Lucene search
K
MageiaMost viewed

6012 matches found

Mageia
Mageia
added 2021/04/03 1:16 p.m.67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.27 and fixes at least the following security issues: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions...

7.8CVSS1.9AI score0.00858EPSS
Exploits0References5
Mageia
Mageia
added 2021/01/29 7:5 p.m.67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.11 and fixes at least the following security issue: SCSI “EXTENDED COPY” XCOPY requests sent to a Linux SCSI target LIO allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to o...

8.1CVSS3.3AI score0.06563EPSS
Exploits0References7
Mageia
Mageia
added 2020/05/29 9:18 p.m.67 views

Updated json-c packages fix security vulnerability

Updated json-c package fixes security vulnerabilities: It was discovered that json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend CVE-2020-12762...

7.8CVSS3.8AI score0.01888EPSS
Exploits1References2
Mageia
Mageia
added 2019/12/14 12:37 a.m.67 views

Updated kernel packages fix security vulnerability

This update provides an update to 5.4 series kernels, currently based on upstream 5.4.2, adding support for new hardware and features, and fixing at least the following security issue: KVM: x86: fix out-of-bounds write in KVMGETEMULATEDCPUID CVE-2019-19332 WireGuard has been updated to...

6.1CVSS0.8AI score0.00679EPSS
Exploits1References4
Mageia
Mageia
added 2019/09/28 1:5 a.m.67 views

Updated nghttp2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple stream...

7.8CVSS2.6AI score0.82017EPSS
Exploits0References2
Mageia
Mageia
added 2019/09/06 9:9 p.m.67 views

Updated python-urllib3 packages fix security vulnerability

It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection CVE-2019-11236...

6.1CVSS8.6AI score0.02056EPSS
Exploits1References2
Mageia
Mageia
added 2018/09/21 4:26 p.m.67 views

Updated unixODBC packages fix security vulnerability

unixODBC before version 2.3.5 is vulnerable to a buffer overflow in the DriverManager/info.c:unicodetoansicopy method. An attacker could exploit this to cause a denial of service or other unspecified impact CVE-2018-7409. The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3....

9.8CVSS6.7AI score0.03082EPSS
Exploits0References2
Mageia
Mageia
added 2018/05/31 8:34 p.m.67 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.44 and fixes at least the following security issues: This update adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump bu...

8CVSS7AI score0.84172EPSS
Exploits22References27
Mageia
Mageia
added 2018/01/13 2:28 p.m.67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provided the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

5.6CVSS7AI score0.84172EPSS
Exploits3References6
Mageia
Mageia
added 2017/11/02 9:47 p.m.67 views

Updated tomcat packages fix security vulnerability

When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS1.6AI score0.99988EPSS
Exploits23References3
Mageia
Mageia
added 2017/07/28 6:12 p.m.67 views

Updated valgrind packages fix security vulnerabilities

It was discovered that Valgrind incorectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code CVE-2016-2226. It was discovered that Valgrind incorrectly handled parsing...

7.8CVSS3AI score0.07267EPSS
Exploits1References2
Mageia
Mageia
added 2017/07/23 7:58 p.m.68 views

Updated expat packages fix security vulnerabilities

Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library CVE-2016-9063. Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcess...

9.8CVSS3AI score0.08739EPSS
Exploits1References2
Mageia
Mageia
added 2016/07/05 3:47 p.m.67 views

Updated php packages fix security vulnerability

php-mbstring phpmbregexeregreplaceexec - double free CVE-2016-5768. php-mcrypt heap Overflow due to integer overflows CVE-2016-5769. php-SPL int/sizet confusion in SplFileObject::fread CVE-2016-5770. php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize CVE-2016-5771. php-WDD...

9.8CVSS1.7AI score0.15484EPSS
Exploits9References2
Mageia
Mageia
added 2015/10/27 9:6 a.m.67 views

Updated iceape/sqlite3 packages fix security vulnerabilities

Updated iceape packages fix security issues. The sqlite3 package has been updated as well since the new iceape version requires the SQLITEENABLEDBSTATVTAB feature to be enabled in sqlite. This sqlite3 update also enables ICU support, fixing bug 16814 . Use-after-free vulnerability in the...

10CVSS10.6AI score0.06328EPSS
Exploits0References17
Mageia
Mageia
added 2015/02/26 8:26 a.m.67 views

Updated firefox and thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.4AI score0.04359EPSS
Exploits0References9
Mageia
Mageia
added 2014/12/21 8:47 p.m.67 views

Updated php packages fix CVE-2014-8142

Updated php packages fix security vulnerability: A use-after-free flaw was found in PHP unserialize. An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize CVE-2014-8142. PHP has been updated to version 5.5.20, which fixes the...

7.5CVSS8.9AI score0.53166EPSS
Exploits8References3
Mageia
Mageia
added 2014/05/23 10:2 p.m.67 views

Updated kernel-tmb packages fix multiple vulnerabilities

Updated kernel-tmb provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
added 2014/02/26 6:37 p.m.67 views

Updated kernel fixes security vulnerabilities

This kernel update provides an update to the upstream stable 3.12.13 maintenance release and fixes the following security issues: A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev during uncached writes. An unprivileged local user with access to...

7.2CVSS8.3AI score0.00414EPSS
Exploits0References6
Mageia
Mageia
added 2013/11/22 6:57 p.m.67 views

Updated kernel package fixes security vulnerabilites.

This kernel update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
added 2013/09/24 9:40 p.m.67 views

Updated perl-Crypt-DSA package fixes security vulnerability

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...

5.8CVSS5.5AI score0.01958EPSS
Exploits0References2
Mageia
Mageia
added 2024/09/27 1:30 a.m.66 views

Updated kernel-linus packages fixes security vulnerabilities

Vanilla upstream kernel version 6.6.52 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS8.1AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
added 2024/06/14 1:31 a.m.66 views

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

9.8CVSS6.3AI score0.01952EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/30 10:25 p.m.66 views

Updated cjson packages fix security vulnerabilities

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c. CVE-2023-50471 cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c. CVE-2023-50472...

7.5CVSS7.3AI score0.01508EPSS
Exploits2References1
Mageia
Mageia
added 2024/04/23 1:20 a.m.66 views

Updated kernel-linus packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS6.7AI score0.00754EPSS
Exploits1References7
Mageia
Mageia
added 2024/04/12 8:45 p.m.66 views

Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

7.5CVSS7.1AI score0.35376EPSS
Exploits2References1
Mageia
Mageia
added 2024/03/16 1:42 a.m.66 views

Updated jupyter-notebook packages fix security vulnerabilities

Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...

7.5CVSS7.2AI score0.05664EPSS
Exploits1References4
Mageia
Mageia
added 2023/12/26 10:29 a.m.66 views

New chromium-browser-stable 120.0.6099.129 fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.129 release, fixing bugs and 20 vulnerabilities, together with 120.0.6099.109, 120.0.6099.71 and 120.0.6099.62; some of them are listed below. High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy...

8.8CVSS8.2AI score0.4351EPSS
Exploits3References6
Mageia
Mageia
added 2023/04/24 12:20 a.m.66 views

Updated squirrel/supertux packages fix security vulnerability

sqclass.cpp in Squirrel 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as Fi...

10CVSS9.4AI score0.02177EPSS
Exploits1References3
Mageia
Mageia
added 2023/03/18 10:16 p.m.66 views

Updated jasper packages fix security vulnerability

Memory leak in function cmdoptsparse that can cause a crash or segmentation fault. CVE-2022-2963...

7.5CVSS2.4AI score0.01275EPSS
Exploits1References4
Mageia
Mageia
added 2023/03/01 9:14 p.m.66 views

Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...

7.5CVSS6.6AI score0.02023EPSS
Exploits0References4
Mageia
Mageia
added 2023/02/14 10:43 p.m.66 views

Updated editorconfig-core-c packages fix security vulnerability

Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary...

7.8CVSS8.1AI score0.00965EPSS
Exploits1References1
Mageia
Mageia
added 2022/11/13 2:25 a.m.66 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.87 version, fixing many bugs and 15 vulnerabilities, together with 107.0.5304.68. Some of the security fixes are: High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team...

8.8CVSS0.3AI score0.23798EPSS
Exploits4References4
Mageia
Mageia
added 2022/10/23 10:48 p.m.66 views

Updated bind packages fix security vulnerability

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 By spoofing the target resolver with responses that have a malformed ECDSA...

7.5CVSS8AI score0.02299EPSS
Exploits0References6
Mageia
Mageia
added 2022/08/25 9:21 p.m.66 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Us...

8.8CVSS1.6AI score0.04493EPSS
Exploits1References3
Mageia
Mageia
added 2022/08/20 10:4 a.m.66 views

Updated webkit2 packages fix security vulnerability

The updated packages fix security vulnerabilities and other issues...

8.8CVSS2.1AI score0.70461EPSS
Exploits0References4
Mageia
Mageia
added 2021/12/08 8:4 p.m.66 views

Updated java openjdk packages fix security vulnerability

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...

7.1CVSS0.6AI score0.14839EPSS
Exploits0References4
Mageia
Mageia
added 2021/07/06 11:12 p.m.66 views

Updated httpcomponents-client packages fix a security vulnerability

Priyank Nigam discovered that HttpComponents Client could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution CVE-2020-13956...

5.3CVSS1AI score0.08665EPSS
Exploits1References2
Mageia
Mageia
added 2021/04/02 8:25 p.m.66 views

Updated nodejs-chownr packages fix security vulnerability

Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks CVE-2017-18869...

2.5CVSS3.5AI score0.00334EPSS
Exploits1References1
Mageia
Mageia
added 2021/02/10 6:41 p.m.66 views

Updated nethack packages fix security vulnerabilities

Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own...

9.8CVSS4.3AI score0.03384EPSS
Exploits0References14
Mageia
Mageia
added 2020/12/21 9:47 p.m.66 views

Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

7.8CVSS3AI score0.83433EPSS
Exploits1References2
Mageia
Mageia
added 2020/11/15 3:45 p.m.66 views

Updated kleopatra packages fix a security vulnerability

The Kleopatra component before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary library. CVE-2020-24972...

8.8CVSS6.2AI score0.04719EPSS
Exploits1References2
Mageia
Mageia
added 2020/09/17 10:15 a.m.66 views

Updated libraw packages fix a security vulnerability

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength. CVE-2020-15503...

7.5CVSS3.5AI score0.03672EPSS
Exploits0References4
Mageia
Mageia
added 2020/07/07 11:13 a.m.66 views

Updated mariadb packages fix security vulnerability

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Client product of MariaDB component: C API Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this...

5.5CVSS3AI score0.03014EPSS
Exploits0References2
Mageia
Mageia
added 2020/06/15 7:54 a.m.66 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerabilities: It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service CVE-2019-6477. Lior Shafir, Yehuda Afek, and Anat...

8.6CVSS1.8AI score0.93422EPSS
Exploits6References6
Mageia
Mageia
added 2020/02/18 2:5 p.m.66 views

Updated webkit2 packages fix security vulnerability

webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service CVE-2020-3862. A DOM object context may not have had a unique security origin CVE-2020-3864. A top-level DOM object context may have incorrect...

9.3CVSS2.1AI score0.02633EPSS
Exploits0References4
Mageia
Mageia
added 2020/01/05 3:37 p.m.66 views

Updated apache-commons-compress- packages fix security vulnerability

pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being...

7.5CVSS1.1AI score0.16157EPSS
Exploits0References2
Mageia
Mageia
added 2019/12/25 7:8 p.m.66 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte CVE-2019-11045. Buffer underflow in bcshiftaddsub. CVE-2019-11046 Heap-buffer-overflow READ in exif. CVE-2019-11047 mail may release string with refcount==1 twice. CVE-2019-11049...

9.8CVSS3.8AI score0.08818EPSS
Exploits3References2
Mageia
Mageia
added 2019/11/07 11:36 p.m.66 views

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC...

8.8CVSS8.9AI score0.06643EPSS
Exploits3References5
Mageia
Mageia
added 2019/10/06 4:32 p.m.66 views

Updated xpdf packages fix security vulnerabilities

The updated xpdf packages fix security vulnerabilities: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. CVE-2019-10018 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function...

5.5CVSS2.4AI score0.01105EPSS
Exploits5References1
Mageia
Mageia
added 2019/09/15 2:45 p.m.66 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery CVE-2019-11358. An account can be logged out without using a token CSRF CVE-2019-12466. A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them CVE-2019-12467. Directly...

9.8CVSS1AI score0.87218EPSS
Exploits4References4
Total number of security vulnerabilities5000