Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
added 2025/01/18 1:31 a.m.70 views

Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...

8.4CVSS7.3AI score0.00563EPSS
Exploits0References1
Mageia
Mageia
added 2024/04/25 4:0 p.m.70 views

Updated glibc packages fix security vulnerability

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961...

7.3CVSS7AI score0.8833EPSS
Exploits16References2
Mageia
Mageia
added 2024/04/19 1:16 a.m.70 views

Updated less packages fix security vulnerability

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

8.6CVSS7.2AI score0.00628EPSS
Exploits0References5
Mageia
Mageia
added 2024/01/14 10:23 p.m.70 views

Updated vlc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket and results in a memory corruption CVE-2023-47359. Videolan VLC prior to version 3.0.20 contains an Integer...

9.8CVSS7.2AI score0.01096EPSS
Exploits2References2
Mageia
Mageia
added 2023/11/27 3:16 p.m.70 views

Updated lilypond packages fix a security vulnerability

Updated lilypond packages fix a security vulnerability: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a...

8.6CVSS8.2AI score0.00414EPSS
Exploits1References1
Mageia
Mageia
added 2023/11/12 12:44 a.m.70 views

Updated quictls packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

7.5CVSS6.8AI score0.03332EPSS
Exploits0References1
Mageia
Mageia
added 2023/11/09 11:37 p.m.70 views

Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...

9.3CVSS7.4AI score0.85944EPSS
Exploits0References4
Mageia
Mageia
added 2023/06/28 5:21 a.m.70 views

Updated python-tornado packages fix security vulnerability

Remote unauthenticated attacker may redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. CVE-2023-28370...

6.1CVSS7.2AI score0.01132EPSS
Exploits0References2
Mageia
Mageia
added 2022/09/10 8:26 p.m.70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.65 and fixes at least the following security issues: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of the map. This flaw allows a local...

7.8CVSS7.2AI score0.00971EPSS
Exploits4References5
Mageia
Mageia
added 2022/06/30 9:31 p.m.70 views

Updated openssl packages fix security vulnerability

The crehash script allows command injection. CVE-2022-2068...

10CVSS2.7AI score0.95764EPSS
Exploits1References3
Mageia
Mageia
added 2022/05/12 10:24 a.m.70 views

Updated openssl packages fix security vulnerability

The crehash script allows command injection. CVE-2022-1292...

10CVSS2.7AI score0.83223EPSS
Exploits5References2
Mageia
Mageia
added 2022/04/28 10:46 p.m.70 views

Updated thunderbird packages fix security vulnerabilities

The updated thunderbird packages fix security vulnerabilities: Use-after-free in NSSToken objects CVE-2022-1097. Use-after-free after VR Process destruction CVE-2022-1196. OpenPGP revocation information was ignored CVE-2022-1197. Denial of Service via complex regular expressions CVE-2022-24713...

9.8CVSS4AI score0.34174EPSS
Exploits8References4
Mageia
Mageia
added 2022/03/14 4:51 p.m.70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

9.1CVSS7.2AI score0.04919EPSS
Exploits0References7
Mageia
Mageia
added 2022/02/15 8:50 p.m.70 views

Updated microcode packages fix security vulnerabilities

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Insufficient control flow management in some IntelR Processors may allow an authenticated user to potentially enable a denial of service via local access CVE-2021-0127 / SA-00532...

6.8CVSS3.1AI score0.01017EPSS
Exploits0References6
Mageia
Mageia
added 2021/12/21 11:27 p.m.70 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially...

7.8CVSS3AI score0.00513EPSS
Exploits3References5
Mageia
Mageia
added 2021/10/06 7:41 p.m.70 views

Updated nodejs packages fix security vulnerability

Multiple security fixes for nodejs. See references for details...

9.8CVSS7.8AI score0.21952EPSS
Exploits3References5
Mageia
Mageia
added 2021/06/28 9:16 p.m.70 views

Updated glibc packages fix a security vulnerability

A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence CVE-2016-10228...

5.9CVSS3.4AI score0.04006EPSS
Exploits0References2
Mageia
Mageia
added 2021/05/31 8:31 p.m.70 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on upstream 5.10.41 and fixes at least the following security issue: kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memor...

7.8CVSS1.2AI score0.00377EPSS
Exploits0References5
Mageia
Mageia
added 2021/03/02 10:33 p.m.70 views

Updated openjpeg2 packages fix security vulnerability

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as...

8.3CVSS4.9AI score0.01329EPSS
Exploits0References2
Mageia
Mageia
added 2020/12/31 2:32 p.m.70 views

Updated curl packages fix security vulnerabilities

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231. A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl...

7.5CVSS6.9AI score0.09917EPSS
Exploits3References9
Mageia
Mageia
added 2020/12/17 1:10 p.m.70 views

Updated jupyter-notebook packages fix a security vulnerability

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for know...

6.1CVSS2.7AI score0.01213EPSS
Exploits0References2
Mageia
Mageia
added 2020/03/06 4:13 p.m.70 views

Updated xen packages fix security vulnerability

- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods XSA-306 - x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 - VCPUOPinitialise DoS XSA-296, CVE-2019-18420...

9.8CVSS0.2AI score0.03133EPSS
Exploits0References11
Mageia
Mageia
added 2019/04/10 10:7 p.m.70 views

Updated python packages fix security vulnerability

A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization could lead to an Information Disclosure credentials, cookies, etc. that are cached against a given hostname in the urllib.parse.urlsplit,...

9.8CVSS2.3AI score0.08811EPSS
Exploits0References2
Mageia
Mageia
added 2019/01/06 4:41 p.m.71 views

Updated aubio packages fix security vulnerabilities

NULL pointer dereference in the function aubiosourceavcodecreadframe which may lead to DoS when playing a crafted audio file CVE-2017-17554. A crash in aubiopitchsetunit CVE-2018-14522. A buffer overrread resulting in crash or information leakage in newaubiopitchyinfft CVE-2018-14523...

8.8CVSS1.7AI score0.01966EPSS
Exploits2References2
Mageia
Mageia
added 2018/10/27 9:45 a.m.70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.78 and fixes at least the following security issues: An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the...

8.3CVSS0.1AI score0.08743EPSS
Exploits3References9
Mageia
Mageia
added 2018/07/25 8:24 a.m.70 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on the upstream 4.14.56 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptio...

8CVSS8AI score0.18404EPSS
Exploits21References9
Mageia
Mageia
added 2018/02/05 7:12 p.m.70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.4.114 and fixes several security issues. The most important fixes in this update is for the security issue named "Spectre, variant 2 CVE-2017-5715" that is partly mitigated by enabling retpoline support. For full retpoline mitigation, kernel needs to ...

7.8CVSS7.3AI score0.93838EPSS
Exploits17References4
Mageia
Mageia
added 2017/12/21 6:18 p.m.70 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 It was discovered that the Kerberos client implementation in the Libraries...

9.6CVSS1AI score0.16181EPSS
Exploits2References3
Mageia
Mageia
added 2017/02/05 8:42 p.m.70 views

Updated openssl packages fix security vulnerability

There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation CVE-2016-7055. If an...

7.5CVSS1.2AI score0.57595EPSS
Exploits1References2
Mageia
Mageia
added 2016/12/05 9:49 p.m.70 views

Updated thunderbird packages fix security vulnerabilities

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash CVE-2016-5296. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This...

9.8CVSS1AI score0.87598EPSS
Exploits18References6
Mageia
Mageia
added 2016/05/13 9:54 p.m.70 views

Updated jackson-dataformat-xml packages fix CVE-2016-3720

Updated jackson-dataformat-xml packages fix security vulnerability: It was reported that XmlMapper in jackson-dataformat-xml is vulnerable to XXE attack "Improper Restriction of XML External Entity Reference" CVE-2016-3720...

9.8CVSS2.8AI score0.0278EPSS
Exploits0References2
Mageia
Mageia
added 2015/08/03 8:55 p.m.71 views

Updated ipython package fixes security vulnerability

JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack CVE-2015-4707. POST requests exposed via the...

8.8CVSS7.4AI score0.01762EPSS
Exploits1References3
Mageia
Mageia
added 2015/04/30 9:57 p.m.70 views

Updated kernel-linus package fixes security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.14.39 and fixes the following security issues: It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with acce...

9.3CVSS7.8AI score0.10108EPSS
Exploits1References8
Mageia
Mageia
added 2014/12/31 12:28 p.m.70 views

Updated cxf packages fix security vulnerabilities

Updated cxf packages fix security vulnerabilities: An Apache CXF JAX-RS service can process SAML tokens received in the authorization header of a request via the SamlHeaderInHandler. However it is possible to cause an infinite loop in the parsing of this header by passing certain bad values for t...

5.8CVSS7.3AI score0.09149EPSS
Exploits1References5
Mageia
Mageia
added 2014/11/21 12:44 p.m.70 views

Updated libvirt packages fix security vulnerability

Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file CVE-2014-7823...

5CVSS6.5AI score0.01905EPSS
Exploits0References2
Mageia
Mageia
added 2014/04/08 7:58 a.m.70 views

Updated openssl package fix two security vulnerabilities

Updated openssl packages fix security vulnerability: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

7.5CVSS6.6AI score0.99999EPSS
Exploits89References3
Mageia
Mageia
added 2013/11/22 7:1 p.m.70 views

Updated kernel-tmb package fixes security vulnerabilites.

This kernel-tmb update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers ...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
added 2025/05/05 4:57 a.m.69 views

Updated poppler packages fix security vulnerability

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903...

4.3CVSS6.1AI score0.00092EPSS
Exploits0References2
Mageia
Mageia
added 2024/07/20 9:22 p.m.69 views

Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

9.1CVSS7.1AI score0.04134EPSS
Exploits5References2
Mageia
Mageia
added 2024/07/03 4:36 p.m.69 views

Updated libcdio packages fix security vulnerability

Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. CVE-2024-36600...

8.4CVSS8AI score0.00363EPSS
Exploits1References2
Mageia
Mageia
added 2024/05/10 4:9 p.m.69 views

Updated glibc packages fix security vulnerabilities

Stack-based buffer overflow in netgroup cache: If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. CVE-2024-33599 Null pointer crashes after notfound response: If t...

8.1CVSS7.9AI score0.0131EPSS
Exploits0References1
Mageia
Mageia
added 2024/05/09 2:40 a.m.69 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 124.0.6367.128 release. It includes 2 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...

8.8CVSS7.9AI score0.01228EPSS
Exploits2References2
Mageia
Mageia
added 2024/03/28 3:52 a.m.69 views

Updated python3, python packages fix security vulnerabilities

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 The zipfile module is...

7.8CVSS6.6AI score0.00333EPSS
Exploits0References3
Mageia
Mageia
added 2024/03/12 12:30 a.m.69 views

Updated libtiff packages fix security vulnerability

A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356...

7.5CVSS7.1AI score0.02187EPSS
Exploits0References3
Mageia
Mageia
added 2024/02/27 1:8 a.m.69 views

Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References4
Mageia
Mageia
added 2024/02/09 1:34 a.m.69 views

Updated kernel-linus fixes security vulnerabilities and many bugs

Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

7.5CVSS7.1AI score0.01177EPSS
Exploits1References17
Mageia
Mageia
added 2023/10/22 9:4 p.m.69 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often...

9.8CVSS9.5AI score0.00978EPSS
Exploits3References8
Mageia
Mageia
added 2023/08/23 7:56 p.m.69 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to...

7.8CVSS6.5AI score0.0616EPSS
Exploits3References8
Mageia
Mageia
added 2023/03/24 5:55 a.m.69 views

Updated thunderbird packages fix security vulnerability

Incorrect code generation during JIT compilation. CVE-2023-25751 Potential out-of-bounds when accessing throttled streams. CVE-20223-25752 Invalid downcast in Worklets. CVE-2023-28162 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. CVE-2023-28164 Memor...

8.8CVSS8.8AI score0.00713EPSS
Exploits0References3
Mageia
Mageia
added 2022/12/06 11:32 p.m.69 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 108 branch with the 108.0.5359.94 release, fixing many bugs and 29 vulnerabilities, together with 107.0.5304.121 and 108.0.5359.71. Some of the security fixes are - CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao...

9.6CVSS9.1AI score0.31864EPSS
Exploits4References2
Total number of security vulnerabilities5000