Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2014/11/21 12:44 p.m.•58 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.10.60 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...

5.5CVSS5.7AI score0.00595EPSS
Exploits1References3
Mageia
Mageia
•added 2014/07/26 11:3 a.m.•58 views

Updated java-1.7.0-openjdk packages fix multiple vulnerabilities

Updated java-1.7.0-openjdk packages fix security vulnerabilities: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions CVE-2014-4216...

9.3CVSS6.4AI score0.06118EPSS
Exploits1References4
Mageia
Mageia
•added 2014/07/04 6:26 p.m.•58 views

Updated file packages fix security vulnerabilities

A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...

6.5CVSS7.6AI score0.15176EPSS
Exploits1References2
Mageia
Mageia
•added 2014/05/10 7:46 p.m.•58 views

Updated libxml2 packages fix CVE-2014-0191

Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...

4.3CVSS7.8AI score0.081EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/17 6:15 p.m.•58 views

Updated mongodb package fixes security vulnerability

A possible DoS issue was discovered in MongoDB CVE-2012-6619. The --objcheck command line switch has now been enabled by default in the mongod service as a protective measure...

6.4CVSS2.7AI score0.0382EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/10 8:3 p.m.•58 views

Updated kernel-linus package fixes multiple vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

7.2CVSS8.3AI score0.34649EPSS
Exploits25References5
Mageia
Mageia
•added 2014/02/08 7:1 p.m.•58 views

Updated kernel package fixes one critical and a few other security issues

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References6
Mageia
Mageia
•added 2014/01/21 4:19 p.m.•58 views

Updated cups packages fix a security vulverability

Updated cups packages fix security vulnerability: Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions CVE-2013-6891...

1.2CVSS1.1AI score0.00446EPSS
Exploits1References3
Mageia
Mageia
•added 2013/12/17 10:38 p.m.•58 views

Updated kernel and related packages fix security vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresses,...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
•added 2013/08/11 12:50 p.m.•58 views

Updated otrs package fixes security vulnerability

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs CVE-2013-4717...

8.8CVSS4.2AI score0.01322EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/16 8:1 a.m.•58 views

Updated kernel-tmb packages fix multiple security vulnerabilities

This kernel-tmb update provides the extended stable 3.8.13.4 kernel and fixes the following security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access...

7.9CVSS2.3AI score0.07313EPSS
Exploits5References2
Mageia
Mageia
•added 2026/01/28 10:42 p.m.•57 views

Updated glib2.0 packages fix security vulnerabilities

Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with gdatetimenewfromiso8601. CVE-2025-3360 Buffer under-read on glib through glib/gfileutils.c via gettmpfile. CVE-2025-7039 Integer overflow in gescapeuristring...

9.8CVSS7AI score0.00754EPSS
Exploits1References2
Mageia
Mageia
•added 2025/03/19 11:44 p.m.•57 views

Updated tomcat packages fix security vulnerabilities

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...

10CVSS7.5AI score0.99945EPSS
Exploits46References2
Mageia
Mageia
•added 2025/03/02 7:18 a.m.•57 views

Updated ffmpeg packages fix security vulnerabilities

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS via opening a crafted AAC file. CVE-2025-22919 A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplyin...

6.5CVSS7.6AI score0.00393EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/14 5:23 a.m.•57 views

Updated squid packages fix security vulnerability

Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. CVE-2024-37894...

6.3CVSS6.8AI score0.06255EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/20 2:32 a.m.•57 views

Updated python-scikit-learn packages fix security vulnerability

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS6.6AI score0.00187EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/27 6:26 a.m.•57 views

Updated firefox packages fix security vulnerabilities

CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not ...

8.8CVSS6.7AI score0.00847EPSS
Exploits2References3
Mageia
Mageia
•added 2024/03/22 12:19 a.m.•57 views

Updated nodejs-tough-cookie packages fix security vulnerability

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. CVE-2023-26136...

9.8CVSS6.8AI score0.02542EPSS
Exploits2References2
Mageia
Mageia
•added 2024/02/19 6:16 p.m.•57 views

Updated radare2 packages fix security vulnerabilities

This update fixes two security issues: CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c...

9.8CVSS7.4AI score0.00926EPSS
Exploits2References2
Mageia
Mageia
•added 2023/11/28 12:11 a.m.•57 views

Updated java openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Segmentation fault in ciMethodBlocks. CVE-2022-40433 Certificate path validation issue during client authentication. CVE-2023-22081 IOR deserialization issue in CORBA. CVE-2023-22067...

5.3CVSS7.5AI score0.014EPSS
Exploits0References4
Mageia
Mageia
•added 2023/11/06 11:8 p.m.•57 views

Updated x11-server packages fix security vulnerabilities

The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. CVE-2023-5367 Use-after-free bug in DestroyWindow. CVE-2023-5380 Use-after-free bug in DamageDestroy. CVE-2023-5574...

7.8CVSS7.3AI score0.00715EPSS
Exploits0References2
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•57 views

Updated giflib packages fix security vulnerability

The updated packages fix a security vulnerability: giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. CVE-2023-39742...

5.5CVSS7.2AI score0.00328EPSS
Exploits1References3
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•57 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

5.3CVSS5.9AI score0.05533EPSS
Exploits0References7
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•57 views

Updated webkit2 packages fix security vulnerability

HTML document may be able to render iframes with sensitive user information CVE-2022-0108 maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32885 use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code ...

8.8CVSS8.4AI score0.27076EPSS
Exploits1References3
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•57 views

Updated freetype2 packages fix security vulnerability

An integer overflow vulnerability was discovered in Freetype in tthvadvanceadjust function in src/truetype/ttgxvar.c. CVE-2023-2004...

7.3AI score
Exploits0References3
Mageia
Mageia
•added 2023/04/17 7:52 p.m.•57 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.15.106 and fixes atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap...

7.8CVSS7.4AI score0.06346EPSS
Exploits2References9
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•57 views

Updated libtiff packages fix security vulnerability

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image. CVE-2022-48281...

5.5CVSS4.1AI score0.00461EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•57 views

Updated freeradius packages fix security vulnerability

Information leakage in EAP-PWD. CVE-2022-41859 Crash on unknown option in EAP-SIM. CVE-2022-41860 Crash on invalid abinary data. CVE-2022-41861...

7.5CVSS6.9AI score0.01171EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•57 views

Updated java packages fix security vulnerability

Class compilation issue. CVE-2022-21540 Improper restriction of MethodHandle.invokeBasic. CVE-2022-21541 Integer truncation issue in Xalan-J. CVE-2022-34169 Improper MultiByte conversion can lead to buffer overflow. CVE-2022-21618 Improper handling of long NTLM client hostnames. CVE-2022-21619...

7.5CVSS2.3AI score0.17673EPSS
Exploits2References7
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•57 views

Updated webkit2 packages fix security vulnerability

The updated packages fix a security vulnerability and other issues...

8.8CVSS7.2AI score0.0141EPSS
Exploits0References3
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•57 views

Updated firefox packages fix security vulnerability

expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 Fixes webrtc...

8.1CVSS8.4AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•57 views

Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

6.5CVSS1.4AI score0.0131EPSS
Exploits3References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•57 views

Updated microcode packages fix security vulnerability

Updated microcode packages fix security vulnerability: Improper isolation of shared resources in some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access CVE-2022-21233, intel-sa-00657. For more info, see the refenced advisory and release...

5.5CVSS4AI score0.00324EPSS
Exploits0References3
Mageia
Mageia
•added 2022/06/04 8:25 p.m.•57 views

Updated thunderbird packages fix security vulnerability

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

9.8CVSS0.5AI score0.01055EPSS
Exploits0References4
Mageia
Mageia
•added 2022/02/15 8:50 p.m.•57 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.23 and fixes at least the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64...

9CVSS0.6AI score0.67994EPSS
Exploits14References7
Mageia
Mageia
•added 2022/01/26 10:30 a.m.•57 views

Updated polkit packages fix security vulnerability

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

7.8CVSS4.2AI score0.94921EPSS
Exploits151References3
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise the MariaDB server...

7.1CVSS2.3AI score0.08216EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•57 views

Updated libosinfo packages fix security vulnerability

Updated libosinfo packages fix security vulnerability: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system...

7.8CVSS2.3AI score0.00431EPSS
Exploits0References3
Mageia
Mageia
•added 2021/05/23 1:30 a.m.•57 views

Updated mediawiki packages fix security vulnerabilities

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword CVE-2021-20270. A deadlock vulnerability was found in...

7.5CVSS1.1AI score0.03832EPSS
Exploits5References4
Mageia
Mageia
•added 2021/04/29 9:41 a.m.•57 views

Updated firefox packages fix security vulnerabilities

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...

8.8CVSS0.5AI score0.01764EPSS
Exploits1References4
Mageia
Mageia
•added 2021/03/14 9:20 p.m.•57 views

Updated git packages fix a security vulnerability

On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone CVE-2021-21300...

8CVSS2.7AI score0.88644EPSS
Exploits5References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•57 views

Updated firefox packages fix security vulnerability

WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR CVE-2020-6514. Crafted media files could lead to a race in texture caches, resulting in a use-after-free in ANGLE...

9.3CVSS8.8AI score0.0779EPSS
Exploits6References7
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•57 views

Updated microcode packages fix security vulnerability

Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 Cleanup errors in some IntelR Processors may allow an authenticated user to potentially enable...

5.5CVSS3.9AI score0.00587EPSS
Exploits0References6
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•57 views

Updated xmlsec1 packages fix security vulnerability

Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to...

7.1CVSS2.3AI score0.01341EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•57 views

Updated kernel packages fix security vulnerability

This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. CVE-2019-19037 It also fixes various potential...

5.5CVSS0.5AI score0.01886EPSS
Exploits1References10
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•57 views

Updated libreoffice packages fix security vulnerabilities

Updated libreoffice packages fix security vulnerabilities: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphi...

9.8CVSS1.4AI score0.78347EPSS
Exploits6References8
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A vulnerability in Server: Optimizer contains an easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in...

6.5CVSS6AI score0.03726EPSS
Exploits0References1
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•57 views

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Stored passwords in 'Saved Logins' can be copied without master password entry. CVE-2019-11733 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. CVE-2019-11735 File...

9.8CVSS1.2AI score0.0216EPSS
Exploits2References10
Mageia
Mageia
•added 2019/07/02 1:9 p.m.•57 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. CVE-2019-11707 Sandbox escape using Prompt:Open. CVE-2019-11708...

10CVSS1.9AI score0.55874EPSS
Exploits14References3
Mageia
Mageia
•added 2019/03/13 8:41 p.m.•57 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.104 and fixes at least the following security issue: Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware...

7.7CVSS6.6AI score0.039EPSS
Exploits0References5
Total number of security vulnerabilities5000