Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2015/12/10 8:57 p.m.•68 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Type confusion in extensions CVE-2015-6788. Use-after-free in Blink CVE-2015-6789. Escaping issue in saved pages CVE-2015-6790. Various fixes from internal audits, fuzzing and other initiatives CVE-2015-6791...

10CVSS9.3AI score0.03199EPSS
Exploits0References2
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•68 views

Updated openssl package fixes security vulnerabilities

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...

7.5CVSS6.2AI score0.9986EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•68 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated nss, firefox, and thunderbird packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data CVE-2014-1569. Several flaws were found in the processing of malformed web...

7.5CVSS6.5AI score0.04052EPSS
Exploits4References13
Mageia
Mageia
•added 2014/05/19 6:30 p.m.•68 views

Updated kernel-linus packages fix multiple vulnerabilities

Updated kernel-linus provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of...

7.2CVSS6.6AI score0.22475EPSS
Exploits9References3
Mageia
Mageia
•added 2025/03/08 3:29 a.m.•67 views

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Medium CVE-2025-1918: Out of bounds read...

8.8CVSS7.6AI score0.00657EPSS
Exploits0References6
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•67 views

Updated git packages fix security vulnerabilities

Updated Git to version 2.41.1 to fix CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465...

9CVSS6.3AI score0.25334EPSS
Exploits34References3
Mageia
Mageia
•added 2024/06/02 3:29 a.m.•67 views

Updated unbound packages fix security vulnerability

Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a DNSBomb...

7.5CVSS6.7AI score0.01729EPSS
Exploits0References2
Mageia
Mageia
•added 2024/03/22 12:19 a.m.•67 views

Updated ffmpeg packages fix security vulnerability

Out of array access in avformat/rtsp. CVE-2023-47342...

7.1AI score
Exploits0References2
Mageia
Mageia
•added 2023/11/15 11:35 a.m.•67 views

Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error cou...

5.3CVSS6.5AI score0.05848EPSS
Exploits2References3
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.122 and fixes atleast the following security issues: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM...

7.8CVSS7.3AI score0.05794EPSS
Exploits3References4
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•67 views

Updated ghostscript packages fix security vulnerability

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

9.8CVSS9.6AI score0.06341EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•67 views

Updated heimdal packages fix security vulnerability

Isaac Boukris reported that the Heimdal KDC before 7.7.1 does not apply delegationnotallowed aka not-delegated user attributes for S4U2Self. Instead the forwardable flag is set even if the impersonated client has the not-delegated flag set. CVE-2019-14870 Joseph Sutton discovered that the Heimdal...

9.8CVSS7.5AI score0.06419EPSS
Exploits1References6
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•67 views

Updated libosip2 packages fix security vulnerability

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader. CVE-2022-41550...

6.5CVSS3.7AI score0.00538EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/07 5:27 a.m.•67 views

Updated xpdf packages fix security vulnerability

In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. CVE-2022-24106 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc...

7.8CVSS7.8AI score0.00314EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•67 views

Updated freetype2 packages fix security vulnerability

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfntinitface. CVE-2022-27404 FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNTSizeRequest...

9.8CVSS9.3AI score0.03243EPSS
Exploits2References2
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•67 views

Updated phoronix-test-suite packages fix security vulnerability

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. CVE-2022-0157 phoronix-test-suite is vulnerable to Cross-Site Request Forgery CSRF. CVE-2022-0196, CVE-2022-0197, CVE-2022-0238...

8.8CVSS2AI score0.01081EPSS
Exploits4References2
Mageia
Mageia
•added 2022/02/05 8:23 p.m.•67 views

Updated qtwebengine5 packages fix security vulnerability

The qtwebengine5 package has been updated to version 5.15.8, fixing several security issues in the bundled chromium code. See the referenced package announcement for details...

9.6CVSS7.7AI score0.36238EPSS
Exploits7References2
Mageia
Mageia
•added 2021/12/29 7:12 p.m.•67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...

7.8CVSS0.2AI score0.00549EPSS
Exploits1References5
Mageia
Mageia
•added 2021/08/15 8:38 a.m.•67 views

Updated sylpheed and claws-mail packages fix security vulnerability

Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...

6.1CVSS1.8AI score0.01155EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•67 views

Updated python-django package fixes security vulnerabilities

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability CVE-2021-28658. In Django 2.2 before 2.2.21, 3.1 before 3.1.9, an...

9.8CVSS1.7AI score0.44369EPSS
Exploits1References16
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•67 views

Updated php-smarty package fixes security vulnerabilities

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode CVE-2021-26119. Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring CVE-2021-26120...

9.8CVSS3.4AI score0.82316EPSS
Exploits2References3
Mageia
Mageia
•added 2021/04/18 2:50 p.m.•67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.30 and fixes at least the following security issues: nfc: fix refcount leak in llcpsockbind CVE-2020-25670 nfc: fix refcount leak in llcpsockconnect CVE-2020-25671 nfc: fix memory leak in llcpsockconnect CVE-2020-25672 firewire: nosy: Fix a...

7.8CVSS1.8AI score0.03259EPSS
Exploits3References4
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•67 views

Updated tomcat packages fix security vulnerability

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...

7.5CVSS6.7AI score0.87553EPSS
Exploits1References3
Mageia
Mageia
•added 2020/01/30 6:28 p.m.•67 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

8.1CVSS7.4AI score0.04903EPSS
Exploits0References3
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•67 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 78.0.3904.87 fixes security issues: Multiple flaws were found in the way Chromium 77.0.3865.120 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS2.2AI score0.72977EPSS
Exploits4References3
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References8
Mageia
Mageia
•added 2016/10/04 12:20 p.m.•67 views

Updated bind packages fix security vulnerability

The lwresd component in BIND which is not enabled by default could crash while processing an overlong request name. This could lead to a denial of service CVE-2016-2775. A crafted query could crash the BIND name server daemon, leading to a denial of service. All server roles authoritative,...

7.8CVSS3AI score0.89482EPSS
Exploits7References6
Mageia
Mageia
•added 2016/06/22 4:36 p.m.•67 views

Updated python packages fix security vulnerabilities

Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...

10CVSS1.6AI score0.2548EPSS
Exploits7References7
Mageia
Mageia
•added 2015/11/16 9:36 p.m.•67 views

Updated mariadb packages fix security vulnerabilities

This update provides the upstream 10.0.22 maintenance release and fixes the following security issues: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server :...

4CVSS6.1AI score0.30146EPSS
Exploits6References2
Mageia
Mageia
•added 2015/10/27 9:6 a.m.•67 views

Updated iceape/sqlite3 packages fix security vulnerabilities

Updated iceape packages fix security issues. The sqlite3 package has been updated as well since the new iceape version requires the SQLITEENABLEDBSTATVTAB feature to be enabled in sqlite. This sqlite3 update also enables ICU support, fixing bug 16814 . Use-after-free vulnerability in the...

10CVSS10.6AI score0.06328EPSS
Exploits0References17
Mageia
Mageia
•added 2015/07/27 9:53 a.m.•67 views

Updated java-1.8.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

10CVSS5.6AI score0.9986EPSS
Exploits1References5
Mageia
Mageia
•added 2015/05/05 1:36 p.m.•67 views

Updated clamav packages fix security vulnerabilities

This updates fixes the following security issues: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221 Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222...

6.8CVSS8AI score0.0837EPSS
Exploits1References6
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•67 views

Updated firefox and thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.4AI score0.04359EPSS
Exploits0References9
Mageia
Mageia
•added 2014/02/10 8:9 p.m.•67 views

Updated kernel-tmb packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2013/12/19 9:8 p.m.•67 views

Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2013-6420. It was discovered that PHP...

7.5CVSS1.8AI score0.35635EPSS
Exploits8References3
Mageia
Mageia
•added 2013/09/24 9:40 p.m.•67 views

Updated perl-Crypt-DSA package fixes security vulnerability

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...

5.8CVSS5.5AI score0.01958EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/27 1:30 a.m.•66 views

Updated kernel-linus packages fixes security vulnerabilities

Vanilla upstream kernel version 6.6.52 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS8.1AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•66 views

Updated ffmpeg packages fix security vulnerabilities

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the setencoderid function in /fftools/ffmpegenc.c component. CVE-2023-50010 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary...

8CVSS7.8AI score0.00479EPSS
Exploits1References2
Mageia
Mageia
•added 2024/04/30 10:25 p.m.•66 views

Updated cjson packages fix security vulnerabilities

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c. CVE-2023-50471 cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c. CVE-2023-50472...

7.5CVSS7.3AI score0.01508EPSS
Exploits2References1
Mageia
Mageia
•added 2024/04/23 1:20 a.m.•66 views

Updated kernel-linus packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS6.7AI score0.00754EPSS
Exploits1References7
Mageia
Mageia
•added 2024/04/23 1:20 a.m.•66 views

Updated kernel, kmod-xtables-addons, kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. dwarves is a new requirement to build the kernel. For information about the vulnerabilities see the links...

7.8CVSS6.8AI score0.00754EPSS
Exploits1References7
Mageia
Mageia
•added 2024/04/12 8:45 p.m.•66 views

Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

7.5CVSS7.1AI score0.35376EPSS
Exploits2References1
Mageia
Mageia
•added 2024/03/16 1:42 a.m.•66 views

Updated jupyter-notebook packages fix security vulnerabilities

Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...

7.5CVSS7.2AI score0.05664EPSS
Exploits1References4
Mageia
Mageia
•added 2024/02/22 10:20 p.m.•66 views

Updated nodejs yarnpkg packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...

7.8CVSS8AI score0.03168EPSS
Exploits0References6
Mageia
Mageia
•added 2023/12/26 10:29 a.m.•66 views

New chromium-browser-stable 120.0.6099.129 fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.129 release, fixing bugs and 20 vulnerabilities, together with 120.0.6099.109, 120.0.6099.71 and 120.0.6099.62; some of them are listed below. High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy...

8.8CVSS8.2AI score0.43238EPSS
Exploits3References6
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•66 views

Updated squirrel/supertux packages fix security vulnerability

sqclass.cpp in Squirrel 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as Fi...

10CVSS9.4AI score0.02177EPSS
Exploits1References3
Mageia
Mageia
•added 2023/03/01 9:14 p.m.•66 views

Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...

7.5CVSS6.6AI score0.02023EPSS
Exploits0References4
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•66 views

Updated qtbase5 packages fix security vulnerability

Avoid unintentionally using binaries from CWD CVE-2022-23853 Fix a possible DOS involving the Qt SQL ODBC driver plugin CVE-2023-24607 Also fixes a regression that prevented Akonadi from working with kmail...

7.8CVSS7.8AI score0.0132EPSS
Exploits0References1
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•66 views

Updated webkit2 packages fix security vulnerability

The updated packages fix security vulnerabilities and other issues...

8.8CVSS2.1AI score0.70461EPSS
Exploits0References4
Mageia
Mageia
•added 2022/06/09 8:49 p.m.•66 views

Updated vim packages fix security vulnerability

out-of-bounds read in gcharcursor in misc1.c CVE-2022-1851 use-after-free in findpatterninpath in search.c CVE-2022-1898 out-of-bounds write in vimregsubboth in regexp.c CVE-2022-1897 buffer over-read in utfptr2char in mbyte.c CVE-2022-1927 out of bounds write in vimregsubboth CVE-2022-1942...

7.8CVSS3.7AI score0.01601EPSS
Exploits6References3
Total number of security vulnerabilities5000