Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2022/11/13 2:25 a.m.•63 views

Updated binutils/gdb packages fix security vulnerability

libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 binutils: heap-based buffer overflow in bfdgetl32 when called by stripmain in objcopy.c via a crafted file CVE-2022-38533...

6.5CVSS4.4AI score0.01089EPSS
Exploits0References3
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•63 views

Updated freerdp packages fix security vulnerability

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. Th...

9.8CVSS1.6AI score0.02674EPSS
Exploits1References4
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•63 views

Updated bind packages fix security vulnerability

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 By spoofing the target resolver with responses that have a malformed ECDSA...

7.5CVSS8AI score0.02299EPSS
Exploits0References6
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•63 views

Updated squid packages fix security vulnerability

Exposure of Sensitive Information in Cache Manager. CVE-2022-41317 Buffer Over Read in SSPI and SMB Authentication. CVE-2022-41318...

8.6CVSS2.4AI score0.0282EPSS
Exploits0References4
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•63 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Us...

8.8CVSS1.6AI score0.04493EPSS
Exploits1References3
Mageia
Mageia
•added 2022/06/13 8:44 p.m.•63 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID CVE-2022-1789. KVM: x86: avoid calling x86 emulator without a decoded instruction CVE-2022-1852. A use-after-free vulnerability was...

7.1CVSS7.2AI score0.00318EPSS
Exploits6References4
Mageia
Mageia
•added 2022/05/22 11:26 a.m.•63 views

Updated nvidia-current packages fix security vulnerabilities

Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denia...

9.9CVSS0.9AI score0.01034EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•63 views

Updated xmlrpc-c packages fix security vulnerability

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVE-2022-25235...

9.8CVSS2.2AI score0.04955EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/05 5:32 p.m.•63 views

Updated chromium-browser-stable packages fix security vulnerability

Use after free in Portals. CVE-2022-1125 Use after free in QR Code Generator. CVE-2022-1127 Inappropriate implementation in Web Share API. CVE-2022-1128 Inappropriate implementation in Full Screen Mode. CVE-2022-1129 Insufficient validation of untrusted input in WebOTP. CVE-2022-1130 Use after fr...

8.8CVSS0.7AI score0.01613EPSS
Exploits17References2
Mageia
Mageia
•added 2022/02/02 9:29 p.m.•63 views

Updated connman packages fix security vulnerability

TCP Receive Path does not Check for Presence of Sufficient Header Data. CVE-2022-23096 Possibly invalid memory reference in 'strnlen' call in 'forwarddnsreply'. CVE-2022-23097 TCP Receive Path Triggers 100 % CPU loop if DNS server does not Send Back Data. CVE-2022-23098...

9.1CVSS2.4AI score0.02598EPSS
Exploits3References2
Mageia
Mageia
•added 2022/01/18 7:29 p.m.•63 views

Updated clamav packages fix security vulnerability

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

7.5CVSS5AI score0.03061EPSS
Exploits1References3
Mageia
Mageia
•added 2021/12/21 11:27 p.m.•63 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a...

7.8CVSS1AI score0.00513EPSS
Exploits3References8
Mageia
Mageia
•added 2021/12/05 7:6 p.m.•63 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.6 and fixes at least the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without...

4.7CVSS0.8AI score0.00515EPSS
Exploits1References3
Mageia
Mageia
•added 2021/11/25 1:6 p.m.•63 views

Updated couchdb packages fix security vulnerability

Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. CVE-2021-38295...

7.3CVSS4.4AI score0.02474EPSS
Exploits1References2
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•63 views

Updated ansible packages fix security vulnerability

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

7.1CVSS2.8AI score0.00854EPSS
Exploits0References4
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•63 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.48 and fixes at least the following security issues: The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection mechanism. This affects certs/blacklist.c and certs/systemkeyring.c...

8.7CVSS7.5AI score0.0066EPSS
Exploits2References3
Mageia
Mageia
•added 2021/04/02 8:25 p.m.•63 views

Updated batik packages fix security vulnerabilities

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

8.2CVSS3.3AI score0.13635EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•63 views

Updated libproxy packages fix security vulnerability

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-25219...

7.5CVSS4.8AI score0.04284EPSS
Exploits1References4
Mageia
Mageia
•added 2020/09/04 9:16 a.m.•63 views

Updated lua and lua5.3 packages fix security vulnerability

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31. CVE-2020-24370...

5.3CVSS2.8AI score0.03833EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/10 10:57 p.m.•63 views

Updated ruby-rack packages fix security vulnerability

Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in RackRubyGem rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...

8.6CVSS1AI score0.03687EPSS
Exploits0References5
Mageia
Mageia
•added 2020/05/27 12:46 a.m.•63 views

Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

9.8CVSS4.7AI score0.02475EPSS
Exploits1References2
Mageia
Mageia
•added 2019/09/21 11:7 a.m.•63 views

Updated chromium-browser-stable packages fix security vulnerabilities

Multiple flaws were found in the way Chromium 73.0.3683.103 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-5805, CVE-2019-5806, CVE-2019-5807,...

9.8CVSS2AI score0.55925EPSS
Exploits7References13
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•63 views

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information CVE-2019-8457. It was discovered that SQLite incorrectly handled certain queries. An attacker could...

9.8CVSS2.6AI score0.45426EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•63 views

Updated firefox packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

9.8CVSS9.3AI score0.20271EPSS
Exploits4References5
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•63 views

Updated podofo packages fix security vulnerabilities

The podofo package has been updated to fix several security issues...

8.8CVSS2AI score0.02359EPSS
Exploits9References5
Mageia
Mageia
•added 2018/11/03 11:55 a.m.•63 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Incorrect handling of unsigned attributes in singed Jar manifests Security, 8194534 CVE-2018-3136. Leak of sensitive header data via HTTP redirect Networking, 8196902 CVE-2018-3139. Incomplete enforcement of the trustURLCodebase...

9CVSS0.6AI score0.07215EPSS
Exploits2References3
Mageia
Mageia
•added 2018/09/14 8:41 p.m.•63 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes at least the following security issues: Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kerne...

7.8CVSS4.5AI score0.00506EPSS
Exploits0References6
Mageia
Mageia
•added 2017/09/21 1:43 p.m.•63 views

Updated tomcat packages fix security vulnerability

The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...

7.5CVSS1.1AI score0.708EPSS
Exploits4References6
Mageia
Mageia
•added 2017/04/16 6:29 a.m.•63 views

Updated mediawiki packages fix security vulnerability

API parameters may now be marked as "sensitive" to keep their values out of the logs CVE-2017-0361. "Mark all pages visited" on the watchlist now requires a CSRF token CVE-2017-0362. Special:UserLogin and Special:Search allow redirect to interwiki links CVE-2017-0363, CVE-2017-0364. XSS in...

8.8CVSS1.2AI score0.01525EPSS
Exploits1References2
Mageia
Mageia
•added 2016/07/26 9:16 p.m.•64 views

Updated apache packages fix security vulnerability

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

8.1CVSS0.3AI score0.55724EPSS
Exploits0References4
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•63 views

Updated libgd packages fix CVE-2015-8874

Updated libgd packages fix security vulnerability: It was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call CVE-2015-8874...

7.5CVSS6.9AI score0.08276EPSS
Exploits1References2
Mageia
Mageia
•added 2015/06/19 1:33 p.m.•63 views

Updated ffmpeg package fixes security vulnerability

The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file CVE-2014-9316. The decodeihdrchunk function in...

7.5CVSS8.2AI score0.02568EPSS
Exploits0References5
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•63 views

Updated icu packages fix security vulnerability

It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program CVE-2014-6585, CVE-2014-6591...

2.6CVSS6.7AI score0.04297EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•63 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a deni...

10CVSS7.5AI score0.09828EPSS
Exploits15References10
Mageia
Mageia
•added 2015/01/11 7:54 p.m.•63 views

Updated openssl packages fix security vulnerabilities

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an...

5CVSS7.1AI score0.98685EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•62 views

Updated nss & firefox packages fix security vulnerabilities

Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...

8.8CVSS8AI score0.72648EPSS
Exploits18References4
Mageia
Mageia
•added 2024/04/06 7:53 p.m.•62 views

Updated util-linux packages fix security vulnerability

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

3.3CVSS6.8AI score0.02242EPSS
Exploits3References3
Mageia
Mageia
•added 2024/02/09 2:45 a.m.•62 views

Updated kernel packages fix security vulnerabilities and other bugs

Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

7.5CVSS7.1AI score0.01177EPSS
Exploits1References17
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•62 views

Updated x11-server, x11-server-xwayland and tigervnc fix security issues

The updated packages fix security vulnerabilities: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. CVE-2023-6816 Reattaching to different master device may lead to out-of-bounds memory access. CVE-2024-0229 Heap buffer overflow in XISendDeviceHierarchyEvent. CVE-2024-21885 Heap...

9.8CVSS7.6AI score0.02106EPSS
Exploits0References3
Mageia
Mageia
•added 2023/10/11 9:4 p.m.•62 views

Updated glibc packages fix a security vulnerability

The updated packages fix a security vulnerability: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when...

7.8CVSS7.4AI score0.81422EPSS
Exploits27References3
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•62 views

Updated ruby-sinatra packages fix security vulnerability

Potential reflected file download RFD vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. CVE-2022-45442...

8.8CVSS1AI score0.00642EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•62 views

Updated freerdp packages fix security vulnerability

FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. CVE-2022-39282 All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as...

7.5CVSS7.7AI score0.00985EPSS
Exploits0References6
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•62 views

Updated mbedtls packages fix security vulnerability

An unauthenticated remote host could send an invalid ClientHello message in which the declared length of the cookie extends past the end of the message. A DTLS server with MBEDTLSSSLDTLSCLIENTPORTREUSE enabled would read past the end of the message up to the declared length of the cookie. This...

9.1CVSS0.7AI score0.01831EPSS
Exploits1References3
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•62 views

Updated poppler packages fix security vulnerability

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...

7.8CVSS7.8AI score0.00574EPSS
Exploits1References7
Mageia
Mageia
•added 2021/12/10 10:19 p.m.•62 views

Updated firefox packages fix security vulnerability

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL CVE-2021-43536. An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash due to a heap...

9.8CVSS0.0202EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/25 8:34 a.m.•62 views

Updated golang packages fix security vulnerabilities

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method CVE-2021-27918. net/http in Go before 1.15.12 and 1.16.x before 1.16....

7.5CVSS7.7AI score0.06975EPSS
Exploits5References6
Mageia
Mageia
•added 2021/04/12 7:59 p.m.•62 views

Updated curl packages fix security vulnerabilities

libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. CVE-2021-22876 TLS 1.3 session ticket...

5.3CVSS0.6AI score0.05301EPSS
Exploits2References4
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•62 views

Updated virtualbox packages fix security vulnerabilities

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability which can lead to execute code in the context of the hypervisor. CVE-2020-14872. An...

8.2CVSS2.8AI score0.00714EPSS
Exploits0References3
Mageia
Mageia
•added 2020/11/19 8:52 a.m.•62 views

Updated firefox and nss packages fix security vulnerabilities

When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...

9.3CVSS0.5AI score0.0245EPSS
Exploits1References3
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•62 views

Updated pdns packages fix security vulnerability

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while...

7.5CVSS1.3AI score0.02592EPSS
Exploits0References8
Total number of security vulnerabilities5000