Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/05/05 12:20 p.m.•59 views

Updated openexr packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in...

5.5CVSS1.9AI score0.01807EPSS
Exploits8References2
Mageia
Mageia
•added 2020/04/24 5:3 p.m.•59 views

Updated git packages fix security vulnerability

Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...

7.5CVSS1.4AI score0.03899EPSS
Exploits0References3
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•59 views

Updated chromium-browser-stable packages fix security vulnerability

Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-13725, CVE-2019-13726, CVE-2019-13727,...

8.8CVSS1.9AI score0.15537EPSS
Exploits7References5
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•59 views

Updated shadowsocks-libev packages fix security vulnerabilities

Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...

7.8CVSS2.6AI score0.02289EPSS
Exploits2References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•59 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...

7.4CVSS0.6AI score0.05701EPSS
Exploits0References5
Mageia
Mageia
•added 2019/05/16 8:25 a.m.•59 views

Updated kernel-linus packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

7.7CVSS7.4AI score0.05667EPSS
Exploits9References21
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•59 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: The jpcfloorlog2 function in jpcmath.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service assertion failure via unspecified vectors CVE-2016-9398. A denial of service in jp2decode CVE-2018-19542. A denial of service...

7.5CVSS6.1AI score0.05981EPSS
Exploits2References2
Mageia
Mageia
•added 2019/03/21 4:36 p.m.•59 views

Updated firefox packages fix security vulnerability

Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...

9.8CVSS1.5AI score0.19762EPSS
Exploits11References4
Mageia
Mageia
•added 2019/01/11 5:54 a.m.•59 views

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

7.8CVSS2.9AI score0.02654EPSS
Exploits1References2
Mageia
Mageia
•added 2018/11/27 3:26 p.m.•59 views

Updated openssl packages fix security vulnerabilities

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS6AI score0.12154EPSS
Exploits4References3
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•59 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory rang...

9.8CVSS3.9AI score0.074EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/04 3:11 p.m.•59 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 67.0.3396.62 fixes security issues: Multiple flaws were found in the way Chromium 64.0.3282.140 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

10CVSS2.2AI score0.58822EPSS
Exploits14References11
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•59 views

Updated util-linux packages fix security vulnerability

A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...

7.8CVSS5.8AI score0.00457EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•59 views

Updated shadow-utils packages fix security vulnerability

Privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups2 is allowed CVE-2018-7169...

5.3CVSS3.1AI score0.01596EPSS
Exploits1References2
Mageia
Mageia
•added 2018/03/01 9:27 p.m.•59 views

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: In virsh, the hostname could crafted maliciously with ssh arguments, which would be passed to ssh bsc1053600. The defaulttlsx509verify and related parameters in qemu.conf control whether the TLS servers in QEMU request & verify certificates...

8.1CVSS3.9AI score0.74041EPSS
Exploits9References5
Mageia
Mageia
•added 2018/01/01 10:38 a.m.•59 views

Updated openssh packages fix security vulnerability

It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...

7.8CVSS4.3AI score0.03359EPSS
Exploits1References3
Mageia
Mageia
•added 2017/11/19 10:23 a.m.•59 views

Updated bluez packages fix security vulnerability

Buffer overflow in parseline function in the csr tool CVE-2016-7837...

7.8CVSS3.5AI score0.00556EPSS
Exploits0References2
Mageia
Mageia
•added 2017/05/10 8:47 p.m.•59 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on upstream 4.4.65 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadlock vi...

9.3CVSS3.8AI score0.17827EPSS
Exploits23References7
Mageia
Mageia
•added 2017/01/27 8:30 p.m.•59 views

Updated nvidia-current & ldetect-lst packages fix security vulnerabilities

This proprietary nvidia-current driver update provides an upgrade to the new R375 long lived branch adding support for nVidia Geforce 10 GTX10xx, Pascal series hardware and fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko...

7.8CVSS3.4AI score0.00423EPSS
Exploits0References3
Mageia
Mageia
•added 2015/11/27 11:11 p.m.•59 views

Updated thunderbird packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198,...

7.5CVSS9.6AI score0.04219EPSS
Exploits0References8
Mageia
Mageia
•added 2015/07/09 8:9 a.m.•59 views

Updated flash-player-plugin package fixes critical security vulnerabilities

Adobe Flash Player 11.2.202.481 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published. This updat...

10CVSS7.7AI score0.99344EPSS
Exploits6References2
Mageia
Mageia
•added 2015/02/09 9:44 p.m.•59 views

Updated polarssl packages fix CVE-2015-1182

Updated polarssl packages fix security vulnerability: A vulnerability was discovered in PolarSSL in its certificate parser. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library application...

7.5CVSS6.7AI score0.03246EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•59 views

Updated zarafa packages fix CVE-2014-9465 and some packaging issues

Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess = 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp CVE-2014-9465. This update also adds some patches from Robert Scheck which correct...

5CVSS6.4AI score0.03355EPSS
Exploits1References3
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•59 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 caus...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References7
Mageia
Mageia
•added 2014/02/10 8:6 p.m.•59 views

Updated kernel-rt packages fix multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
•added 2013/11/13 7:9 p.m.•59 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Various fixes from internal audits, fuzzing and other initiatives CVE-2013-2931. Use after free related to speech input elements CVE-2013-6621. Use after free related to media elements CVE-2013-6622. Out of bounds read in SVG...

10CVSS1.8AI score0.10117EPSS
Exploits4References3
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•58 views

Updated dcmtk packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images. CVE-2024-28130 Segmentation faults due to incorrect typecast CVE-2024-34508 Segmentation fault via invalid DIMSE message CVE-2024-34509...

7.5CVSS6.7AI score0.01692EPSS
Exploits3References2
Mageia
Mageia
•added 2024/06/28 2:41 a.m.•58 views

Updated libheif packages fix security vulnerabilities

Yuchuan Meng discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464...

8.8CVSS7.3AI score0.00804EPSS
Exploits4References2
Mageia
Mageia
•added 2024/04/04 8:26 p.m.•58 views

Updated python-pygments packages fix security vulnerability

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

5.5CVSS6.9AI score0.00503EPSS
Exploits1References2
Mageia
Mageia
•added 2024/03/15 2:49 a.m.•58 views

Updated mplayer packages fix security vulnerabilities

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config of llibmpcodecs/vfscale.c. CVE-2022-38850 Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function readmetarecord of mplayer/libmpdemux/asfheader.c. This affects...

5.5CVSS7.1AI score0.00344EPSS
Exploits9References1
Mageia
Mageia
•added 2024/01/14 10:23 p.m.•58 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.216release. Together with 120.0.6099.199, 7 vulnerabilities are fixed; some of them are listed below:...

8.8CVSS7.1AI score0.10114EPSS
Exploits0References3
Mageia
Mageia
•added 2023/11/20 2:56 p.m.•58 views

Fix u-boot reading file would overwrite reserved memory error

U-boot would not boot after upgrading to 2023.01 version on RPI 4/CM4 boards. Log would report: - Found EFI removable media binary efi/boot/bootaa64.efi - Reading file would overwrite reserved memory The updated package allows u-boot to load properly bootaa64.efi...

7.4AI score
Exploits0References2
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•58 views

Updated firefox/thunderbird packages fix security vulnerability

Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...

9.8CVSS8.7AI score0.99735EPSS
Exploits10References23
Mageia
Mageia
•added 2023/04/17 7:52 p.m.•58 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on upstream 5.15.106 and fixes atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tunta...

7.8CVSS7.4AI score0.06346EPSS
Exploits2References9
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•58 views

Updated ipmitool packages fix security vulnerability

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged...

8.8CVSS8.9AI score0.0329EPSS
Exploits1References2
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•58 views

Updated opencontainers-runc packages fix security vulnerability

/sys/fs/cgroup is writable when cgroupns isn't unshared CVE-2023-25809 Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges CVE-2023-27561 AppArmor/SELinux bypass with symlinked /proc CVE-2023-28642...

7.8CVSS7AI score0.00448EPSS
Exploits2References3
Mageia
Mageia
•added 2023/03/24 5:55 a.m.•58 views

Updated firefox packages fix security vulnerability

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash CVE-2023-25751. When accessing throttled streams, the count of available bytes needed to be checked in the calling...

8.8CVSS9.3AI score0.00713EPSS
Exploits0References4
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•58 views

Updated php packages fix security vulnerability

The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...

8.1CVSS7.4AI score0.01408EPSS
Exploits2References2
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•58 views

Updated webkit2 packages fix security vulnerability

Type confusion leading to arbitrary code execution using crafted web page CVE-2023-23529...

8.8CVSS9.1AI score0.09426EPSS
Exploits0References4
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•58 views

Updated sofia-sip packages fix security vulnerability

Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...

9.8CVSS9.1AI score0.0238EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•58 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...

8.8CVSS8.4AI score0.21314EPSS
Exploits4References6
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•58 views

Updated nginx packages fix security vulnerability

Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact. CVE-2022-41741, CVE-2022-41742...

7.8CVSS3AI score0.01069EPSS
Exploits2References2
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•58 views

Updated dokuwiki packages fix security vulnerability

Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. CVE-2022-3123...

6.1CVSS1AI score0.00891EPSS
Exploits1References3
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•58 views

Updated firefox packages fix security vulnerability

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries CVE-2022-42927. Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to...

8.8CVSS2.7AI score0.0083EPSS
Exploits0References4
Mageia
Mageia
•added 2022/09/10 8:26 p.m.•58 views

Updated rpm packages fix security vulnerability

RPM does not require subkeys to have a valid binding signature CVE-2021-3521...

4.7CVSS2.1AI score0.00302EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/02 7:59 p.m.•58 views

Updated webkit2 packages fix security vulnerability

Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32893...

8.8CVSS3.3AI score0.09785EPSS
Exploits0References3
Mageia
Mageia
•added 2022/07/13 8:44 p.m.•58 views

Updated pgadmin4 packages fix security vulnerability

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. CVE-2022-0959 In addition,...

6.5CVSS0.6AI score0.00931EPSS
Exploits0References2
Mageia
Mageia
•added 2022/06/24 8:50 p.m.•58 views

Updated libtiff packages fix security vulnerability

Heap-buffer-overflow in TIFFReadRawDataStriped in tiffinfo.c. CVE-2022-1354 Stack-buffer-overflow in tiffcp.c in main. CVE-2022-1355 Out-of-bounds read in LZWDecode. CVE-2022-1622, CVE-2022-1623...

6.1CVSS3AI score0.01684EPSS
Exploits4References2
Mageia
Mageia
•added 2022/06/03 5:15 p.m.•58 views

Updated trojita packages fix security vulnerability

An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If...

4.3CVSS1.1AI score0.00693EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•58 views

Updated microcode packages fix security vulnerabilities

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Sensitive information accessible by physical probing of JTAG interface for some IntelR Processors with SGX may allow an unprivileged user to potentially enable information...

5.5CVSS4.6AI score0.00347EPSS
Exploits0References5
Total number of security vulnerabilities5000