Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
added 2019/05/16 8:25 a.m.68 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

8.8CVSS7.4AI score0.16523EPSS
Exploits19References43
Mageia
Mageia
added 2019/02/20 11:50 p.m.68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...

8.8CVSS0.16523EPSS
Exploits10References23
Mageia
Mageia
added 2018/03/14 4:21 p.m.68 views

Updated php packages fix CVE-2018-7584

Updated php packages fix security vulnerability: Update to php 5.6.34 fixes a stack-buffer-overflow while parsing HTTP response. CVE-2018-7584...

9.8CVSS1.6AI score0.87606EPSS
Exploits3References2
Mageia
Mageia
added 2017/12/31 12:10 a.m.68 views

Updated jasper packages fix security vulnerabilities

The jasper package has been updated and patched to fix several security issues...

7.8CVSS1.9AI score0.05981EPSS
Exploits12References8
Mageia
Mageia
added 2017/08/18 5:6 p.m.68 views

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

7.8CVSS2.6AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
added 2016/11/04 8:43 a.m.68 views

Updated kernel-tmb package fixes security issues

This update is based on the upstream 4.4.26 kernel and fixes at least these security issues: sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the...

7.8CVSS3.1AI score0.83524EPSS
Exploits91References11
Mageia
Mageia
added 2016/10/04 12:20 p.m.68 views

Updated bind packages fix security vulnerability

The lwresd component in BIND which is not enabled by default could crash while processing an overlong request name. This could lead to a denial of service CVE-2016-2775. A crafted query could crash the BIND name server daemon, leading to a denial of service. All server roles authoritative,...

7.8CVSS3AI score0.89482EPSS
Exploits7References6
Mageia
Mageia
added 2015/12/10 8:57 p.m.68 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Type confusion in extensions CVE-2015-6788. Use-after-free in Blink CVE-2015-6789. Escaping issue in saved pages CVE-2015-6790. Various fixes from internal audits, fuzzing and other initiatives CVE-2015-6791...

10CVSS9.3AI score0.03199EPSS
Exploits0References2
Mageia
Mageia
added 2015/06/19 1:33 p.m.68 views

Updated openssl package fixes security vulnerabilities

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...

7.5CVSS6.2AI score0.9986EPSS
Exploits1References3
Mageia
Mageia
added 2014/12/03 7:27 p.m.68 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated nss, firefox, and thunderbird packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data CVE-2014-1569. Several flaws were found in the processing of malformed web...

7.5CVSS6.5AI score0.04052EPSS
Exploits4References13
Mageia
Mageia
added 2013/12/19 9:8 p.m.68 views

Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2013-6420. It was discovered that PHP...

7.5CVSS1.8AI score0.35635EPSS
Exploits8References3
Mageia
Mageia
added 2025/03/08 3:29 a.m.67 views

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Medium CVE-2025-1918: Out of bounds read...

8.8CVSS7.6AI score0.00657EPSS
Exploits0References6
Mageia
Mageia
added 2024/06/03 6:30 p.m.67 views

Updated git packages fix security vulnerabilities

Updated Git to version 2.41.1 to fix CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465...

9CVSS6.3AI score0.25334EPSS
Exploits34References3
Mageia
Mageia
added 2024/06/02 3:29 a.m.67 views

Updated unbound packages fix security vulnerability

Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a DNSBomb...

7.5CVSS6.7AI score0.01729EPSS
Exploits0References2
Mageia
Mageia
added 2024/03/22 12:19 a.m.67 views

Updated ffmpeg packages fix security vulnerability

Out of array access in avformat/rtsp. CVE-2023-47342...

7.1AI score
Exploits0References2
Mageia
Mageia
added 2022/12/17 6:48 p.m.67 views

Updated heimdal packages fix security vulnerability

Isaac Boukris reported that the Heimdal KDC before 7.7.1 does not apply delegationnotallowed aka not-delegated user attributes for S4U2Self. Instead the forwardable flag is set even if the impersonated client has the not-delegated flag set. CVE-2019-14870 Joseph Sutton discovered that the Heimdal...

9.8CVSS7.5AI score0.06419EPSS
Exploits1References6
Mageia
Mageia
added 2022/10/23 10:48 p.m.67 views

Updated libosip2 packages fix security vulnerability

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader. CVE-2022-41550...

6.5CVSS3.7AI score0.00538EPSS
Exploits0References2
Mageia
Mageia
added 2022/09/07 5:27 a.m.67 views

Updated xpdf packages fix security vulnerability

In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. CVE-2022-24106 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc...

7.8CVSS7.8AI score0.00314EPSS
Exploits0References2
Mageia
Mageia
added 2022/05/15 10:6 a.m.67 views

Updated freetype2 packages fix security vulnerability

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfntinitface. CVE-2022-27404 FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNTSizeRequest...

9.8CVSS9.3AI score0.03243EPSS
Exploits2References2
Mageia
Mageia
added 2022/02/18 12:14 a.m.67 views

Updated phoronix-test-suite packages fix security vulnerability

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. CVE-2022-0157 phoronix-test-suite is vulnerable to Cross-Site Request Forgery CSRF. CVE-2022-0196, CVE-2022-0197, CVE-2022-0238...

8.8CVSS2AI score0.01081EPSS
Exploits4References2
Mageia
Mageia
added 2022/02/05 8:23 p.m.67 views

Updated qtwebengine5 packages fix security vulnerability

The qtwebengine5 package has been updated to version 5.15.8, fixing several security issues in the bundled chromium code. See the referenced package announcement for details...

9.6CVSS7.7AI score0.36238EPSS
Exploits7References2
Mageia
Mageia
added 2021/12/29 7:12 p.m.67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...

7.8CVSS0.2AI score0.00549EPSS
Exploits1References5
Mageia
Mageia
added 2021/08/15 8:38 a.m.67 views

Updated sylpheed and claws-mail packages fix security vulnerability

Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...

6.1CVSS1.8AI score0.01155EPSS
Exploits0References2
Mageia
Mageia
added 2021/07/16 8:25 a.m.67 views

Updated python-django package fixes security vulnerabilities

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability CVE-2021-28658. In Django 2.2 before 2.2.21, 3.1 before 3.1.9, an...

9.8CVSS1.7AI score0.44369EPSS
Exploits1References16
Mageia
Mageia
added 2021/07/10 8:0 p.m.67 views

Updated php-smarty package fixes security vulnerabilities

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode CVE-2021-26119. Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring CVE-2021-26120...

9.8CVSS3.4AI score0.82316EPSS
Exploits2References3
Mageia
Mageia
added 2021/06/16 8:22 p.m.67 views

Updated python-bleach packages fix a security vulnerability

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp"...

6.1CVSS1.5AI score0.00483EPSS
Exploits1References4
Mageia
Mageia
added 2021/04/18 2:50 p.m.67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.30 and fixes at least the following security issues: nfc: fix refcount leak in llcpsockbind CVE-2020-25670 nfc: fix refcount leak in llcpsockconnect CVE-2020-25671 nfc: fix memory leak in llcpsockconnect CVE-2020-25672 firewire: nosy: Fix a...

7.8CVSS1.8AI score0.03259EPSS
Exploits3References4
Mageia
Mageia
added 2020/08/18 6:47 p.m.67 views

Updated tomcat packages fix security vulnerability

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...

7.5CVSS6.7AI score0.87553EPSS
Exploits1References3
Mageia
Mageia
added 2020/01/30 6:28 p.m.67 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

8.1CVSS7.4AI score0.04903EPSS
Exploits0References3
Mageia
Mageia
added 2020/01/05 3:37 p.m.67 views

Updated shadowsocks-libev packages fix security vulnerabilities

Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...

7.8CVSS2.6AI score0.02289EPSS
Exploits2References2
Mageia
Mageia
added 2019/11/07 11:36 p.m.67 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 78.0.3904.87 fixes security issues: Multiple flaws were found in the way Chromium 77.0.3865.120 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS2.2AI score0.72977EPSS
Exploits4References3
Mageia
Mageia
added 2018/01/13 2:28 p.m.67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provided the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

5.6CVSS7AI score0.84172EPSS
Exploits3References6
Mageia
Mageia
added 2017/09/16 8:24 a.m.67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References8
Mageia
Mageia
added 2015/11/16 9:36 p.m.67 views

Updated mariadb packages fix security vulnerabilities

This update provides the upstream 10.0.22 maintenance release and fixes the following security issues: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server :...

4CVSS6.1AI score0.30146EPSS
Exploits6References2
Mageia
Mageia
added 2015/10/27 9:6 a.m.67 views

Updated iceape/sqlite3 packages fix security vulnerabilities

Updated iceape packages fix security issues. The sqlite3 package has been updated as well since the new iceape version requires the SQLITEENABLEDBSTATVTAB feature to be enabled in sqlite. This sqlite3 update also enables ICU support, fixing bug 16814 . Use-after-free vulnerability in the...

10CVSS10.6AI score0.06328EPSS
Exploits0References17
Mageia
Mageia
added 2015/07/27 9:53 a.m.67 views

Updated java-1.8.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

10CVSS5.6AI score0.9986EPSS
Exploits1References5
Mageia
Mageia
added 2015/05/05 1:36 p.m.67 views

Updated clamav packages fix security vulnerabilities

This updates fixes the following security issues: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221 Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222...

6.8CVSS8AI score0.0837EPSS
Exploits1References6
Mageia
Mageia
added 2015/02/26 8:26 a.m.67 views

Updated firefox and thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.4AI score0.04359EPSS
Exploits0References9
Mageia
Mageia
added 2014/02/10 8:9 p.m.67 views

Updated kernel-tmb packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
added 2013/09/24 9:40 p.m.67 views

Updated perl-Crypt-DSA package fixes security vulnerability

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...

5.8CVSS5.5AI score0.01958EPSS
Exploits0References2
Mageia
Mageia
added 2024/09/27 1:30 a.m.66 views

Updated kernel-linus packages fixes security vulnerabilities

Vanilla upstream kernel version 6.6.52 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS8.1AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
added 2024/07/01 5:53 p.m.66 views

Updated ffmpeg packages fix security vulnerabilities

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the setencoderid function in /fftools/ffmpegenc.c component. CVE-2023-50010 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary...

8CVSS7.8AI score0.00479EPSS
Exploits1References2
Mageia
Mageia
added 2024/06/14 1:31 a.m.66 views

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

9.8CVSS6.3AI score0.01952EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/30 10:25 p.m.66 views

Updated cjson packages fix security vulnerabilities

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c. CVE-2023-50471 cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c. CVE-2023-50472...

7.5CVSS7.3AI score0.01508EPSS
Exploits2References1
Mageia
Mageia
added 2024/04/23 1:20 a.m.66 views

Updated kernel, kmod-xtables-addons, kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. dwarves is a new requirement to build the kernel. For information about the vulnerabilities see the links...

7.8CVSS6.8AI score0.00754EPSS
Exploits1References7
Mageia
Mageia
added 2024/04/23 1:20 a.m.66 views

Updated kernel-linus packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS6.7AI score0.00754EPSS
Exploits1References7
Mageia
Mageia
added 2024/04/12 8:45 p.m.66 views

Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

7.5CVSS7.1AI score0.35376EPSS
Exploits2References1
Mageia
Mageia
added 2024/03/16 1:42 a.m.66 views

Updated jupyter-notebook packages fix security vulnerabilities

Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...

7.5CVSS7.2AI score0.05664EPSS
Exploits1References4
Mageia
Mageia
added 2024/02/22 10:20 p.m.66 views

Updated nodejs yarnpkg packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...

7.8CVSS8AI score0.03168EPSS
Exploits0References6
Mageia
Mageia
added 2023/12/26 10:29 a.m.66 views

New chromium-browser-stable 120.0.6099.129 fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.129 release, fixing bugs and 20 vulnerabilities, together with 120.0.6099.109, 120.0.6099.71 and 120.0.6099.62; some of them are listed below. High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy...

8.8CVSS8.2AI score0.43238EPSS
Exploits3References6
Total number of security vulnerabilities5000