Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2015/12/05 10:3 a.m.60 views

Updated openssl packages fix security vulnerability

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack CVE-2015-1794. Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NU...

7.5CVSS7AI score0.44016EPSS
Exploits1References3
Mageia
Mageia
added 2015/09/08 5:55 p.m.60 views

Updated chromium-browser packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromiu...

7.5CVSS9.2AI score0.0224EPSS
Exploits2References7
Mageia
Mageia
added 2015/05/11 8:10 p.m.60 views

Updated springframework packages fix CVE-2014-0225

Updated springframework packages fix security vulnerabilities: When processing user provided XML documents, the Spring Framework did not disable by default the resolution of URI references in a DTD declaration. By observing differences in response times, an attacker could then identify valid IP...

8.8CVSS8.4AI score0.01696EPSS
Exploits0References2
Mageia
Mageia
added 2015/05/06 3:16 p.m.60 views

Updated glibc packages fix security vulnerabilities

Updated glibc package fixes security vulnerabilities: It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in...

6.8CVSS9.6AI score0.05808EPSS
Exploits3References7
Mageia
Mageia
added 2014/07/08 10:35 p.m.60 views

Updated python & python3 packages fix two vulnerabilities

Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...

9.8CVSS7.1AI score0.24148EPSS
Exploits6References4
Mageia
Mageia
added 2014/05/23 10:4 p.m.60 views

Updated kernel-rt packages fix multiple vulnerabilities

Updated kernel-rt provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of servi...

7.4CVSS7.5AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
added 2014/05/23 9:59 p.m.60 views

Updated kernel-linus packages fix multiple security vulnerabilities

Updated kernel-linus provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
added 2014/05/19 6:40 p.m.60 views

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
added 2014/03/31 7:47 p.m.60 views

Updated iceape packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service memory corruption and...

10CVSS10.1AI score0.83633EPSS
Exploits22References16
Mageia
Mageia
added 2013/08/11 12:37 p.m.60 views

Updated samba package fixes security vulnerability

Integer overflow in the readnttransealist function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service memory consumption via a malformed packet CVE-2013-4124...

5CVSS6.8AI score0.69008EPSS
Exploits7References2
Mageia
Mageia
added 2013/07/16 7:34 a.m.60 views

Updated kernel-vserver package fixes security issues

This kernel-vserver update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to...

7.9CVSS3.5AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
added 2013/07/06 2:14 p.m.60 views

Updated python-pymongo packages fix CVE-2013-2132

PyMongo before 2.5.2 is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash CVE-2013-2132...

4.3CVSS3.3AI score0.02633EPSS
Exploits2References2
Mageia
Mageia
added 2013/06/06 12:24 p.m.60 views

Updated moodle package fix security vulnerabilities

The assignment module in Moodle before 2.4.4 was not checking capabilities for users downloading all assignments as a zip CVE-2013-2079. The Gradebook's Overview report in Moodle before 2.4.4 was showing grade totals that may have incorrectly included hidden grades CVE-2013-2080. When registering...

5CVSS0.8AI score0.02372EPSS
Exploits0References7
Mageia
Mageia
added 2024/03/20 3:35 a.m.59 views

Updated cherrytree packages fix security vulnerability

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. CVE-2022-35133...

6.1CVSS5.8AI score0.00421EPSS
Exploits0References1
Mageia
Mageia
added 2024/03/15 10:51 p.m.59 views

Updated yajl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminatin...

7.5CVSS6.8AI score0.03735EPSS
Exploits2References3
Mageia
Mageia
added 2024/03/14 5:25 p.m.59 views

Updated open-vm-tools packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. CVE-2023-20867 SAML token signature bypass. CVE-2023-34058 File descriptor hijack vulnerability in the vmware-user-suid-wrapper. CVE-2023-34059...

7.5CVSS7.5AI score0.13638EPSS
Exploits0References6
Mageia
Mageia
added 2023/11/06 11:8 p.m.59 views

Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

9.8CVSS10AI score0.01585EPSS
Exploits0References4
Mageia
Mageia
added 2023/10/02 10:18 a.m.59 views

Updated libvpx packages fix security vulnerability

Heap buffer overflow in vp8 encoding in libvpx allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.5AI score0.49013EPSS
Exploits3References3
Mageia
Mageia
added 2023/09/30 7:15 p.m.59 views

Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...

6.5CVSS6.9AI score0.00667EPSS
Exploits1References3
Mageia
Mageia
added 2023/09/11 1:7 p.m.59 views

Updated python-pypdf2 packages fix security vulnerability

It was discovered that python-pypdf2 contained a vulnerability whereby an attacker can craft a PDF which leads to unexpected long runtime. CVE-2023-36810...

6.5CVSS6.9AI score0.00625EPSS
Exploits1References2
Mageia
Mageia
added 2023/07/26 10:7 p.m.59 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.15.122 and fixes atleast the following security issue: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register,...

5.5CVSS7.2AI score0.05794EPSS
Exploits1References4
Mageia
Mageia
added 2023/05/21 8:42 a.m.59 views

Updated apache-mod_security packages fix security vulnerability

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...

7.5CVSS7.2AI score0.01169EPSS
Exploits0References3
Mageia
Mageia
added 2023/03/24 5:55 a.m.59 views

Updated unarj packages fix security vulnerability

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. CVE-2004-0947 Directory traversal vulnerability in the -x extract command line option in unarj allows remote attackers to overwrite arbitrary files via an ar...

10CVSS7.5AI score0.07369EPSS
Exploits0References1
Mageia
Mageia
added 2023/03/18 10:16 p.m.59 views

Updated heimdal packages fix security vulnerability

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to b...

7.5CVSS2.2AI score0.00491EPSS
Exploits0References4
Mageia
Mageia
added 2022/09/21 6:15 p.m.59 views

Updated redis packages fix security vulnerability

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS2AI score0.02189EPSS
Exploits2References5
Mageia
Mageia
added 2022/08/20 10:4 a.m.59 views

Updated libitrpc packages fix security vulnerability

It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service CVE-2021-46828...

7.5CVSS2.4AI score0.02088EPSS
Exploits0References2
Mageia
Mageia
added 2022/02/18 10:15 a.m.59 views

Updated webkit2 packages fix security vulnerability

Fix accessibility not working when the Bubblewrap sandbox is enabled. Fix rendering of scrollbars when overlay scrollbars are disabled. Fix the build when the X11 support is disabled. Fix the build in a number of situations where the main OpenGL library is not called libGL or libgl, as is the cas...

8.8CVSS1.7AI score0.16342EPSS
Exploits0References3
Mageia
Mageia
added 2021/11/10 10:53 p.m.59 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...

10CVSS9.6AI score0.0383EPSS
Exploits0References3
Mageia
Mageia
added 2021/10/23 10:5 a.m.59 views

Updated docker-containerd packages fix security vulnerability

A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set...

7.8CVSS7.1AI score0.01608EPSS
Exploits2References9
Mageia
Mageia
added 2021/10/13 7:39 p.m.59 views

Updated python-flask-restx packages fix security vulnerability

Regular expression denial of service in emailregex...

7.5CVSS3.4AI score0.01804EPSS
Exploits0References3
Mageia
Mageia
added 2021/10/04 4:42 p.m.59 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.70 and fixes at least the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released CVE-2020-16119...

7.8CVSS7.8AI score0.01692EPSS
Exploits3References9
Mageia
Mageia
added 2021/09/29 5:22 p.m.59 views

Updated python-pillow packages fix security vulnerability

Updated python-pillow packages fix security vulnerability: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function CVE-2021-23437...

7.5CVSS4.2AI score0.03154EPSS
Exploits1References1
Mageia
Mageia
added 2021/09/23 4:49 a.m.59 views

Updated curl packages fix security vulnerability

UAF and double-free in MQTT sending. CVE-2021-22945 Protocol downgrade required TLS bypassed. CVE-2021-22946 STARTTLS protocol injection via MITM. CVE-2021-22947...

9.1CVSS3.5AI score0.06216EPSS
Exploits3References6
Mageia
Mageia
added 2021/08/14 2:0 p.m.59 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash CVE-2021-29980. Instruction reordering during JIT optimization resulted in a sequence of instructions...

8.8CVSS1.6AI score0.01451EPSS
Exploits5References4
Mageia
Mageia
added 2021/02/15 7:24 p.m.59 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.14 and fixes at least the following security issues: nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O...

7CVSS2AI score0.01602EPSS
Exploits1References4
Mageia
Mageia
added 2021/01/24 12:36 a.m.59 views

Updated glibc packages fix security vulnerability

Security fixes: - fix buffer overrun in EUC-KR conversion module bz 2497 CVE-2019-25013 - arm: CVE-2020-6096: Fix multiarch memcpy for negative length BZ 25620 - arm: CVE-2020-6096: fix memcpy and memmove for negative length BZ 25620 - iconv: Fix incorrect UCS4 inner loop bounds BZ 26923...

8.1CVSS1.4AI score0.05223EPSS
Exploits1References2
Mageia
Mageia
added 2021/01/20 10:45 p.m.59 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.10.8 and fixes at least the following security issue: SCSI “EXTENDED COPY” XCOPY requests sent to a Linux SCSI target LIO allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to one LUN...

8.1CVSS1AI score0.06563EPSS
Exploits0References4
Mageia
Mageia
added 2020/11/08 2:14 p.m.59 views

Updated junit packages fix a security vulnerability

It was discovered that junit contained a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by oth...

5.5CVSS1.9AI score0.01674EPSS
Exploits1References3
Mageia
Mageia
added 2020/05/05 12:20 p.m.59 views

Updated openexr packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in...

5.5CVSS1.9AI score0.01807EPSS
Exploits8References2
Mageia
Mageia
added 2020/04/24 5:3 p.m.59 views

Updated git packages fix security vulnerability

Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...

7.5CVSS1.4AI score0.03899EPSS
Exploits0References3
Mageia
Mageia
added 2020/02/09 7:13 p.m.59 views

Updated chromium-browser-stable packages fix security vulnerability

Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-13725, CVE-2019-13726, CVE-2019-13727,...

8.8CVSS1.9AI score0.15537EPSS
Exploits7References5
Mageia
Mageia
added 2019/12/31 4:51 p.m.59 views

Updated exiv2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...

6.5CVSS1.6AI score0.02127EPSS
Exploits6References3
Mageia
Mageia
added 2019/12/06 2:15 p.m.59 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...

7.4CVSS0.6AI score0.05701EPSS
Exploits0References5
Mageia
Mageia
added 2019/05/19 11:27 a.m.59 views

Updated docker packages fix security vulnerability

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...

8.1CVSS3.5AI score0.66252EPSS
Exploits0References3
Mageia
Mageia
added 2019/05/16 8:25 a.m.59 views

Updated kernel-linus packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

7.7CVSS7.4AI score0.05667EPSS
Exploits9References21
Mageia
Mageia
added 2019/03/21 4:36 p.m.59 views

Updated firefox packages fix security vulnerability

Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...

9.8CVSS1.5AI score0.19762EPSS
Exploits11References4
Mageia
Mageia
added 2019/03/07 4:34 p.m.59 views

Updated openssl packages fix security vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS1.8AI score0.17139EPSS
Exploits0References2
Mageia
Mageia
added 2019/01/11 5:54 a.m.59 views

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

7.8CVSS2.9AI score0.02654EPSS
Exploits1References2
Mageia
Mageia
added 2018/11/27 3:26 p.m.59 views

Updated openssl packages fix security vulnerabilities

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS6AI score0.12154EPSS
Exploits4References3
Mageia
Mageia
added 2018/06/24 10:2 p.m.59 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory rang...

9.8CVSS3.9AI score0.074EPSS
Exploits0References2
Total number of security vulnerabilities5000