Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/10/16 5:4 p.m.•65 views

Updated php packages fix a security vulnerability

In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure...

5.3CVSS1.7AI score0.05029EPSS
Exploits1References4
Mageia
Mageia
•added 2020/09/17 10:15 a.m.•65 views

Updated libraw packages fix a security vulnerability

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength. CVE-2020-15503...

7.5CVSS3.5AI score0.03672EPSS
Exploits0References4
Mageia
Mageia
•added 2020/07/07 11:13 a.m.•65 views

Updated mariadb packages fix security vulnerability

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Client product of MariaDB component: C API Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this...

5.5CVSS3AI score0.03014EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•65 views

Updated webkit2 packages fix security vulnerability

webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service CVE-2020-3862. A DOM object context may not have had a unique security origin CVE-2020-3864. A top-level DOM object context may have incorrect...

9.3CVSS2.1AI score0.02633EPSS
Exploits0References4
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•65 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found CVE-2020-7059, CVE-2020-7060. Other security fixes have been applied: - Session: Fixed bug 79091 heap use-after-free in sessioncreateid. - Date: Fixed bug 79015...

9.1CVSS1.5AI score0.08888EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•65 views

Updated apache-commons-compress- packages fix security vulnerability

pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being...

7.5CVSS1.1AI score0.16157EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•65 views

Updated putty packages fix security vulnerabilities

Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Vulnerability in all the SSH client tools PuTTY, Plink, PSFTP, and PSCP if a malicious program can impersonate Pageant. Crash in GSSAP...

7.5CVSS0.9AI score0.02248EPSS
Exploits0References4
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•65 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte CVE-2019-11045. Buffer underflow in bcshiftaddsub. CVE-2019-11046 Heap-buffer-overflow READ in exif. CVE-2019-11047 mail may release string with refcount==1 twice. CVE-2019-11049...

9.8CVSS3.8AI score0.08818EPSS
Exploits3References2
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•65 views

Updated proftpd packages fix security vulnerabilities

Updated proftpd package fixes security vulnerabilities: It was discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands CVE-2019-12815. It was discovered that due to incorrect handling of overly long commands, a...

9.8CVSS2.1AI score0.57606EPSS
Exploits1References1
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•65 views

Updated libxslt packages fix security vulnerabilities

Updated libxslt package fixes security vulnerabilities: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, ...

7.5CVSS2.6AI score0.06457EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•65 views

Updated microcode packages fix security vulnerabilities

This update provides the Intel 20190514 microcode release that adds the microcode side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The fixed /...

5.9CVSS1.4AI score0.01553EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•65 views

Updated libgd packages fix security vulnerability

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5 has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger calls to the function with crafted image data CVE-2019-6977. The GD Graphics Library aka LibGD 2.2.5 has a double free in th...

9.8CVSS3.2AI score0.65116EPSS
Exploits7References2
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•65 views

Updated libxml2 packages fix security vulnerabilities

A flaw was found in libxml2 2.9.8. The xzdecomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint CVE-2018-9251, CVE-2018-14567. A null pointer...

7.5CVSS3.3AI score0.043EPSS
Exploits1References3
Mageia
Mageia
•added 2018/08/19 11:24 a.m.•65 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX m...

7.3CVSS7.1AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•65 views

Updated blender packages fix security vulnerabilities

Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files AVI, BMP, HDR, CIN, IRIS, PNG, TIFF may result in the execution of arbitrary code CVE-2017-2899,...

8.8CVSS1.3AI score0.0265EPSS
Exploits21References4
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues: In the function sbusfbioctlhelper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and...

7.8CVSS5AI score0.02379EPSS
Exploits1References7
Mageia
Mageia
•added 2018/05/31 8:34 p.m.•65 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.44 and fixes at least the following security issues: This update adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump bu...

8CVSS7AI score0.84172EPSS
Exploits22References27
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.25 and updates the KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. It also adds ome optimizations and improvements to mitigate some of the slowdons caused by the Meltdown CVE-2017-5754 and Spectre, variant 2 CVE-2017-5715. Other security...

5.6CVSS7.1AI score0.84172EPSS
Exploits10References8
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•65 views

Updated wireshark packages fix security vulnerabilities

The SIGCOMP dissector could crash CVE-2018-7320. Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible...

7.5CVSS1.1AI score0.02938EPSS
Exploits19References22
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provided the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

5.6CVSS7AI score0.84172EPSS
Exploits3References6
Mageia
Mageia
•added 2017/10/24 5:50 a.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest...

7.8CVSS1AI score0.03763EPSS
Exploits8References7
Mageia
Mageia
•added 2017/08/29 8:36 p.m.•65 views

Updated libgit2 packages fix security vulnerabilities

Read out-of-bounds in gitoidnfmt CVE-2016-8568. DoS using a null pointer dereference in gitcommitmessage CVE-2016-8569. Insufficient sanitization allows some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer CVE-2016-10128, CVE-2016-10129...

9.8CVSS2.5AI score0.03922EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•65 views

Updated unrar packages fix security vulnerabilities

VMSFDELTA memory corruption CVE-2012-6706. Directory traversal issue in UnRAR before 5.5.7 CVE-2017-12938. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function CVE-2017-12940. libunrar.a in UnRAR before 5.5.7 has a...

10CVSS5.3AI score0.10027EPSS
Exploits8References4
Mageia
Mageia
•added 2017/08/19 9:58 a.m.•65 views

Updated curl packages fix security vulnerabilities

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

6.5CVSS0.3AI score0.03958EPSS
Exploits0References4
Mageia
Mageia
•added 2017/06/08 9:39 p.m.•65 views

Updated libnl3 packages fix security vulnerability

An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process CVE-2017-0386. An integer overflow vulnerability was found in nlmsgreserve triggered by crafted @len argument resulting into...

9.3CVSS4.9AI score0.01959EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/03 10:5 p.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...

7.8CVSS3.5AI score0.11127EPSS
Exploits23References8
Mageia
Mageia
•added 2016/01/29 11:2 a.m.•65 views

Updated ntp packages fix security vulnerability

In ntpd before 4.2.8p6, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack. A server can be attacked by a client in a similar...

7.7CVSS7.9AI score0.11887EPSS
Exploits3References15
Mageia
Mageia
•added 2015/11/19 10:8 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.1.13 longterm kernel and fixes the following security issues: The virtnetprobe function in drivers/net/virtionet.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause...

10CVSS6.2AI score0.02501EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/16 9:36 p.m.•65 views

Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

7.5CVSS10.6AI score0.0449EPSS
Exploits0References14
Mageia
Mageia
•added 2015/04/30 9:57 p.m.•65 views

Updated kernel package fixes security vulnerabilities

This kernel update is based on upstream -longterm 3.14.39 and fixes the following security issues: It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with access to ...

9.3CVSS7.8AI score0.10108EPSS
Exploits1References8
Mageia
Mageia
•added 2015/03/03 9:16 p.m.•65 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2015-1351. It was...

7.5CVSS9.4AI score0.43146EPSS
Exploits11References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•65 views

Updated ffmpeg packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 2.0.6 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 2.0.6 allows an attacker to have an unspecified impact v...

7.5CVSS9.2AI score0.04697EPSS
Exploits0References5
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream longterm 3.10.58 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 cause...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References5
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to ...

7.2CVSS7.3AI score0.03751EPSS
Exploits8References26
Mageia
Mageia
•added 2014/10/23 1:27 p.m.•65 views

Updated openssl packages fix security vulnerabilities

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

7.1CVSS5.2AI score0.99999EPSS
Exploits7References3
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•65 views

Updated kernel-linus package fixes security vulnerabilities

Updated kernel-linus provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.8CVSS7AI score0.37233EPSS
Exploits22References12
Mageia
Mageia
•added 2014/08/12 9:16 a.m.•65 views

Updated openssl packages fix security vulnerabilities

A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected...

7.5CVSS6.4AI score0.7408EPSS
Exploits0References3
Mageia
Mageia
•added 2014/04/20 11:43 a.m.•65 views

Updated chromium-browser packages fix multiple security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue CVE-2014-1716, OOB access CVE-2014-1717, memory corruption CVE-2014-1721, and other vulnerabilities fixed in V8 version 3.24.35.22 CVE-2014-1729...

7.5CVSS7.1AI score0.01934EPSS
Exploits10References2
Mageia
Mageia
•added 2014/04/03 5:23 p.m.•65 views

Updated moodle packages fix multiple security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.9, question strings were not being filtered correctly possibly allowing cross site scripting, as quizquestiontostring can cause invalid HTML CVE-2014-2571. Feedback Availability dates not honored in complete.php in Moodle...

6.8CVSS6.1AI score0.02405EPSS
Exploits0References11
Mageia
Mageia
•added 2014/02/28 6:59 p.m.•65 views

Updated tomcat packages fix CVE-2014-0050

Updated tomcat packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Tomcat 7 includes an...

7.5CVSS7.7AI score0.83175EPSS
Exploits8References3
Mageia
Mageia
•added 2014/02/26 6:37 p.m.•65 views

Updated kernel fixes security vulnerabilities

This kernel update provides an update to the upstream stable 3.12.13 maintenance release and fixes the following security issues: A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev during uncached writes. An unprivileged local user with access to...

7.2CVSS8.3AI score0.00414EPSS
Exploits0References6
Mageia
Mageia
•added 2014/02/10 8:18 p.m.•65 views

Updated seamonkey packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service memory corruption and...

10CVSS9.8AI score0.11076EPSS
Exploits21References22
Mageia
Mageia
•added 2013/07/01 7:12 p.m.•65 views

Updated xml-security-c package fixes multiple security vulnerabilities

The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content CVE-2013-2153. A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed...

7.5CVSS2.3AI score0.08402EPSS
Exploits2References3
Mageia
Mageia
•added 2024/06/14 1:31 a.m.•64 views

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

9.8CVSS6.3AI score0.01952EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•64 views

Updated ruby packages fix security vulnerabilities

Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...

9.8CVSS6.8AI score0.02364EPSS
Exploits0References2
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•64 views

Updated ghostscript packages fix security vulnerability

Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix. CVE-2023-36664 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devnpcxwriterle in ghostscript. This issue may allow a local attacker to cause a denial o...

7.8CVSS6.9AI score0.03236EPSS
Exploits3References5
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•64 views

Updated postgresql packages fix security vulnerability

CREATE SCHEMA ... schemaelement defeats protective searchpath changes. CVE-2023-2454 Row security policies disregard user ID changes after inlining. CVE-2023-2455...

7.2CVSS7.1AI score0.0119EPSS
Exploits0References2
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•64 views

Updated jasper packages fix security vulnerability

Memory leak in function cmdoptsparse that can cause a crash or segmentation fault. CVE-2022-2963...

7.5CVSS2.4AI score0.01275EPSS
Exploits1References4
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•64 views

Updated python-jupyterlab packages fix security vulnerability

Remote code execution, but requires user action to open a notebook. CVE-2021-32797, and other bug fixes...

9.6CVSS2.9AI score0.02638EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•64 views

Updated apache-commons-fileupload packages fix security vulnerability

Denial of service with a malicious upload or series of uploads. CVE-2023-24998...

7.5CVSS7.9AI score0.46836EPSS
Exploits1References2
Total number of security vulnerabilities5000