Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2023/03/18 10:16 p.m.•64 views

Updated jasper packages fix security vulnerability

Memory leak in function cmdoptsparse that can cause a crash or segmentation fault. CVE-2022-2963...

7.5CVSS2.4AI score0.01275EPSS
Exploits1References4
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•64 views

Updated python-jupyterlab packages fix security vulnerability

Remote code execution, but requires user action to open a notebook. CVE-2021-32797, and other bug fixes...

9.6CVSS2.9AI score0.02638EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•64 views

Updated apache-commons-fileupload packages fix security vulnerability

Denial of service with a malicious upload or series of uploads. CVE-2023-24998...

7.5CVSS7.9AI score0.46836EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/17 8:37 p.m.•64 views

Updated firefox packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

9.8CVSS1.7AI score0.00921EPSS
Exploits0References4
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•64 views

Updated nodejs packages fix security vulnerability

DNS rebinding in --inspect on macOS CVE-2022-32212 Bypass via obs-fold mechanic CVE-2022-32213 HTTP Request Smuggling Due to Incorrect Parsing of Header Fields CVE-2022-35256...

8.1CVSS2AI score0.35079EPSS
Exploits2References3
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•64 views

Updated libgsasl packages fix security vulnerability

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. CVE-2022-2469...

8.1CVSS2.2AI score0.01091EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/18 6:45 p.m.•64 views

Updated nvidia-current packages fix security vulnerabilities

Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of...

7.8CVSS3AI score0.00245EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/13 2:32 a.m.•64 views

Updated golang packages fix security vulnerability

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. CVE-2022-32189...

7.5CVSS7.7AI score0.0198EPSS
Exploits1References6
Mageia
Mageia
•added 2022/06/18 9:30 p.m.•64 views

Updated exempi packages fix security vulnerability

XMP Toolkit SDK versions 2020.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...

9.3CVSS4.1AI score0.05409EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•64 views

Updated opencontainers-runc packages fix security vulnerability

A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bug did n...

7.8CVSS2AI score0.00386EPSS
Exploits0References3
Mageia
Mageia
•added 2022/04/23 5:22 p.m.•64 views

Updated gzip/xz packages fix security vulnerability

zgrep, xzgrep: arbitrary-file-write vulnerability. CVE-2022-1271...

8.8CVSS1.5AI score0.04271EPSS
Exploits0References8
Mageia
Mageia
•added 2022/02/08 4:27 p.m.•64 views

Updated glibc packages fix security vulnerability

Updated glibc packages fix security vulnerability: An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to...

7.8CVSS1.9AI score0.0072EPSS
Exploits1References1
Mageia
Mageia
•added 2022/01/11 11:22 p.m.•64 views

Updated nss and firefox packages fix security vulnerabilities

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

10CVSS0.2AI score0.0134EPSS
Exploits6References5
Mageia
Mageia
•added 2021/12/26 12:14 a.m.•66 views

Updated golang packages fix security vulnerability

net/http: limit growth of header canonicalization cache CVE-2021-44716 syscall: don't close fd 0 on ForkExec error CVE-2021-44717...

7.5CVSS1.8AI score0.03958EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/08 8:4 p.m.•64 views

Updated nginx/vsftpd packages fix security vulnerability

ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

7.4CVSS7.7AI score0.02037EPSS
Exploits0References3
Mageia
Mageia
•added 2021/11/11 3:2 p.m.•64 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.78 and fixes at least the following security issues: A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability CVE-2021-3760. A flaw in the SCTP stack where a blind attacker may be...

9.8CVSS7.6AI score0.57853EPSS
Exploits4References4
Mageia
Mageia
•added 2021/10/02 6:57 p.m.•64 views

Updated python packages fix security vulnerability

Denial of service when identifying crafted invalid RFCs Security fix for CVE-2021-3737: python client can enter an infinite loop on a 100 Continue response from the server...

6.5CVSS2.6AI score0.04675EPSS
Exploits1References2
Mageia
Mageia
•added 2021/08/07 9:31 a.m.•64 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.56 and fixes at least the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection...

5.5CVSS3.7AI score0.0046EPSS
Exploits2References5
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•64 views

Updated nodejs packages fix security vulnerability

Updated nodejs packages fix security vulnerability: Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior CVE-2021-22930...

9.8CVSS2.3AI score0.37286EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/25 2:45 p.m.•64 views

Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

9.8CVSS3.9AI score0.69062EPSS
Exploits3References9
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•64 views

Updated glib2.0 packages fix security vulnerabilities

Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2021-27218. Kevin Backhouse discovered that GLib incorrect...

7.5CVSS8.2AI score0.0408EPSS
Exploits2References3
Mageia
Mageia
•added 2021/05/02 4:29 p.m.•64 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...

7CVSS1.5AI score0.01071EPSS
Exploits1References4
Mageia
Mageia
•added 2021/04/29 9:41 a.m.•64 views

Updated thunderbird packages fix security vulnerabilities

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...

8.8CVSS0.2AI score0.01764EPSS
Exploits2References4
Mageia
Mageia
•added 2020/06/10 11:59 p.m.•64 views

Updated perl packages fix security vulnerability

This update from 5.28.2 to 5.28.3 fixes bugs several bugs the RPM package manager. - Update to 5.23.3 See https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod for release notes - Security release fixes CVE-2020-10543, CVE-2020-10878 and CVE-2020-12723 - Work around a glibc bug...

8.6CVSS0.3AI score0.11334EPSS
Exploits0References1
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•64 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. BZ 25487 CVE-2020-10029. Fix use-after-free in glob when expanding user BZ 2541...

7CVSS7.3AI score0.00758EPSS
Exploits1References3
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•64 views

Updated tomcat packages fix security vulnerabilities

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

7.5CVSS2.6AI score0.10687EPSS
Exploits0References6
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•64 views

Updated curl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4...

9.8CVSS3AI score0.49739EPSS
Exploits2References8
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•64 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC networking. CVE-2019-11760...

8.8CVSS8.7AI score0.06643EPSS
Exploits3References6
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•64 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve EC cryptography. CVE-2019-2745 Insufficient checks of suppressed exceptions in deserialization. CVE-2019-2762 Unbounded memory allocation during deserialization in Collections. CVE-2019-276...

5.8CVSS6.4AI score0.04351EPSS
Exploits0References3
Mageia
Mageia
•added 2019/08/18 12:39 p.m.•64 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise mariadb server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or...

6.5CVSS3.4AI score0.03972EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/27 4:44 p.m.•64 views

Updated virtualbox packages fix security vulnerabilities

OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data CVE-2019-1543. Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows...

8.8CVSS2.6AI score0.05701EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•64 views

Updated firefox packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

9.8CVSS9.1AI score0.20271EPSS
Exploits2References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•64 views

Updated jruby packages fix security vulnerability

Several vulnerabilities were discovered in jruby. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code CVE-2018-1000073, CVE-2018-1000074,...

9.8CVSS3.1AI score0.05076EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•64 views

Updated podofo packages fix security vulnerabilities

The podofo package has been updated to fix several security issues...

8.8CVSS2AI score0.02359EPSS
Exploits9References5
Mageia
Mageia
•added 2018/11/27 3:26 p.m.•64 views

Updated mariadb packages fix security vulnerabilities

Some easily exploitable vulnerabilities allowing high privileged attacker with network access via multiple protocols to compromise MySQL Server have been fixed...

9.8CVSS4.6AI score0.0595EPSS
Exploits0References1
Mageia
Mageia
•added 2018/09/14 8:41 p.m.•64 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes at least the following security issues: Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kerne...

7.8CVSS4.5AI score0.00506EPSS
Exploits0References6
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•64 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaD...

7.7CVSS2.4AI score0.0401EPSS
Exploits0References4
Mageia
Mageia
•added 2017/09/01 9:10 p.m.•64 views

Updated iceape packages fix security vulnerabilities

Updated Iceape packages include security fixes from upstream Seamonkey: Multiple flaws were found in the way Iceape 2.46 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive...

9.8CVSS2.8AI score0.33434EPSS
Exploits40References6
Mageia
Mageia
•added 2016/12/07 11:48 a.m.•64 views

Updated kernel-linus-4.4.32 packages fix security vulnerability

This update is based on upstream 4.4.32 and fixes alteast the following security issues: Vladimir Bene discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption,...

7.8CVSS2.8AI score0.07613EPSS
Exploits0References7
Mageia
Mageia
•added 2016/12/05 9:49 p.m.•64 views

Updated virtualbox packages fixes security vulnerabilities

This update provides virtualbox 5.1.10 maintenance release and resolves at least the following security issues: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and...

10CVSS3.9AI score0.95707EPSS
Exploits9References3
Mageia
Mageia
•added 2016/07/26 9:16 p.m.•65 views

Updated apache packages fix security vulnerability

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

8.1CVSS0.3AI score0.55724EPSS
Exploits0References4
Mageia
Mageia
•added 2015/10/13 10:40 p.m.•64 views

Updated qemu packages fixes security vulnerabilities

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....

7.2CVSS8.7AI score0.04935EPSS
Exploits0References3
Mageia
Mageia
•added 2014/06/18 8:50 p.m.•64 views

Updated kernel packages fixes security vulnerabilities.

Updated kernel packages fixes security vulnerabilities. The kernel has been updated to the upstream 3.12.21 longterm kernel, and fixes the following security issues: media-device: fix infoleak in ioctl mediaenumentities CVE-2014-1739 The futexrequeue function in kernel/futex.c in the Linux kernel...

7.8CVSS7AI score0.37233EPSS
Exploits17References2
Mageia
Mageia
•added 2014/02/25 9:42 p.m.•64 views

Updated perl-CGI-Application packages fix CVE-2013-7329

Updated perl-CGI-Application package fixes security vulnerability: When applications using CGI::Application overload setup, which is normally the case, CGI::Application since version 4.19 has dumphtml as a default run-mode unless the application explicitly redefines it. This unexpectedly dumps a...

5CVSS2.7AI score0.01884EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/25 9:35 p.m.•64 views

Updated springframework package fixes security vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS0.6AI score0.90455EPSS
Exploits0References2
Mageia
Mageia
•added 2024/02/20 6:28 a.m.•63 views

Updated wireshark packages fix security vulnerabilities

The updated packages fix security vulnerabilities: RTPS dissector memory leak. CVE-2023-5371 SSH dissector invalid read of memory blocks. CVE-2023-6174 NetScreen File Parsing Heap-based Buffer Overflow. CVE-2023-6175 GVCP dissector crash via packet injection or crafted capture file. CVE-2024-0208...

7.8CVSS7.3AI score0.03456EPSS
Exploits2References2
Mageia
Mageia
•added 2024/02/10 1:3 a.m.•63 views

Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

5.9CVSS7.2AI score0.9378EPSS
Exploits4References2
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•63 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be...

9.8CVSS9.5AI score0.00978EPSS
Exploits3References8
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•63 views

Updated skopeo/buildah/podman packages fix security vulnerability

Information disclosure flaw was found in Buildah CVE-2021-3602 podman allows forwarding hosts ports to vm from within vm CVE-2021-4024 Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration CVE-2021-20206 github.com/containers/storag...

8.8CVSS7.1AI score0.06975EPSS
Exploits7References45
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•63 views

Updated sogo packages fix security vulnerability

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...

7.5CVSS3.9AI score0.00987EPSS
Exploits0References3
Total number of security vulnerabilities5000