Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2023/01/24 7:58 a.m.•72 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities. Some of the security fixes are - High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 High CVE-2023-0129 Heap buffer overflow in Network Service...

8.8CVSS8.2AI score0.007EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/17 11:55 p.m.•72 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver,...

7.8CVSS0.1AI score0.00463EPSS
Exploits1References6
Mageia
Mageia
•added 2022/10/23 8:35 p.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest V...

8.8CVSS8.3AI score0.03763EPSS
Exploits12References13
Mageia
Mageia
•added 2022/05/08 7:58 a.m.•72 views

Updated rsyslog packages fix security vulnerability

Potential heap buffer overflow in TCP syslog server receiver components CVE-2022-24903...

8.1CVSS4AI score0.03821EPSS
Exploits0References2
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•72 views

Updated polkit packages fix security vulnerability

There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion. CVE-2021-4115...

5.5CVSS1.3AI score0.0053EPSS
Exploits1References6
Mageia
Mageia
•added 2022/02/12 5:31 p.m.•72 views

Updated libarchive packages fix security vulnerability

Processing fixup entries may follow symbolic links. CVE-2021-31566 libarchive 3.4.1 through 3.5.1 has a use-after-free in copystring called from douncompressblock and processblock. CVE-2021-36976...

7.8CVSS2AI score0.02845EPSS
Exploits0References2
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•72 views

Updated openssl packages fix security vulnerability

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS8.5AI score0.87816EPSS
Exploits1References4
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•72 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to...

9.3CVSS1.5AI score0.03692EPSS
Exploits5References4
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•72 views

Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

9.8CVSS6.8AI score0.68067EPSS
Exploits0References2
Mageia
Mageia
•added 2021/02/01 5:53 p.m.•72 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on upstream 5.10.12 and fixes at least the following security issue: An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel CVE-2021-3347...

7.8CVSS3.1AI score0.01377EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•72 views

Updated kernel packages fix security vulnerability

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...

6.7CVSS1.1AI score0.04505EPSS
Exploits0References7
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•72 views

Updated kernel packages fix security vulnerability

This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...

6.8CVSS1.3AI score0.00927EPSS
Exploits1References5
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•72 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to...

7.8CVSS1.9AI score0.98745EPSS
Exploits4References8
Mageia
Mageia
•added 2019/02/20 11:50 p.m.•72 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.100 and fixes at least the following security issues: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error...

8.8CVSS0.5AI score0.16523EPSS
Exploits5References12
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•72 views

Updated tomcat packages fix security vulnerabilities

In Tomcat 8.0.45, the description of the search algorithm used by the CGI Servlet to identify which script to execute was updated. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the...

6.5CVSS0.2AI score0.17378EPSS
Exploits2References3
Mageia
Mageia
•added 2018/02/15 9:17 p.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has bee...

7.5CVSS7.2AI score0.93838EPSS
Exploits12References6
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provides the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

7.4CVSS7.1AI score0.84172EPSS
Exploits3References9
Mageia
Mageia
•added 2017/08/07 10:16 p.m.•72 views

Updated php and libgd packages fix security vulnerabilities

Buffer over-read into uninitialized memory in libgd CVE-2017-7890. Security issues from bundled oniguruma in php-mbstring CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229...

9.8CVSS3.3AI score0.07511EPSS
Exploits5References2
Mageia
Mageia
•added 2017/07/28 6:12 p.m.•72 views

Updated openvpn packages fix security vulnerabilities

It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known CVE-2017-7508. Some parts of the...

9.8CVSS0.6AI score0.04759EPSS
Exploits0References4
Mageia
Mageia
•added 2016/09/25 3:45 p.m.•72 views

Updated php packages fix security vulnerabilities

Memory Corruption in During Deserialized-object Destruction CVE-2016-7411. Heap overflow in mysqlnd related to BIT fields CVE-2016-7412. wddxdeserialize use-after-free CVE-2016-7413. Out of bound when verify signature of zip phar in pharparsezipfile CVE-2016-7414. Missing locale length check in...

9.8CVSS2.6AI score0.11402EPSS
Exploits7References10
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•72 views

Updated graphicsmagick packages fix security vulnerability

- A read out-of-bound in the parsing of gif files using GraphicsMagick CVE-2015-8808. - Infinite loop caused by converting a circularly defined svg file CVE-2016-5240. - Fix another case of CVE-2016-2317 heap buffer overflow in the MVG rendering code also impacts SVG. - arithmetic exception...

10CVSS8.5AI score0.49982EPSS
Exploits2References6
Mageia
Mageia
•added 2016/05/23 10:0 p.m.•72 views

Updated pcre packages fix security vulnerabilities

Updated pcre packages fix security vulnerabilities: The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles a paricular pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified...

9.8CVSS6AI score0.0843EPSS
Exploits2References2
Mageia
Mageia
•added 2015/10/09 6:47 p.m.•72 views

Updated kernel-linus package provides 4.1 longterm and fixes security issues

This kernel-linus update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey...

5.5CVSS7.8AI score0.00493EPSS
Exploits0References11
Mageia
Mageia
•added 2015/04/04 11:13 a.m.•72 views

Updated php and libzip packages fix security vulnerabilities

Heap overflow vulnerability in regcomp.c in the ereg extension in PHP before 5.5.23 on 32-bit systems CVE-2015-2305. Integer overflow in zip extension in PHP before 5.5.23 leads to writing past heap boundary CVE-2015-2331. Use after free vulnerability in unserialize in PHP before 5.5.23...

7.5CVSS8.8AI score0.27869EPSS
Exploits7References3
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•72 views

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides as upgrade to upstream 3.14 longterm branch, currently based on 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types,...

10CVSS7.8AI score0.37233EPSS
Exploits37References35
Mageia
Mageia
•added 2014/12/09 8:12 p.m.•72 views

Updated nodejs package fixes security vulnerabilities

Updated nodejs package fixes security vulnerabilities: A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and...

7.5CVSS7.3AI score0.05428EPSS
Exploits2References4
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•72 views

Updated kernel-linus package fixes security vulnerabilities

Updated kernel-linus provides upstream 3.12.26 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.8CVSS7.1AI score0.37233EPSS
Exploits22References7
Mageia
Mageia
•added 2023/11/09 12:55 p.m.•71 views

Updated openssl packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

7.5CVSS7.3AI score0.03332EPSS
Exploits0References1
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•71 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...

8.8CVSS8.4AI score0.21314EPSS
Exploits4References6
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•71 views

Updated git packages fix security vulnerability

CVE-2022-39253: A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. CVE-2022-39260: Allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. CVE-2022-29187:...

8.8CVSS7.6AI score0.02938EPSS
Exploits1References2
Mageia
Mageia
•added 2022/09/10 8:26 p.m.•71 views

Updated jupyter-notebook packages fix security vulnerability

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. CVE-2018-19351 It was discovered that Jupyter Notebook...

7.5CVSS1.2AI score0.05664EPSS
Exploits2References6
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•71 views

Updated postgresql packages fix security vulnerability

Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 Extension scripts replace objects not belonging to the extension CVE-2022-2625...

8.8CVSS2.7AI score0.12403EPSS
Exploits0References4
Mageia
Mageia
•added 2022/07/16 7:58 p.m.•71 views

Updated java packages fix security vulnerability

OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...

7.5CVSS4.2AI score0.04046EPSS
Exploits0References3
Mageia
Mageia
•added 2022/06/03 5:15 p.m.•71 views

Updated mariadb packages fix security vulnerability

Some security vulenarbilities have been fixed. Some bigger bugs in optimizer and replication engine have been found and fixed. See release notes for details...

7.5CVSS2.6AI score0.02458EPSS
Exploits17References2
Mageia
Mageia
•added 2021/12/21 11:27 p.m.•71 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Uni...

9.8CVSS7.3AI score0.97108EPSS
Exploits4References4
Mageia
Mageia
•added 2021/10/04 4:42 p.m.•71 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.70 and fixes at least the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released...

7.8CVSS7.7AI score0.01692EPSS
Exploits3References9
Mageia
Mageia
•added 2021/03/17 6:16 a.m.•71 views

Updated glibc packages fix a security vulnerability

Updated glibc packages fix a security vulnerability: The nameserver caching daemon nscd, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system CVE-2021-27645...

2.5CVSS2.6AI score0.00374EPSS
Exploits0References1
Mageia
Mageia
•added 2020/12/31 2:32 p.m.•71 views

Updated curl packages fix security vulnerabilities

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231. A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl...

7.5CVSS6.9AI score0.09917EPSS
Exploits3References9
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•71 views

Updated nrpe packages fix security vulnerability

Updated nrpe packages fix security vulnerabilities: Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nastymetachars interprets \n as the character \ and the character n not as the \n newline sequence. This can cause command injection CVE-2020-6581. Nagios NRPE 3.2.1 has a...

7.5CVSS3AI score0.03871EPSS
Exploits2References4
Mageia
Mageia
•added 2020/01/30 6:28 p.m.•71 views

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...

8.8CVSS8.6AI score0.06937EPSS
Exploits0References8
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•71 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8835, CVE-2019-8844, CVE-2019-8846. For other fixes in this update, see the referenced release notes...

9.3CVSS2.6AI score0.02238EPSS
Exploits0References4
Mageia
Mageia
•added 2018/04/13 8:8 p.m.•71 views

Updated nxagent packages fix security vulnerability

CVE-2017-2624: Timing attack against MIT Cookie...

7CVSS2.5AI score0.00675EPSS
Exploits3References2
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•71 views

Updated microcode packages fix security vulnerabilities

This update provides microcode fixes and mitigations for Spectre CVE-2017-5715 for many Intel CPUs produced in the last 5 years. So far the Intel microcode updates are for several processors from the Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake, Apollo Lake, Crystal Well and I...

5.6CVSS1.6AI score0.74041EPSS
Exploits9References6
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•71 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

7.4CVSS7.4AI score0.93838EPSS
Exploits13References9
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•71 views

Updated thunderbird packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2016-1930, CVE-2016-1935. Multiple security flaws were foun...

10CVSS4.2AI score0.0831EPSS
Exploits1References14
Mageia
Mageia
•added 2015/12/05 10:3 a.m.•71 views

Updated moodle packages fix security vulnerability

In Moodle before 2.8.9, if guest access is open on the site, unauthenticated users can store Atto draft data through the editor autosave area, which could be exploited in a denial of service attack CVE-2015-5332. In Moodle before 2.8.9, due to a CSRF issue in the site registration form, it is...

8.8CVSS5.9AI score0.01684EPSS
Exploits0References12
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•71 views

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...

6.8CVSS8.5AI score0.09911EPSS
Exploits7References5
Mageia
Mageia
•added 2015/04/30 9:57 p.m.•71 views

Updated kernel-linus package fixes security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.14.39 and fixes the following security issues: It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with acce...

9.3CVSS7.8AI score0.10108EPSS
Exploits1References8
Mageia
Mageia
•added 2015/01/07 3:14 p.m.•71 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.27 and fixes the following security issues: arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier...

7.8CVSS6.7AI score0.01504EPSS
Exploits9References4
Mageia
Mageia
•added 2014/11/22 10:54 a.m.•71 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

7.5CVSS6.5AI score0.02427EPSS
Exploits0References17
Total number of security vulnerabilities5000