Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2021/06/29 5:31 p.m.•69 views

Updated nginx package fixes a security vulnerability

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...

7.7CVSS8.4AI score0.52838EPSS
Exploits10References3
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•69 views

Updated openssh packages fix a security vulnerability

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host CVE-2021-28041...

7.1CVSS1.6AI score0.03422EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/30 8:8 p.m.•69 views

Updated fwupd packages fix a security vulnerability

A PGP signature bypass was found in fwupd, which could lead to possible installation of unsigned firmware CVE-2020-10759...

6CVSS1.9AI score0.0049EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/12 1:25 a.m.•69 views

Updated openssh packages fix a security vulnerability

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client CVE-2020-14145...

5.9CVSS4.1AI score0.02057EPSS
Exploits2References2
Mageia
Mageia
•added 2020/11/13 9:20 p.m.•69 views

Updated microcode package fixes security vulnerabilities

Insufficient access control in the Linux kernel driver for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8694 Observable discrepancy in the RAPL interface for some IntelR Processors may allow a privileged user to...

5.5CVSS5.7AI score0.0051EPSS
Exploits0References5
Mageia
Mageia
•added 2020/05/27 6:17 p.m.•69 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerabilities: - Fixed bug 78875 Long filenames cause OOM and temp files are not cleaned. 1 - Fixed bug 78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. 2 - Fixed bug 79441 Segfault in mbchr if internal encoding is...

5.3CVSS0.5AI score0.06264EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•69 views

Updated php packages fix security vulnerability

Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...

8.8CVSS2.6AI score0.04764EPSS
Exploits3References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•69 views

Updated python-psutil packages fix security vulnerability

Updated python-psutil packages fix security vulnerability: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS2.4AI score0.03522EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•69 views

Updated nginx packages fix security vulnerabilities

Updated nginx packages fix security vulnerabilities: When using HTTP/2 a client might cause excessive memory consumption and CPU usage CVE-2019-9511, CVE-2019-9513, CVE-2019-9516...

7.8CVSS1.7AI score0.82017EPSS
Exploits0References2
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•69 views

Updated python packages fix security vulnerability

A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization could lead to an Information Disclosure credentials, cookies, etc. that are cached against a given hostname in the urllib.parse.urlsplit,...

9.8CVSS2.3AI score0.08811EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•69 views

Updated mariadb packages fix security vulnerability

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...

6.5CVSS4.3AI score0.03683EPSS
Exploits0References4
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•69 views

Updated microcode packages fix security vulnerability

This update adds microcode fixes and mitigations for Spectre CVE-2017-5715 for the following: Intel Pentium Silver N/J5xxx, Celeron N/J4xxx Intel Xeon E5/E7 v4; Core i7-69xx/68xx Amd has also released their updated microcode for Fam15 and Fam17 cpus...

5.6CVSS2.4AI score0.74041EPSS
Exploits9References1
Mageia
Mageia
•added 2018/01/01 1:17 a.m.•69 views

Updated ncurses packages fix security vulnerabilities

Possible RCE via stack-based buffer overflow in the fmtentry function CVE-2017-10684. Possible RCE with format string vulnerability in the fmtentry function CVE-2017-10685. Illegal address access in appendacs CVE-2017-11112. Dereferencing NULL pointer in ncparseentry CVE-2017-11113. Fix infinite...

9.8CVSS4.1AI score0.04876EPSS
Exploits7References5
Mageia
Mageia
•added 2017/12/21 6:18 p.m.•69 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 It was discovered that the Kerberos client implementation in the Libraries...

9.6CVSS1AI score0.16181EPSS
Exploits2References3
Mageia
Mageia
•added 2017/11/16 7:39 a.m.•69 views

Updated jackson-databind packages fix security vulnerability

An unsafe deserialization vulnerability was found due to incomplete blacklisting of the unsafe elements, due to an incomplete fix for CVE-2017-7525 CVE-2017-15095...

9.8CVSS3.7AI score0.08411EPSS
Exploits2References3
Mageia
Mageia
•added 2017/03/25 8:15 p.m.•69 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on upstream 4.4.55 and fixes at least the following security issues: Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline CVE-2017-263...

7.8CVSS4.5AI score0.01029EPSS
Exploits2References6
Mageia
Mageia
•added 2016/12/07 11:48 a.m.•69 views

Updated kernel-tmb-4.4.32 packages fix security vulnerability

This update is based on upstream 4.4.32 and fixes alteast the following security issues: The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data,...

7.8CVSS2.6AI score0.01765EPSS
Exploits0References7
Mageia
Mageia
•added 2016/05/13 9:54 p.m.•69 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin...

7.2CVSS1.6AI score0.15081EPSS
Exploits4References5
Mageia
Mageia
•added 2014/07/29 9:30 p.m.•69 views

Updated apache package fixes security vulnerabilities

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

6.8CVSS7.4AI score0.85744EPSS
Exploits7References3
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•68 views

Updated poppler packages fix security vulnerability

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903...

4.3CVSS6.1AI score0.00092EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/26 6:28 a.m.•68 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.79 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS8AI score0.00571EPSS
Exploits1References6
Mageia
Mageia
•added 2024/05/10 4:9 p.m.•68 views

Updated glibc packages fix security vulnerabilities

Stack-based buffer overflow in netgroup cache: If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. CVE-2024-33599 Null pointer crashes after notfound response: If t...

8.1CVSS7.9AI score0.0131EPSS
Exploits0References1
Mageia
Mageia
•added 2024/03/27 7:40 p.m.•68 views

Updated thunderbird packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS8.4AI score0.01285EPSS
Exploits4References3
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•68 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to...

7.8CVSS6.5AI score0.0616EPSS
Exploits3References8
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•68 views

Updated python-future packages fix security vulnerability

Excessive CPU usage via a crafted Set-Cookie header CVE-2022-40899...

7.5CVSS2AI score0.01804EPSS
Exploits1References3
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•68 views

Updated python-django packages fix security vulnerability

Internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. CVE-2022-41323 Potential denial-of-service via Accept-Language headers CVE-2023-23969...

7.5CVSS7.6AI score0.47102EPSS
Exploits0References5
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•68 views

Updated java/timezone packages fix security vulnerability

Improper restrictions in CORBA deserialization. CVE-2023-21830 Handshake DoS attack against DTLS connections. CVE-2023-21835 Soundbank URL remote loading. CVE-2023-21843...

5.3CVSS6.3AI score0.01836EPSS
Exploits0References4
Mageia
Mageia
•added 2022/07/13 8:44 p.m.•68 views

Updated gerbv packages fix security vulnerability

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. CVE-2021-40391 An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling...

10CVSS2.6AI score0.03064EPSS
Exploits5References2
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•68 views

Updated firefox/thunderbird packages fix security vulnerability

Prototype pollution in Top-Level Await implementation. CVE-2022-1802 Untrusted input used in JavaScript object indexing, leading to prototype pollution. CVE-2022-1529...

8.8CVSS2.1AI score0.26709EPSS
Exploits0References4
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•68 views

Updated openssl packages fix security vulnerability

The crehash script allows command injection. CVE-2022-1292...

10CVSS2.7AI score0.83223EPSS
Exploits5References2
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•68 views

Updated nodejs packages fix security vulnerability

Improper handling of URI Subject Alternative Names Medium. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often n...

8.2CVSS2AI score0.21514EPSS
Exploits2References5
Mageia
Mageia
•added 2021/11/25 1:6 p.m.•68 views

Updated rsh packages fix security vulnerability

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. CVE-2019-7282 An issu...

7.4CVSS3AI score0.02067EPSS
Exploits2References2
Mageia
Mageia
•added 2021/11/20 7:31 p.m.•68 views

Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability This update mitigates a security concern in the Unicode standard, affecting source code containing "bidirectional override" Unicode codepoints: in some cases the use of those codepoints could lead to the reviewed code being different than the...

8.3CVSS2.9AI score0.12205EPSS
Exploits4References8
Mageia
Mageia
•added 2021/09/08 9:23 a.m.•68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.62 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over...

7.1CVSS6.5AI score0.0072EPSS
Exploits3References3
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•68 views

Updated glibc packages fix security vulnerability

An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input CVE-2021-35942...

9.1CVSS8.1AI score0.02678EPSS
Exploits0References2
Mageia
Mageia
•added 2021/04/03 1:16 p.m.•68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.27 and fixes at least the following security issues: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain...

7.8CVSS1.9AI score0.00858EPSS
Exploits0References5
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•68 views

Updated thunderbird packages fix security vulnerability

Potential leak of redirect targets when loading scripts in a worker. CVE-2020-15652 WebRTC data channel leaks internal address to peer. CVE-2020-6514 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture. CVE-2020-6463 Memory safety bugs fixed in Thunderbird 68.11. CVE-2020-15659...

9.3CVSS2.4AI score0.0779EPSS
Exploits6References4
Mageia
Mageia
•added 2020/08/16 1:53 p.m.•68 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs...

10CVSS3.4AI score0.77246EPSS
Exploits5References3
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•68 views

Updated dojo packages fix security vulnerability

Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them CVE-2019-10785...

6.1CVSS2.6AI score0.01853EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•68 views

Updated libsass packages fix security vulnerabilities

Use-after-free vulnerability in sasscontext.cpp:handleerror CVE-2018-11499. Null pointer dereference in Sass::SelectorList::populateextends CVE-2018-19797. Use-after-free vulnerability exists in the SharedPtr class CVE-2018-19827. Stack overflow in Eval::operator CVE-2018-19837. Stack-overflow at...

9.8CVSS4.2AI score0.04006EPSS
Exploits9References2
Mageia
Mageia
•added 2020/01/07 9:19 p.m.•68 views

Updated opensc packages fix security vulnerability

Updated opensc packages fix security vulnerabilities: sccontextcreate in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv CVE-2019-6502. OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...

7.5CVSS3.2AI score0.02198EPSS
Exploits2References3
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•68 views

Updated thunderbird packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

9.8CVSS0.3AI score0.20271EPSS
Exploits2References5
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•68 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

8.8CVSS7.4AI score0.16523EPSS
Exploits19References43
Mageia
Mageia
•added 2019/02/20 11:50 p.m.•68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...

8.8CVSS0.16523EPSS
Exploits10References23
Mageia
Mageia
•added 2018/08/12 8:39 p.m.•68 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...

7.1CVSS4.4AI score0.03213EPSS
Exploits0References6
Mageia
Mageia
•added 2018/03/14 4:21 p.m.•68 views

Updated php packages fix CVE-2018-7584

Updated php packages fix security vulnerability: Update to php 5.6.34 fixes a stack-buffer-overflow while parsing HTTP response. CVE-2018-7584...

9.8CVSS1.6AI score0.87883EPSS
Exploits3References2
Mageia
Mageia
•added 2017/12/31 12:10 a.m.•68 views

Updated jasper packages fix security vulnerabilities

The jasper package has been updated and patched to fix several security issues...

7.8CVSS1.9AI score0.05981EPSS
Exploits12References8
Mageia
Mageia
•added 2017/08/18 5:6 p.m.•68 views

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

7.8CVSS2.6AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2016/11/04 8:43 a.m.•68 views

Updated kernel-tmb package fixes security issues

This update is based on the upstream 4.4.26 kernel and fixes at least these security issues: sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the...

7.8CVSS3.1AI score0.83524EPSS
Exploits91References11
Mageia
Mageia
•added 2015/12/10 8:57 p.m.•68 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Type confusion in extensions CVE-2015-6788. Use-after-free in Blink CVE-2015-6789. Escaping issue in saved pages CVE-2015-6790. Various fixes from internal audits, fuzzing and other initiatives CVE-2015-6791...

10CVSS9.3AI score0.03199EPSS
Exploits0References2
Total number of security vulnerabilities5000