Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/09/27 8:6 p.m.•62 views

Updated pdns packages fix security vulnerability

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while...

7.5CVSS1.3AI score0.02592EPSS
Exploits0References8
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•62 views

Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

9.8CVSS9.5AI score0.90039EPSS
Exploits4References3
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•62 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...

7.2CVSS2.4AI score0.04505EPSS
Exploits2References9
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•62 views

Updated microcode packages fix security vulnerabilities

This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for at least the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and a...

6.5CVSS2.3AI score0.03133EPSS
Exploits0References7
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•62 views

Updated python-numpy packages fix security vulnerability

Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call CVE-2019-6446...

9.8CVSS7AI score0.17078EPSS
Exploits2References2
Mageia
Mageia
•added 2019/08/31 1:22 p.m.•62 views

Updated wpa_supplicant and hostapd packages fix security vulnerability

A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...

5.9CVSS0.9AI score0.03739EPSS
Exploits0References3
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•62 views

Updated kernel packages fix security vulnerability

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

5.9CVSS1.5AI score0.01553EPSS
Exploits0References5
Mageia
Mageia
•added 2018/12/15 9:29 p.m.•62 views

Updated thunderbird packages fix security issues & bugs

- Buffer overflow using computed size of canvas element. CVE-2018-12359 - Use-after-free when using focus. CVE-2018-12360 - Integer overflow in SwizzleData. CVE-2018-12361 - Integer overflow in SSSE3 scaler. CVE-2018-12362 - Media recorder segmentation fault when track type is changed during...

9.8CVSS0.1AI score0.04831EPSS
Exploits7References13
Mageia
Mageia
•added 2018/08/19 11:24 a.m.•62 views

Updated microcode packages fix security vulnerabilities

This microcode update provides the Intel 20180807 microcode release that adds the processor microcode side of fixes and mitigations for the now publically known security issue affected Intel processors called L1 Terminal Fault L1TF for most Intel processors since Intel Core gen2: Systems with...

7.3CVSS2.8AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
•added 2018/05/04 5:29 p.m.•62 views

Updated php packages fix security vulnerabilities

- Heap Buffer Overflow READ: 1786 in exifiifaddvalue CVE-2018-10549 - Stream filter convert.iconv leads to infinite loop on invalid sequence CVE-2018-10546 - Malicious LDAP-Server Response causes Crash. CVE-2018-10548 - incomplete PHAR Fix CVE-2018-10547...

8.8CVSS1.8AI score0.10433EPSS
Exploits0References1
Mageia
Mageia
•added 2017/03/23 7:19 a.m.•62 views

Updated virtualbox packages fixes security vulnerabilities

This update provides virtualbox 5.1.18 maintenance release and resolves at least the following security issues: A vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read access to a...

8.4CVSS3.3AI score0.06961EPSS
Exploits5References2
Mageia
Mageia
•added 2017/02/04 6:41 p.m.•62 views

Updated php packages fix security vulnerabilities

Floating-point exception in php-exif when parsing a tag format CVE-2016-10158. Crash in php-phar while loading hostile phar archive CVE-2016-10159. Memory corruption in php-phar when loading hostile phar CVE-2016-10160. Heap out of bounds read on unserialize in finishnesteddata CVE-2016-10161...

9.8CVSS2.6AI score0.13314EPSS
Exploits0References2
Mageia
Mageia
•added 2016/12/29 10:29 a.m.•62 views

Updated kernel and kmod packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 A use-after-free vulnerability in the SCSI generic driver allows users with write access ...

7.8CVSS3AI score0.02341EPSS
Exploits0References6
Mageia
Mageia
•added 2016/11/17 11:40 p.m.•62 views

Updated libtiff packages fix security vulnerability

A read outside of array in tiffsplit or other utilities using TIFFNumberOfStrips CVE-2016-9273. A potential read outside buffer in TIFFPrintField CVE-2016-9297. Multiple uint32 overflows in writeBufferToSeparateStrips, writeBufferToContigTiles and writeBufferToSeparateTiles that could cause heap...

7.5CVSS2AI score0.06471EPSS
Exploits0References4
Mageia
Mageia
•added 2016/11/09 9:43 p.m.•62 views

Updated mariadb packages fix security vulnerabilities

A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user CVE-2016-6663. This update fixes several vulnerabilitie...

7CVSS2.3AI score0.06761EPSS
Exploits18References4
Mageia
Mageia
•added 2016/07/31 8:39 p.m.•62 views

Updated glibc and libtirpc packages fixes security vulnerability

A stack-based buffer overflow in the clntudpcall function in sunrpc/clntudp.c in the GNU C Library aka glibc or libc6 allows remote servers to cause a denial of service crash or possibly unspecified other impact via a flood of crafted ICMP and UDP packets CVE-2016-4429. A similar issue was fixed ...

5.9CVSS3.6AI score0.03922EPSS
Exploits0References1
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•62 views

Updated imagemagick/ruby-rmagic packages fix security vulnerability

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

10CVSS2AI score0.97485EPSS
Exploits13References3
Mageia
Mageia
•added 2016/01/15 1:52 a.m.•62 views

Updated ffmpeg packages fix security vulnerabilities

The updatedimensions function in libavcodec/vp8.c in FFmpeg before 2.4.12, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...

8.3CVSS8.5AI score0.02482EPSS
Exploits0References4
Mageia
Mageia
•added 2016/01/14 1:44 a.m.•62 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The virtnetprobe function in drivers/net/virtionet.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to...

8.2CVSS8.2AI score0.22374EPSS
Exploits14References4
Mageia
Mageia
•added 2015/12/09 10:53 a.m.•62 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.554 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves heap buffer overflow vulnerabilities that could lead to code execution CVE-2015-8438,...

10CVSS9.9AI score0.43408EPSS
Exploits25References2
Mageia
Mageia
•added 2015/09/15 2:55 p.m.•62 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...

9.3CVSS7.8AI score0.13288EPSS
Exploits0References5
Mageia
Mageia
•added 2015/07/23 9:39 a.m.•62 views

Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

10CVSS5.3AI score0.9986EPSS
Exploits1References7
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•62 views

Updated filezilla package fixes security vulnerability

The filezilla package has been updated to version 3.11.0.2, fixing multiple bugs and one security issue, related to the LOGJAM TLS issue when using FTP...

4.3CVSS6.1AI score0.9986EPSS
Exploits1References3
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•62 views

Updated pam package fixes security vulnerability

If SELinux is enabled, the unixrunhelperbinary function in Linux-PAM 1.1.8 and earlier hangs indefinitely when verifying a password of 65536 characters, which allows attackers to conduct username enumeration and denial of service attacks CVE-2015-3238...

6.5CVSS6.8AI score0.02705EPSS
Exploits1References2
Mageia
Mageia
•added 2015/01/20 2:57 p.m.•62 views

Updated moodle package fixes security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.7, absence of a capability check in AJAX backend script in the LTI module could allow any enrolled user to search the list of registered tools CVE-2015-0211. In Moodle before 2.6.7, the course summary on course request...

6.8CVSS5.8AI score0.0224EPSS
Exploits0References10
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•62 views

Updated avidemux packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.2.9 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.2.9 allows an attacker to have an unspecified impact v...

7.5CVSS9.4AI score0.04697EPSS
Exploits0References5
Mageia
Mageia
•added 2013/11/22 7:4 p.m.•62 views

Updated kernel-rt package fixes security vulnerabilites.

This kernel-rt update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers t...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/07/16 8:5 a.m.•62 views

Updated kernel-linus package fixes multiple security vulnerabilities

This kernel-linus update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device acces...

7.9CVSS4.4AI score0.07313EPSS
Exploits2References2
Mageia
Mageia
•added 2013/07/16 7:26 a.m.•62 views

Updated java-1.6.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

10CVSS1.9AI score0.98704EPSS
Exploits23References7
Mageia
Mageia
•added 2025/01/31 8:54 p.m.•61 views

Updated kernel, kmod-virtualbox, kmod-xtables-addons & dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.74 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS7.4AI score0.00737EPSS
Exploits3References10
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•61 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2024-05-11 High CVE-2024-5494: Use after free in Dawn. Reported by wgslfu...

8.8CVSS7.5AI score0.00892EPSS
Exploits7References2
Mageia
Mageia
•added 2024/05/23 4:22 a.m.•61 views

Updated ghostscript packages fix security vulnerabilities

Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed...

8.8CVSS7.9AI score0.27974EPSS
Exploits6References2
Mageia
Mageia
•added 2024/04/30 10:25 p.m.•61 views

Updated guava packages fix security vulnerabilities

A bug that could allow an attacker with access to the machine to potentially access data in a temporary directory created by the Guava. CVE-2020-8908 Predictable temporary files and directories used in FileBackedOutputStream. CVE-2023-2976...

7.1CVSS7AI score0.00964EPSS
Exploits1References1
Mageia
Mageia
•added 2024/04/10 4:3 a.m.•61 views

Updated xen packages fix security vulnerabilities

x86: shadow stack vs exceptions from emulation stubs. CVE-2023-46841 x86: Register File Data Sampling. CVE-2023-28746 GhostRace: Speculative Race Conditions. CVE-2024-2193...

6.5CVSS7.3AI score0.01231EPSS
Exploits0References4
Mageia
Mageia
•added 2024/03/29 3:49 a.m.•61 views

Updated curl packages fix security vulnerabilities

CVE-2024-2004: Usage of disabled protocol If all protocols are disabled at run-time with none being added, curl/libcurl would still allow communication with the default set of allowed protocols, including some that are unencrypted. CVE-2024-2398: HTTP/2 push headers memory-leak A memory leak coul...

8.6CVSS7.2AI score0.36081EPSS
Exploits4References3
Mageia
Mageia
•added 2024/03/28 3:52 a.m.•61 views

Updated grub2 packages fix security vulnerabilities

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...

7.8CVSS8.1AI score0.00542EPSS
Exploits2References2
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•61 views

Updated gpac packages fix security vulnerabilities

This update fixes two security vulnerabilities, CVE-2023-3012 and CVE-2023-3291, see the References below...

7.8CVSS6.9AI score0.00398EPSS
Exploits2References1
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•61 views

Updated thunderbird packages fix security vulnerabilities

Out of bounds write in ANGLE. CVE-2024-0741 Failure to update user input timestamp. CVE-2024-0742 Crash when listing printers on Linux. CVE-2024-0746 Bypass of Content Security Policy when directive unsafe-inline was set. CVE-2024-0747 Phishing site popup could show local origin in address bar...

8.8CVSS9.6AI score0.02155EPSS
Exploits0References4
Mageia
Mageia
•added 2024/01/15 10:7 a.m.•61 views

Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. CVE-2023-6856 Potential exposure of uninitialized data in EncryptingOutputStream. CVE-2023-6865 Symlinks may resolve to smaller than expected buffers...

8.8CVSS8.6AI score0.20472EPSS
Exploits0References4
Mageia
Mageia
•added 2023/10/27 9:49 p.m.•61 views

Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVE-2023-5535...

7.8CVSS7.1AI score0.00539EPSS
Exploits2References2
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•61 views

Updated openssl packages fix security vulnerability

AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

5.3CVSS7.1AI score0.05533EPSS
Exploits0References4
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support...

7.8CVSS7.3AI score0.08091EPSS
Exploits3References5
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•61 views

Updated python-setuptools packages fix security vulnerability

Denial of service via crafted HTML CVE-2022-40897...

5.9CVSS6.9AI score0.02617EPSS
Exploits1References5
Mageia
Mageia
•added 2023/06/19 4:29 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was fou...

7.8CVSS8.1AI score0.12966EPSS
Exploits9References8
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•61 views

Updated openssl packages fix security vulnerability

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS7.7AI score0.59501EPSS
Exploits0References9
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•61 views

Updated couchdb packages fix security vulnerability

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS3.5AI score0.92335EPSS
Exploits9References2
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•61 views

Updated golang packages fix security vulnerability

Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. CVE-2022-41716 runtime: lock count" fatal error when cgo is enabled go56308...

7.5CVSS2.2AI score0.00778EPSS
Exploits0References5
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•61 views

Updated krb5-appl packages fix security vulnerability

NULL pointer dereference in krb5-appl telnetd. CVE-2022-39028...

7.5CVSS2.2AI score0.01657EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•61 views

Updated libxml2 packages fix security vulnerability

It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code CVE-2016-3709...

6.1CVSS2.7AI score0.00764EPSS
Exploits1References2
Mageia
Mageia
•added 2022/04/26 3:4 p.m.•61 views

Updated virtualbox packages fix security vulnerabilities

Updated virtualbox packages fix security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM...

6.7CVSS2.1AI score0.00374EPSS
Exploits0References3
Total number of security vulnerabilities5000