.m.•73 views

Updated kernel packages fix multiple vulnerabilities

Updated kernel provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2013/12/17 11:24 p.m.•73 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

8.8CVSS7.3AI score0.00606EPSS
Exploits0References10
Mageia
Mageia
•added 2024/04/05 6:24 p.m.•72 views

Updated nodejs packages fix security vulnerabilities

Nodejs 20.12.1 release fixes 2 CVE: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::Http2Session leads to HTTP/2 server crash- High CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - Medium...

8.2CVSS7.7AI score0.87211EPSS
Exploits1References2
Mageia
Mageia
•added 2024/03/18 4:12 p.m.•72 views

Updated multipath-tools packages fix security vulnerabilities

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

7.8CVSS7.3AI score0.00658EPSS
Exploits5References7
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•72 views

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated,...

7.5CVSS7.2AI score0.01614EPSS
Exploits2References2
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

This kerne-linusl update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated...

7.8CVSS6.5AI score0.0616EPSS
Exploits3References8
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•72 views

Updated php packages fix security vulnerability

Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...

9.8CVSS7AI score0.08003EPSS
Exploits4References2
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•72 views

Updated sqlite3 packages fix security vulnerability

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908...

7.3CVSS2.9AI score0.00425EPSS
Exploits1References3
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•72 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities. Some of the security fixes are - High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 High CVE-2023-0129 Heap buffer overflow in Network Service...

8.8CVSS8.2AI score0.007EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/17 11:55 p.m.•72 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver,...

7.8CVSS0.1AI score0.00463EPSS
Exploits1References6
Mageia
Mageia
•added 2022/10/23 8:35 p.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest V...

8.8CVSS8.3AI score0.03763EPSS
Exploits12References13
Mageia
Mageia
•added 2022/05/28 8:56 a.m.•72 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging. CVE-2022-1856: Use after...

9.6CVSS0.8AI score0.0088EPSS
Exploits3References3
Mageia
Mageia
•added 2022/05/08 7:58 a.m.•72 views

Updated rsyslog packages fix security vulnerability

Potential heap buffer overflow in TCP syslog server receiver components CVE-2022-24903...

8.1CVSS4AI score0.03821EPSS
Exploits0References2
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•72 views

Updated polkit packages fix security vulnerability

There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion. CVE-2021-4115...

5.5CVSS1.3AI score0.0053EPSS
Exploits1References6
Mageia
Mageia
•added 2022/02/12 5:31 p.m.•72 views

Updated libarchive packages fix security vulnerability

Processing fixup entries may follow symbolic links. CVE-2021-31566 libarchive 3.4.1 through 3.5.1 has a use-after-free in copystring called from douncompressblock and processblock. CVE-2021-36976...

7.8CVSS2AI score0.02845EPSS
Exploits0References2
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•72 views

Updated openssl packages fix security vulnerability

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS8.5AI score0.87816EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•72 views

Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

9.8CVSS6.8AI score0.68067EPSS
Exploits0References2
Total number of security vulnerabilities5000