Lucene search
K
MageiaMost viewed

6012 matches found

Mageia
Mageia
•added 2015/10/27 9:6 a.m.•67 views

Updated iceape/sqlite3 packages fix security vulnerabilities

Updated iceape packages fix security issues. The sqlite3 package has been updated as well since the new iceape version requires the SQLITEENABLEDBSTATVTAB feature to be enabled in sqlite. This sqlite3 update also enables ICU support, fixing bug 16814 . Use-after-free vulnerability in the...

10CVSS10.6AI score0.06328EPSS
Exploits0References17
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•67 views

Updated firefox and thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.4AI score0.04359EPSS
Exploits0References9
Mageia
Mageia
•added 2014/12/21 8:47 p.m.•67 views

Updated php packages fix CVE-2014-8142

Updated php packages fix security vulnerability: A use-after-free flaw was found in PHP unserialize. An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize CVE-2014-8142. PHP has been updated to version 5.5.20, which fixes the...

7.5CVSS8.9AI score0.53166EPSS
Exploits8References3
Mageia
Mageia
•added 2014/05/23 10:2 p.m.•67 views

Updated kernel-tmb packages fix multiple vulnerabilities

Updated kernel-tmb provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/02/26 6:37 p.m.•67 views

Updated kernel fixes security vulnerabilities

This kernel update provides an update to the upstream stable 3.12.13 maintenance release and fixes the following security issues: A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev during uncached writes. An unprivileged local user with access to...

7.2CVSS8.3AI score0.00414EPSS
Exploits0References6
Mageia
Mageia
•added 2014/02/10 8:9 p.m.•67 views

Updated kernel-tmb packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2013/11/22 6:57 p.m.•67 views

Updated kernel package fixes security vulnerabilites.

This kernel update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/09/24 9:40 p.m.•67 views

Updated perl-Crypt-DSA package fixes security vulnerability

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...

5.8CVSS5.5AI score0.01958EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/27 1:30 a.m.•66 views

Updated kernel-linus packages fixes security vulnerabilities

Vanilla upstream kernel version 6.6.52 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS8.1AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•66 views

Updated ffmpeg packages fix security vulnerabilities

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the setencoderid function in /fftools/ffmpegenc.c component. CVE-2023-50010 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary...

8CVSS7.8AI score0.00479EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/14 1:31 a.m.•66 views

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

9.8CVSS6.3AI score0.01952EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/30 10:25 p.m.•66 views

Updated cjson packages fix security vulnerabilities

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c. CVE-2023-50471 cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c. CVE-2023-50472...

7.5CVSS7.3AI score0.01508EPSS
Exploits2References1
Mageia
Mageia
•added 2024/04/23 1:20 a.m.•66 views

Updated kernel, kmod-xtables-addons, kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. dwarves is a new requirement to build the kernel. For information about the vulnerabilities see the links...

7.8CVSS6.8AI score0.00754EPSS
Exploits1References7
Mageia
Mageia
•added 2024/04/23 1:20 a.m.•66 views

Updated kernel-linus packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS6.7AI score0.00754EPSS
Exploits1References7
Mageia
Mageia
•added 2024/04/12 8:45 p.m.•66 views

Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

7.5CVSS7.1AI score0.35376EPSS
Exploits2References1
Mageia
Mageia
•added 2024/03/16 1:42 a.m.•66 views

Updated jupyter-notebook packages fix security vulnerabilities

Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...

7.5CVSS7.2AI score0.05664EPSS
Exploits1References4
Mageia
Mageia
•added 2023/12/26 10:29 a.m.•66 views

New chromium-browser-stable 120.0.6099.129 fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.129 release, fixing bugs and 20 vulnerabilities, together with 120.0.6099.109, 120.0.6099.71 and 120.0.6099.62; some of them are listed below. High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy...

8.8CVSS8.2AI score0.4351EPSS
Exploits3References6
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•66 views

Updated squirrel/supertux packages fix security vulnerability

sqclass.cpp in Squirrel 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as Fi...

10CVSS9.4AI score0.02177EPSS
Exploits1References3
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•66 views

Updated jasper packages fix security vulnerability

Memory leak in function cmdoptsparse that can cause a crash or segmentation fault. CVE-2022-2963...

7.5CVSS2.4AI score0.01275EPSS
Exploits1References4
Mageia
Mageia
•added 2023/03/01 9:14 p.m.•66 views

Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...

7.5CVSS6.6AI score0.02023EPSS
Exploits0References4
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•66 views

Updated qtbase5 packages fix security vulnerability

Avoid unintentionally using binaries from CWD CVE-2022-23853 Fix a possible DOS involving the Qt SQL ODBC driver plugin CVE-2023-24607 Also fixes a regression that prevented Akonadi from working with kmail...

7.8CVSS7.8AI score0.0132EPSS
Exploits0References1
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•66 views

Updated editorconfig-core-c packages fix security vulnerability

Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary...

7.8CVSS8.1AI score0.00965EPSS
Exploits1References1
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•66 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.87 version, fixing many bugs and 15 vulnerabilities, together with 107.0.5304.68. Some of the security fixes are: High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team...

8.8CVSS0.3AI score0.23798EPSS
Exploits4References4
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•66 views

Updated bind packages fix security vulnerability

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 By spoofing the target resolver with responses that have a malformed ECDSA...

7.5CVSS8AI score0.02299EPSS
Exploits0References6
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•66 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Us...

8.8CVSS1.6AI score0.04493EPSS
Exploits1References3
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•66 views

Updated webkit2 packages fix security vulnerability

The updated packages fix security vulnerabilities and other issues...

8.8CVSS2.1AI score0.70461EPSS
Exploits0References4
Mageia
Mageia
•added 2021/12/08 8:4 p.m.•66 views

Updated java openjdk packages fix security vulnerability

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...

7.1CVSS0.6AI score0.14839EPSS
Exploits0References4
Mageia
Mageia
•added 2021/07/06 11:12 p.m.•66 views

Updated httpcomponents-client packages fix a security vulnerability

Priyank Nigam discovered that HttpComponents Client could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution CVE-2020-13956...

5.3CVSS1AI score0.08665EPSS
Exploits1References2
Mageia
Mageia
•added 2021/04/02 8:25 p.m.•66 views

Updated nodejs-chownr packages fix security vulnerability

Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks CVE-2017-18869...

2.5CVSS3.5AI score0.00334EPSS
Exploits1References1
Mageia
Mageia
•added 2021/02/10 6:41 p.m.•66 views

Updated nethack packages fix security vulnerabilities

Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own...

9.8CVSS4.3AI score0.03384EPSS
Exploits0References14
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•66 views

Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

7.8CVSS3AI score0.83433EPSS
Exploits1References2
Mageia
Mageia
•added 2020/11/15 3:45 p.m.•66 views

Updated kleopatra packages fix a security vulnerability

The Kleopatra component before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary library. CVE-2020-24972...

8.8CVSS6.2AI score0.04719EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•66 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerabilities: It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service CVE-2019-6477. Lior Shafir, Yehuda Afek, and Anat...

8.6CVSS1.8AI score0.93422EPSS
Exploits6References6
Mageia
Mageia
•added 2020/05/29 9:18 p.m.•66 views

Updated json-c packages fix security vulnerability

Updated json-c package fixes security vulnerabilities: It was discovered that json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend CVE-2020-12762...

7.8CVSS3.8AI score0.01888EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•66 views

Updated webkit2 packages fix security vulnerability

webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service CVE-2020-3862. A DOM object context may not have had a unique security origin CVE-2020-3864. A top-level DOM object context may have incorrect...

9.3CVSS2.1AI score0.02633EPSS
Exploits0References4
Mageia
Mageia
•added 2019/12/14 12:37 a.m.•66 views

Updated kernel packages fix security vulnerability

This update provides an update to 5.4 series kernels, currently based on upstream 5.4.2, adding support for new hardware and features, and fixing at least the following security issue: KVM: x86: fix out-of-bounds write in KVMGETEMULATEDCPUID CVE-2019-19332 WireGuard has been updated to...

6.1CVSS0.8AI score0.00679EPSS
Exploits1References4
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•66 views

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC...

8.8CVSS8.9AI score0.06643EPSS
Exploits3References5
Mageia
Mageia
•added 2019/10/06 4:32 p.m.•66 views

Updated xpdf packages fix security vulnerabilities

The updated xpdf packages fix security vulnerabilities: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. CVE-2019-10018 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function...

5.5CVSS2.4AI score0.01105EPSS
Exploits5References1
Mageia
Mageia
•added 2019/09/28 1:5 a.m.•66 views

Updated nghttp2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple stream...

7.8CVSS2.6AI score0.82017EPSS
Exploits0References2
Mageia
Mageia
•added 2019/09/15 2:45 p.m.•66 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery CVE-2019-11358. An account can be logged out without using a token CSRF CVE-2019-12466. A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them CVE-2019-12467. Directly...

9.8CVSS1AI score0.87218EPSS
Exploits4References4
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•66 views

Updated python-urllib3 packages fix security vulnerability

It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection CVE-2019-11236...

6.1CVSS8.6AI score0.02056EPSS
Exploits1References2
Mageia
Mageia
•added 2018/11/20 11:11 a.m.•66 views

Updated apache packages fix security vulnerabilities

modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...

9.8CVSS1.1AI score0.86006EPSS
Exploits0References6
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•66 views

Updated unixODBC packages fix security vulnerability

unixODBC before version 2.3.5 is vulnerable to a buffer overflow in the DriverManager/info.c:unicodetoansicopy method. An attacker could exploit this to cause a denial of service or other unspecified impact CVE-2018-7409. The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3....

9.8CVSS6.7AI score0.03082EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/19 11:24 a.m.•66 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX m...

7.3CVSS7.1AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•66 views

Updated libtiff packages fix security vulnerabilities

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, tdimagelength is not checked. The value of tdimagelength can be directly controlled by an input file. In the...

6.5CVSS3.2AI score0.0296EPSS
Exploits1References1
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•66 views

Updated wireshark packages fix security vulnerabilities

The SIGCOMP dissector could crash CVE-2018-7320. Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible...

7.5CVSS1.1AI score0.02938EPSS
Exploits19References22
Mageia
Mageia
•added 2017/11/02 9:47 p.m.•66 views

Updated tomcat packages fix security vulnerability

When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS1.6AI score0.99988EPSS
Exploits23References3
Mageia
Mageia
•added 2017/06/08 9:39 p.m.•66 views

Updated libnl3 packages fix security vulnerability

An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process CVE-2017-0386. An integer overflow vulnerability was found in nlmsgreserve triggered by crafted @len argument resulting into...

9.3CVSS4.9AI score0.01959EPSS
Exploits0References3
Mageia
Mageia
•added 2016/06/17 5:58 a.m.•66 views

Updated expat packages fix security vulnerabilities

Updated expat packages fix security vulnerabilities: An issue was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XMLParse seeds the random number generator generating repeated outputs for rand calls CVE-2012-6702. Due to an incomplete solution...

7.8CVSS3.3AI score0.06539EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/29 11:2 a.m.•66 views

Updated ntp packages fix security vulnerability

In ntpd before 4.2.8p6, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack. A server can be attacked by a client in a similar...

7.7CVSS7.9AI score0.11887EPSS
Exploits3References15
Total number of security vulnerabilities5000