Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2024/11/22 7:25 a.m.•26 views

Updated kanboard packages fix security vulnerability

In versions prior to 1.2.31 an authenticated user is able to perform a SQL injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations the code improperly uses the PicoDB library to update/insert new information...

8.8CVSS7.5AI score0.00923EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•26 views

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parsing multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

7.5CVSS7.2AI score0.01093EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/25 6:8 p.m.•26 views

Updated glib2.0 packages fix security vulnerability

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...

5.2CVSS6.8AI score0.00756EPSS
Exploits1References4
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•26 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS8.2AI score0.01565EPSS
Exploits0References3
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•26 views

Updated libtiff packages fix security vulnerability

A null pointer dereference flaw was found in Libtiff via tifdirinfo.c. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash,...

7.5CVSS6.7AI score0.01516EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/25 11:39 p.m.•26 views

Updated roundcubemail packages fix security vulnerabilities

This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting XSS vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting XSS vulnerability in handling list columns from user preferences...

6.8AI score
Exploits0References2
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•26 views

Updated vim packages fix security vulnerability

Buffer overflow in xxd with colored output...

7.6AI score
Exploits0References2
Mageia
Mageia
•added 2023/12/04 8:37 p.m.•26 views

Updated libqb packages fix a security vulnerability

This update fixes a security issue. logblackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered CVE-2023-39976...

9.8CVSS7.9AI score0.00984EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•28 views

Updated python-flask-restx packages fix security vulnerability

Fixes unspecified security issues...

6.9AI score
Exploits0References3
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•26 views

Updated colord packages fix security vulnerability

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'errmsg' of 'sqlite3exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it...

7.5CVSS1AI score0.00791EPSS
Exploits1References2
Mageia
Mageia
•added 2022/06/09 8:49 p.m.•26 views

Updated python-ujson packages fix security vulnerability

Benchmark refactor - argparse CLI. Fix segmentation faults when errors occur while handling unserialisable objects. Fix segmentation fault when an exception is raised while converting a dict key to a string. Fix memory leak dumping on non-string dict keys - Fix ref counting on repeated default...

2.8AI score
Exploits0References3
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•26 views

Updated hiredis packages fix security vulnerability

Updated hiredis packages fix security vulnerability: It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of 'multi-bulk' replies CVE-2021-32765...

8.8CVSS1.6AI score0.02045EPSS
Exploits0References3
Mageia
Mageia
•added 2021/08/25 5:36 p.m.•26 views

Updated gpsd packages fix security vulnerability and other bugs

It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31. This update provides upstream version 3.23 that has this and several other upstream issues fixed. It also fixes issues that prevents it to start properl...

1.3AI score
Exploits0References2
Mageia
Mageia
•added 2021/03/12 1:25 a.m.•26 views

Updated ruby-mechanize packages fix a security vulnerability

In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernelopen method CVE-2021-21289...

8.3CVSS4.5AI score0.03507EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/10 7:46 p.m.•26 views

Updated xrdp packages fix security vulnerability

Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credential...

7.8CVSS1.9AI score0.02404EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•26 views

Updated mbedtls packages fix security vulnerabilities

This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•26 views

Updated xdg-utils package fixes a security vulnerability

Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information CVE-2020-27748...

6.5CVSS1.9AI score0.01443EPSS
Exploits1References2
Mageia
Mageia
•added 2020/11/13 9:20 p.m.•26 views

Updated lilypond package fixes a security vulnerability

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. CVE-2020-17353...

9.8CVSS2AI score0.02371EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/31 11:58 p.m.•26 views

Updated hylafax+ packages fix security vulnerabilities

In HylaFAX+ through 7.0.2, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root CVE-2020-15396. HylaFAX+ through 7.0.2 has scripts that execute binaries from directories writable by unprivileged...

7.8CVSS4.2AI score0.00538EPSS
Exploits2References3
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•26 views

Updated ark packages fix security vulnerability

A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...

4.3CVSS1.4AI score0.01706EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•26 views

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editi...

6.1CVSS5.3AI score0.01564EPSS
Exploits1References2
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•26 views

Updated giflib packages fix security vulnerability

Updated giflib packages fix security vulnerability: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c if the height field of the ImageSize data structure is equal to zero CVE-2019-15133...

6.5CVSS1.8AI score0.01542EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•26 views

Updated svgsalamander packages fix security vulnerability

A vulnerability was found in the svgsalamander library. If the library is being used in a web application for processing user supplied SVG files then the app is vulnerable to SSRF CVE-2017-5617...

7.4CVSS1.5AI score0.01992EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/20 10:18 p.m.•26 views

Updated giflib packages fix security vulnerability

Null dereferences in main of gifclrmp. Heap Buffer Overflow-2 in function DGifDecompressLine in cgif.c. CVE-2018-11490 Segmentation fault in PrintCodeBlock. Segmentation fault of giftool reading a crafted file. Floating point exception in giftext utility. Heap buffer overflow in DumpScreen2RGB in...

8.8CVSS2.2AI score0.02479EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/15 10:15 p.m.•26 views

Updated aria2 package fixes security vulnerability

It was observed that URL's which gets downloaded via "--log=" attribute stores sensitive information. This update fixes that...

7.8CVSS4.1AI score0.00351EPSS
Exploits1References1
Mageia
Mageia
•added 2018/11/03 7:20 p.m.•26 views

Updated cimg and gmic packages fix security vulnerabilities

Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in loadbmp in CImg.h CVE-2018-7587. An issue was discovered in CImg v.220. A heap-based buffer over-read in loadbmp i...

7.8CVSS2.1AI score0.01371EPSS
Exploits8References3
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•26 views

Updated calibre packages fix security vulnerability

Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8CVSS5.3AI score0.04665EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•26 views

Updated graphite2 packages fix security vulnerability

NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of service CVE-2018-7999...

8.8CVSS2.8AI score0.02324EPSS
Exploits1References2
Mageia
Mageia
•added 2018/05/12 7:57 a.m.•26 views

Updated afflib packages fix security vulnerability

A flaw was found in AFFLIB aka AFFLIBv3 through 3.7.16. The afgetpage function in lib/afflibpages.cpp allows remote attackers to cause a denial of service segmentation fault via a corrupt AFF image that triggers an unexpected pagesize value CVE-2018-8050...

6.5CVSS5.9AI score0.01607EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•26 views

Updated xdg-user-dirs packages fix security vulnerability

Xsession creation of XDG user directories does not honour system umask policy CVE-2017-15131...

7.8CVSS1AI score0.00321EPSS
Exploits0References2
Mageia
Mageia
•added 2017/11/20 9:18 p.m.•26 views

Updated sssd packages fix security vulnerability

SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like 'objectClass=user name=username' are used. However, in sysdbsearchuserbyupnres, the input is not sanitized and allows to manipulate the search filter for cache lookups. Thi...

8.8CVSS1.5AI score0.01499EPSS
Exploits0References2
Mageia
Mageia
•added 2017/10/05 8:8 p.m.•26 views

Updated libgd packages fix security vulnerability

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. CVE-2017-6362...

7.5CVSS5.1AI score0.05102EPSS
Exploits0References4
Mageia
Mageia
•added 2017/08/09 8:1 p.m.•26 views

Updated varnish packages fix security vulnerability

A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process CVE-2017-12425...

7.5CVSS1.1AI score0.02416EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•26 views

Updated R-base packages fix security vulnerability

Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation CVE-2016-8714...

8.8CVSS3.7AI score0.02403EPSS
Exploits2References2
Mageia
Mageia
•added 2017/06/19 7:44 a.m.•26 views

Updated kodi packages fix security vulnerability

Updated Kodi package to fix world readable $HOME/.kodi directory which could potentially contain clear passwords for add-ons...

2.1CVSS6.5AI score0.0037EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•26 views

Updated 389-ds-base packages fix security vulnerability

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. CVE-2017-2668...

6.5CVSS1.9AI score0.02627EPSS
Exploits0References3
Mageia
Mageia
•added 2017/03/12 8:33 p.m.•26 views

Updated potrace packages fix security vulnerability

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service invalid memory access and crash via a crafted BMP image. CVE-2016-8685 The bmnew function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image,...

7.8CVSS6.7AI score0.01514EPSS
Exploits0References3
Mageia
Mageia
•added 2016/12/29 11:39 p.m.•26 views

Updated roundcubemail packages fix security vulnerability

Users can execute commands on the server by writing e-mails, due to insufficient sanitation of the from field when calling PHP's mail function CVE-2016-9920. Note that only roundcubemail installations that don't have an SMTP server configured for mail delivery are affected...

7.5CVSS4AI score0.05621EPSS
Exploits2References3
Mageia
Mageia
•added 2016/11/17 4:37 p.m.•26 views

Updated resteasy packages fix security vulnerability

It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using...

9.8CVSS5.4AI score0.04847EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/05 4:26 p.m.•26 views

Updated ansible packages fix CVE-2016-3096

Updated ansible package fixes security vulnerability: A vulnerability in lxccontainer, ansible module, was found allowing to get root inside the container. The problem is in the createscript function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can wri...

7.8CVSS4.8AI score0.00468EPSS
Exploits0References3
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•26 views

Updated eog packages fix security vulnerability

Due to a logic error, an attempt to allocate a large block of memory fails in createsurfacefrompixbuf, leading to a crash of eog CVE-2013-7447...

6.5CVSS1.6AI score0.04633EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•26 views

Updated python-curl packages fix security vulnerability

A use-after-free vulnerability was found in Curl object's HTTPPOST setopt when a Unicode value is passed as a value with a FORMBUFFERPTR. The str object created from the passed in unicode object would have its buffer used but the unicode object would be stored instead of the str object rhbz127748...

0.5AI score
Exploits0References3
Mageia
Mageia
•added 2015/09/23 7:42 p.m.•26 views

Updated shutter packages fix CVE-2015-0854

Updated shutter package fixes security vulnerability: In the "Shutter" screenshot application, it was discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...

9.3CVSS8AI score0.02504EPSS
Exploits0References2
Mageia
Mageia
•added 2015/04/15 4:7 p.m.•26 views

Updated mono packages fix security vulnerabilities

A TLS impersonation attack was discovered in Mono's TLS stack by researchers at Inria CVE-2015-2318. During checks on the TLS stack, they have discovered two further issues which have been fixed, a vulnerability to a protocol downgrade attack CVE-2015-2319 and SSLv2 support still being available...

9.8CVSS8.7AI score0.03539EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•26 views

Updated plasma-nm packages add openvpn certificate verification

Updated plasma-applet-nm packages add OpenVPN option for server certificate verification Plasma-nm does not tell OpenVPN to perform server certificate verification. Consequently, anyone with the preshared key is able to perform a MITM attack by impersonating the server. This update add option to...

2.7AI score
Exploits0References4
Mageia
Mageia
•added 2014/11/26 10:14 a.m.•26 views

Updated perl-Plack package fixes security vulnerability

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...

5CVSS6.3AI score0.02455EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/14 11:50 a.m.•26 views

Updated getmail package fixes security vulnerabilities

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate CVE-2014-7273. The IMAP-over-SSL implementation in getmai...

6.8CVSS5.7AI score0.00928EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/26 3:55 p.m.•26 views

Updated perl-XML-DT package fix CVE-2014-5260

Updated perl-XML-DT package fixes security vulnerability: The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/xml temporary file CVE-2014-5260...

6.3CVSS6.2AI score0.00349EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/24 4:44 p.m.•26 views

Updated php-pear-CAS packages fix CVE-2014-4172

Updated php-pear-CAS packages fix security vulnerabilities: A flaw in php-pear-CAS before 1.3.3, utilized by Moodle, has been found which could potentially allow unauthorised access and privilege escalation CVE-2014-4172...

9.8CVSS9.3AI score0.06057EPSS
Exploits0References1
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•26 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.8AI score0.05584EPSS
Exploits0References7
Total number of security vulnerabilities5000