Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2013/07/16 7:26 a.m.•61 views

Updated java-1.6.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

10CVSS1.9AI score0.98704EPSS
Exploits23References7
Mageia
Mageia
•added 2024/08/19 7:12 p.m.•60 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities...

9.1CVSS7.5AI score0.54026EPSS
Exploits1References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•60 views

Updated traceroute packages fix security vulnerability

In Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316...

5.5CVSS7.5AI score0.00367EPSS
Exploits2References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•60 views

Updated libxml2 packages fix a security vulnerability

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVE-2024-25062...

7.5CVSS7.9AI score0.01364EPSS
Exploits3References2
Mageia
Mageia
•added 2024/04/27 12:37 a.m.•60 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 124.0.6367.60 release. It includes 23 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...

9.8CVSS8.6AI score0.14958EPSS
Exploits13References3
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•60 views

Updated dnsmasq packages fix security vulnerability

A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. CVE-2023-28450...

7.5CVSS7.6AI score0.01334EPSS
Exploits0References2
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•60 views

Updated libx11 packages fix security vulnerability

Memory leak in XRegisterIMInstantiateCallback. CVE-2022-3554 Memory leak in XFreeX11XCBStructure. CVE-2022-3555...

3.8AI score
Exploits0References4
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•60 views

Updated nodejs packages fix security vulnerability

DNS rebinding in --inspect via invalid octal IP address CVE-2022-43548 In addition, 14.21.0 has provided the following changes: deps update corepack to 0.14.2 Node.js GitHub Bot 44775 src add --openssl-shared-config option Daniel Bevenius 43124...

8.1CVSS2.8AI score0.14024EPSS
Exploits0References5
Mageia
Mageia
•added 2022/10/27 9:38 a.m.•60 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.1.40 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.40 contains a difficult to exploit vulnerability that allows high privileged attacker with logon to the infrastructure...

8.1CVSS1.4AI score0.01635EPSS
Exploits0References3
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•60 views

Updated golang packages fix security vulnerability

regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880...

7.5CVSS8.1AI score0.01544EPSS
Exploits1References4
Mageia
Mageia
•added 2022/08/18 6:45 p.m.•60 views

Updated nvidia390 packages fix security vulnerabilities

Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges,...

7.8CVSS3AI score0.00245EPSS
Exploits0References2
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•60 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to version 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below. Use after free in Guest View. CVE-2022-2477 Use after free in PDF. CVE-2022-2478 Insufficient validation of untrusted input in File. CVE-2022-2479 Use...

8.8CVSS2.5AI score0.17864EPSS
Exploits0References3
Mageia
Mageia
•added 2022/06/09 8:49 p.m.•60 views

Updated python-pypdf2 packages fix security vulnerability

Infinite loop with manipulated inline images CVE-2022-24859...

6.2CVSS1.8AI score0.01317EPSS
Exploits1References2
Mageia
Mageia
•added 2022/04/18 7:42 a.m.•60 views

Updated mediawiki packages fix security vulnerability

Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki CVE-2022-28201. Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete CVE-2022-28202. Requesting Special:NewFiles on a wiki with many file uploads with acto...

7.5CVSS1.5AI score0.01152EPSS
Exploits3References2
Mageia
Mageia
•added 2022/03/23 8:36 a.m.•60 views

Updated openssl packages fix security vulnerability

Infinite loop in BNmodsqrt reachable when parsing certificates. CVE-2022-0778...

7.5CVSS3.1AI score0.70561EPSS
Exploits2References3
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•60 views

Updated util-linux packages fix security vulnerability

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic...

5.5CVSS6.7AI score0.00661EPSS
Exploits5References10
Mageia
Mageia
•added 2022/01/15 8:9 a.m.•60 views

Updated perl-CPAN packages fix security vulnerability

CPAN 2.28 allows Signature Verification Bypass. CVE-2020-16156...

7.8CVSS3.1AI score0.00791EPSS
Exploits1References2
Mageia
Mageia
•added 2021/11/10 10:53 p.m.•60 views

Updated firefox packages fix security vulnerability

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...

10CVSS9.6AI score0.0383EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/25 3:49 p.m.•60 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.75 and fixes at least the following security issues: A memory leak in the ccprunaesgcmcmd function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service memory consumption CVE-2021-3744. A memory leak...

7.8CVSS6.6AI score0.00533EPSS
Exploits1References6
Mageia
Mageia
•added 2021/10/23 5:48 p.m.•60 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.1.28 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...

7.8CVSS2.5AI score0.004EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/23 10:5 a.m.•60 views

Updated docker-containerd packages fix security vulnerability

A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set...

7.8CVSS7.1AI score0.01608EPSS
Exploits2References9
Mageia
Mageia
•added 2021/05/23 6:45 p.m.•60 views

Updated postgresql packages fix security vulnerabilities

Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027. Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE. CVE-2021-32028. Memory disclosure in partitioned-table UPDATE ... RETURNING. CVE-2021-32029...

8.8CVSS2.3AI score0.0199EPSS
Exploits0References2
Mageia
Mageia
•added 2021/05/07 5:35 a.m.•60 views

Updated messagelib packages fix security vulnerability

Deleting an attachment of a decrypted encrypted message stored on a remote server e.g. an IMAP server causes KMail to upload the decrypted content of the message to the remote server. This is not easily noticeable by the user because KMail does not display the decrypted content. With a specially...

6.5CVSS2.3AI score0.00604EPSS
Exploits0References2
Mageia
Mageia
•added 2021/04/12 7:59 p.m.•60 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.32.0, fixing several security issues and other bugs...

9.8CVSS3.4AI score0.14542EPSS
Exploits0References5
Mageia
Mageia
•added 2021/03/17 6:16 a.m.•60 views

Updated batik packages fix a security vulnerability

The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests CVE-2020-11987...

8.2CVSS4AI score0.13635EPSS
Exploits0References3
Mageia
Mageia
•added 2021/03/14 9:20 p.m.•60 views

Updated netty packages fix a security vulnerability

When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled CVE-2021-21290...

6.2CVSS2.7AI score0.01777EPSS
Exploits1References2
Mageia
Mageia
•added 2021/02/04 1:40 p.m.•60 views

Updated ruby-nokogiri packages fix security vulnerabilities

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...

9.8CVSS8AI score0.05899EPSS
Exploits0References3
Mageia
Mageia
•added 2021/01/10 7:46 p.m.•60 views

Updated golang packages fix security vulnerabilities

An input validation vulnerability was found in go. From a generated go file from the cgo tool it is possible to modify symbols within that object file and specify code instead. An attacker could potentially use this flaw by creating a repository which included malicious pre-built object files tha...

7.5CVSS8.2AI score0.02369EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•60 views

Updated firefox packages fix security vulnerabilities

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read CVE-2020-16042. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow in WebGL on some video drivers CVE-2020-26971. Certain inpu...

8.8CVSS1.1AI score0.01876EPSS
Exploits0References4
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•60 views

Updated mediawiki packages fix security vulnerability

Multiple security issues were discovered in MediaWiki: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts CVE-2020-25812,...

7.5CVSS0.9AI score0.01752EPSS
Exploits1References4
Mageia
Mageia
•added 2020/09/21 7:45 p.m.•60 views

Updated mysql-connector-java package fixes security vulnerability

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands CVE-2020-2934...

5.1CVSS5.8AI score0.032EPSS
Exploits0References4
Mageia
Mageia
•added 2020/08/27 3:52 p.m.•60 views

Updated x11-server packages fix security vulnerabilities

The handler for the XkbSetNames request does not validate the request length before accessing its contents CVE-2020-14345. An integer underflow exists in the handler for the XIChangeHierarchy request CVE-2020-14346. An integer underflow exist in the handler for the XkbSelectEvents request...

7.8CVSS2.1AI score0.00629EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•60 views

Updated libxml2 packages fix security vulnerability

Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted...

7.5CVSS2.3AI score0.05515EPSS
Exploits0References3
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•60 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memo...

8.8CVSS1.6AI score0.02274EPSS
Exploits0References4
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•60 views

Updated exiv2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...

6.5CVSS1.6AI score0.02127EPSS
Exploits6References3
Mageia
Mageia
•added 2019/12/15 6:3 p.m.•60 views

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

8.8CVSS7.1AI score0.01411EPSS
Exploits1References5
Mageia
Mageia
•added 2019/09/21 11:7 a.m.•60 views

Updated chromium-browser-stable packages fix security vulnerabilities

Multiple flaws were found in the way Chromium 73.0.3683.103 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-5805, CVE-2019-5806, CVE-2019-5807,...

9.8CVSS2AI score0.55925EPSS
Exploits7References13
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•60 views

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...

9.3CVSS1.1AI score0.0216EPSS
Exploits1References5
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•60 views

Updated poppler packages fix security vulnerabilities

Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function. CVE-2019-9631 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function...

9.8CVSS0.8AI score0.03518EPSS
Exploits5References4
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•60 views

Updated docker packages fix security vulnerability

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...

8.1CVSS3.5AI score0.66252EPSS
Exploits0References3
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•60 views

Updated openssl packages fix security vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS1.8AI score0.17139EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/31 10:42 p.m.•60 views

Updated python packages fix security vulnerabilities

Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided CVE-2017-18207. Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service...

9.8CVSS1.5AI score0.20807EPSS
Exploits1References4
Mageia
Mageia
•added 2018/12/31 10:42 p.m.•60 views

Updated graphicsmagick packages fix security vulnerabilities & bugs

Graphicsmagick has been updated to fix several bugs and security issues...

7.1CVSS1.8AI score0.49324EPSS
Exploits8References2
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•60 views

Updated libgcrypt packages fix security vulnerability

When libgcrypt uses the private key to create a signature, such as for a TLS or SSH connection, it inadvertently leaks information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the...

4.7CVSS2.7AI score0.00887EPSS
Exploits1References3
Mageia
Mageia
•added 2018/06/04 3:11 p.m.•60 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful...

7.7CVSS2.4AI score0.0401EPSS
Exploits0References6
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•60 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.20.1, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.38602EPSS
Exploits3References4
Mageia
Mageia
•added 2018/03/30 2:21 p.m.•60 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.30 and fixes at least the following security issues: The KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86 has been updated to revision 4. A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a...

7.2CVSS6.9AI score0.84172EPSS
Exploits4References7
Mageia
Mageia
•added 2018/02/02 12:33 p.m.•60 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...

8.3CVSS1AI score0.06905EPSS
Exploits0References3
Mageia
Mageia
•added 2017/09/07 9:7 a.m.•60 views

Updated mariadb packages fix security vulnerabilities

Easily exploitable vulnerability in MariaDB Server allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB...

5.3CVSS4.1AI score0.03225EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/17 8:2 a.m.•60 views

Updated vim packages fix security vulnerabilities

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened CVE-2016-1248. A...

9.8CVSS1.5AI score0.25314EPSS
Exploits2References4
Total number of security vulnerabilities5000