Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2022/10/28 6:54 a.m.•61 views

Updated krb5-appl packages fix security vulnerability

NULL pointer dereference in krb5-appl telnetd. CVE-2022-39028...

7.5CVSS2.2AI score0.01657EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•61 views

Updated libxml2 packages fix security vulnerability

It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code CVE-2016-3709...

6.1CVSS2.7AI score0.00764EPSS
Exploits1References2
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•61 views

Updated util-linux packages fix security vulnerability

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic...

5.5CVSS6.7AI score0.00661EPSS
Exploits5References10
Mageia
Mageia
•added 2022/01/23 8:50 p.m.•61 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulti...

9.8CVSS3.2AI score0.04729EPSS
Exploits2References1
Mageia
Mageia
•added 2021/12/29 7:12 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the...

6.5CVSS0.8AI score0.00353EPSS
Exploits0References4
Mageia
Mageia
•added 2021/12/10 10:19 p.m.•61 views

Updated thunderbird packages fix security vulnerability

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities CVE-2021-43528. Under certain...

9.8CVSS9.4AI score0.0202EPSS
Exploits1References4
Mageia
Mageia
•added 2021/11/11 3:2 p.m.•61 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.78 and fixes at least the following security issues: A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability CVE-2021-3760. A flaw in the SCTP stack where a blind attacker may be able ...

9.8CVSS7.6AI score0.57853EPSS
Exploits4References4
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•61 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.34.1, fixing several security issues and other bugs. See release notes for details...

8.8CVSS3.5AI score0.13486EPSS
Exploits1References3
Mageia
Mageia
•added 2021/10/23 5:48 p.m.•61 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.1.28 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...

7.8CVSS2.5AI score0.004EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•61 views

Updated python-flask-restx packages fix security vulnerability

Regular expression denial of service in emailregex...

7.5CVSS3.4AI score0.01804EPSS
Exploits0References3
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•61 views

Updated glibc packages fix security issue

The recent fix for CVE-2021-33574 released in MGASA-2021-0308 introduced a NULL pointer dereference because mqnotify.c mishandles certain NOTIFYREMOVED data, that will result in segmentation fault. This update adds the missing NULL pointer check to resolve this issue CVE-2021-38604...

7.5CVSS8.4AI score0.03045EPSS
Exploits1References1
Mageia
Mageia
•added 2021/07/28 8:0 p.m.•61 views

Updated varnish packages fix a security vulnerability

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS2.7AI score0.01599EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•61 views

Updated glibc packages fix security vulnerability

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

9.8CVSS8.8AI score0.02898EPSS
Exploits1References3
Mageia
Mageia
•added 2021/04/18 2:50 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.30 and fixes at least the following security issues: nfc: fix refcount leak in llcpsockbind CVE-2020-25670 nfc: fix refcount leak in llcpsockconnect CVE-2020-25671 nfc: fix memory leak in llcpsockconnect CVE-2020-25672 firewire: nosy: Fix a...

7.8CVSS2.5AI score0.03259EPSS
Exploits3References4
Mageia
Mageia
•added 2021/03/27 2:27 p.m.•61 views

Updated unbound packages fix a security vulnerability

Unbound contains a local vulnerability that would allow for a local symlink attack. When writing the PID file Unbound creates the file if it is not there, or opens an existing file for writing. In case the file was already present, it would follow symlinks if the file happened to be a symlink...

5.5CVSS1.2AI score0.00484EPSS
Exploits0References2
Mageia
Mageia
•added 2021/03/04 12:26 p.m.•61 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.19 and fixes at least the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y, CONFIGBPF=y, CONFIGCGROUPS=y, CONFIGCGROUPBPF=y, CONFIGHARDENEDUSERCOPY...

7.8CVSS0.7AI score0.00544EPSS
Exploits1References11
Mageia
Mageia
•added 2021/02/04 1:40 p.m.•61 views

Updated ruby-nokogiri packages fix security vulnerabilities

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...

9.8CVSS8AI score0.05899EPSS
Exploits0References3
Mageia
Mageia
•added 2021/01/22 11:50 p.m.•61 views

Updated blosc packages fix a security vulnerability

A heap-based buffer overflow vulnerability was found in the blosc library. Depending on how the library is used, if there is a lack of space to write compressed data, an attacker might exploit this flaw to crash the program or potentially execute arbitrary code CVE-2020-29367...

9.3CVSS3.7AI score0.01176EPSS
Exploits0References2
Mageia
Mageia
•added 2020/11/21 12:21 p.m.•61 views

Updated thunderbird packages fix security vulnerabilities

Variable time processing of cross-origin images during drawImage calls. CVE-2020-16012 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. CVE-2020-26951 Fullscreen could be enabled without displaying the security UI. CVE-2020-26953 XSS through paste manual...

9.3CVSS2.5AI score0.0245EPSS
Exploits1References3
Mageia
Mageia
•added 2020/04/03 10:53 p.m.•61 views

Updated dcraw packages fix security vulnerabilities

The updated packages fix security vulnerabilities: There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 In LibRaw through 0.18.4, an out of bounds read flaw related to...

9.1CVSS3.4AI score0.02988EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/07 9:19 p.m.•61 views

Updated radare2 packages fix security vulnerabilities

Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...

7.8CVSS6.1AI score0.04414EPSS
Exploits5References5
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•61 views

Updated freerdp packages fix security vulnerabilities

Updated freerdp packages fix security vulnerabilities: Multiple memory leaks in libfreerdp/codec/region.c CVE-2019-17177. Memory leak in HuffmanTreemakeFromFrequencies CVE-2019-17178...

7.5CVSS1.8AI score0.02689EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•61 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to universal cross site scripting CVE-2019-8625, CVE-2019-8674, CVE-2019-8719, CVE-2019-8813 Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8707,...

9.3CVSS1.5AI score0.09543EPSS
Exploits4References7
Mageia
Mageia
•added 2019/09/15 12:11 p.m.•61 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message CVE-2019-11739. Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 CVE-2019-11740...

9.3CVSS1.9AI score0.0216EPSS
Exploits1References2
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•61 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...

9.8CVSS2.7AI score0.74477EPSS
Exploits1References4
Mageia
Mageia
•added 2019/09/08 2:9 p.m.•61 views

Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...

7.5CVSS1.3AI score0.72988EPSS
Exploits3References5
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•61 views

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...

9.8CVSS1.1AI score0.03518EPSS
Exploits7References4
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•61 views

Updated virtualbox packages fix security vulnerabilities

This update provies Virtualbox 6.0.8 that fixes the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The fixed / mitigated issues are: Modern Intel microprocessors...

5.9CVSS2.1AI score0.01553EPSS
Exploits0References3
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•61 views

Updated thunderbird packages fix security vulnerability

Use-after-free when removing in-use DOM elements. CVE-2019-9790 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey. CVE-2019-9791 IonMonkey leaks JSOPTIMIZEDOUT magic value to script. CVE-2019-9792 Improper bounds checks when Spectre mitigations are...

9.8CVSS2AI score0.29514EPSS
Exploits24References6
Mageia
Mageia
•added 2018/12/09 9:20 p.m.•61 views

Updated tomcat packages fix security vulnerabilities

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service CVE-2018-1336. The defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins. It is expected that user...

9.8CVSS7.1AI score0.94494EPSS
Exploits3References4
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...

8CVSS8.3AI score0.7354EPSS
Exploits22References20
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•61 views

Updated libgcrypt packages fix security vulnerability

When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the...

4.7CVSS2.7AI score0.00887EPSS
Exploits1References3
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•61 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.20.1, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.38602EPSS
Exploits3References4
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•61 views

Updated libvorbis packages fix security vulnerability

libvorbis can write out of bounds on codebook decoding when processing malformed Vorbis audio data CVE-2018-5146...

8.8CVSS2.5AI score0.12054EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/02 12:33 p.m.•61 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...

8.3CVSS1AI score0.06905EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/22 10:31 a.m.•61 views

Updated glibc packages fix security vulnerabilities

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.CVE-2017-12132, CVE-2017-12133. The GNU C Library aka...

9.8CVSS2.9AI score0.03002EPSS
Exploits0References1
Mageia
Mageia
•added 2017/10/24 8:9 p.m.•61 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netli...

7.1CVSS0.9AI score0.01155EPSS
Exploits4References5
Mageia
Mageia
•added 2017/08/20 8:48 a.m.•61 views

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•61 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application CVE-2017-10102. Multiple flaws were discovere...

9.6CVSS1.5AI score0.03524EPSS
Exploits0References4
Mageia
Mageia
•added 2017/06/29 9:40 p.m.•61 views

Updated tomcat packages fix security vulnerability

Aniket Nandkishor Kulkarni discovered that in tomcat7, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement or removal of the custom...

7.5CVSS0.5AI score0.16567EPSS
Exploits1References3
Mageia
Mageia
•added 2017/05/09 6:35 a.m.•61 views

Updated virtualbox packages fixes security vulnerabilities

This update provides virtualbox 5.1.22 maintenance release and resolves at least the following security issues: A vulnerability in the core subcomponent of virtualbox allows high privilegied attacker unauthorized read access to a subset of VirtualBox accessible data CVE-2017-3513. A vulnerability...

8.8CVSS4AI score0.02912EPSS
Exploits10References2
Mageia
Mageia
•added 2017/02/05 8:42 p.m.•61 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application CVE-2017-3241. This...

9.6CVSS0.8AI score0.95707EPSS
Exploits13References3
Mageia
Mageia
•added 2016/09/16 9:27 a.m.•61 views

Updated dropbear packages fix security vulnerability

Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system validated by getpwnam then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host...

10CVSS1AI score0.10494EPSS
Exploits0References3
Mageia
Mageia
•added 2016/06/22 7:8 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumptio...

10CVSS7.7AI score0.06438EPSS
Exploits4References17
Mageia
Mageia
•added 2015/12/05 10:3 a.m.•61 views

Updated openssl packages fix security vulnerability

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack CVE-2015-1794. Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NU...

7.5CVSS7AI score0.44016EPSS
Exploits1References3
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•61 views

Updated chromium-browser packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromiu...

7.5CVSS9.2AI score0.0224EPSS
Exploits2References7
Mageia
Mageia
•added 2015/03/27 9:12 p.m.•61 views

Updated drupal packages fix security vulnerabilities

Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password CVE-2015-2559. Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd...

6.1CVSS7.2AI score0.01635EPSS
Exploits0References6
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a...

7.8CVSS7.5AI score0.05361EPSS
Exploits15References10
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•61 views

Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE

Updated asterisk packages fix security vulnerabilities: In Asterisk Open Source 11.x before 11.12.1, when an out of call message, delivered by either the SIP or PJSIP channel driver or the XMPP stack, is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the...

4CVSS6.2AI score0.01518EPSS
Exploits0References10
Mageia
Mageia
•added 2014/11/21 1:38 p.m.•61 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update is based on upstream -longterm 3.10.58 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users t...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References8
Total number of security vulnerabilities5000