Lucene search
K
MageiaMost viewed

6011 matches found

Mageia
Mageia
•added 2022/02/15 8:50 p.m.•57 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.23 and fixes at least the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64...

9CVSS0.6AI score0.67994EPSS
Exploits14References7
Mageia
Mageia
•added 2022/01/26 10:30 a.m.•57 views

Updated polkit packages fix security vulnerability

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

7.8CVSS4.2AI score0.94921EPSS
Exploits152References3
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise the MariaDB server...

7.1CVSS2.3AI score0.08216EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•57 views

Updated libosinfo packages fix security vulnerability

Updated libosinfo packages fix security vulnerability: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system...

7.8CVSS2.3AI score0.00431EPSS
Exploits0References3
Mageia
Mageia
•added 2021/04/29 9:41 a.m.•57 views

Updated firefox packages fix security vulnerabilities

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...

8.8CVSS0.5AI score0.01764EPSS
Exploits1References4
Mageia
Mageia
•added 2021/03/14 9:20 p.m.•57 views

Updated git packages fix a security vulnerability

On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone CVE-2021-21300...

8CVSS2.7AI score0.88644EPSS
Exploits5References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•57 views

Updated microcode packages fix security vulnerability

Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 Cleanup errors in some IntelR Processors may allow an authenticated user to potentially enable...

5.5CVSS3.9AI score0.00587EPSS
Exploits0References6
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•57 views

Updated xmlsec1 packages fix security vulnerability

Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to...

7.1CVSS2.3AI score0.01341EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•57 views

Updated kernel packages fix security vulnerability

This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. CVE-2019-19037 It also fixes various potential...

5.5CVSS0.5AI score0.01886EPSS
Exploits1References10
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•57 views

Updated libreoffice packages fix security vulnerabilities

Updated libreoffice packages fix security vulnerabilities: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphi...

9.8CVSS1.4AI score0.78347EPSS
Exploits6References8
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A vulnerability in Server: Optimizer contains an easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in...

6.5CVSS6AI score0.03726EPSS
Exploits0References1
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•57 views

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Stored passwords in 'Saved Logins' can be copied without master password entry. CVE-2019-11733 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. CVE-2019-11735 File...

9.8CVSS1.2AI score0.0216EPSS
Exploits2References10
Mageia
Mageia
•added 2019/07/02 3:0 p.m.•57 views

Updated firefox packages fix security vulnerability

Updated firefox packages fix a security vulnerability thats being exploited in the wild: sandbox escape using Prompt:Open. CVE-2019-11708...

10CVSS0.9AI score0.55874EPSS
Exploits10References3
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•57 views

Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

7.8CVSS3.7AI score0.01756EPSS
Exploits0References2
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•57 views

Updated apache packages fix security vulnerability

By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections in Apache HTTP Server versions 2.4.37 and prior CVE-2018-17189. In Apache HTTP Serv...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References3
Mageia
Mageia
•added 2019/03/13 8:41 p.m.•57 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.104 and fixes at least the following security issue: Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware...

7.7CVSS6.6AI score0.039EPSS
Exploits0References5
Mageia
Mageia
•added 2019/02/17 5:17 p.m.•57 views

Updated thunderbird packages fix security vulnerability

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. CVE-2018-18356 An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash...

8.8CVSS2.9AI score0.03724EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•57 views

Updated php packages fix security vulnerability

Bypassing disabled exec functions in PHP via imapopen CVE-2018-19518...

8.5CVSS3.4AI score0.9523EPSS
Exploits6References1
Mageia
Mageia
•added 2018/09/07 10:15 a.m.•57 views

Updated sleuthkit packages fix security vulnerabilities

Updated sleuthkit packages fix security vulnerabilities: In The Sleuth Kit TSK 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660procdir in tsk/fs/iso9660dent.c in libtskfs.a, as demonstrated by fls CVE-2017-13755. In The Sleuth Kit TSK 4.4.2, opening a crafted disk...

8.1CVSS1.4AI score0.01326EPSS
Exploits6References2
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•57 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...

9.8CVSS0.3AI score0.08654EPSS
Exploits1References11
Mageia
Mageia
•added 2018/06/16 9:28 a.m.•57 views

Updated flash-player-plugin packages fixes security issues

Updated flash-player-plugin packages fixes the following security issues A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002. In response to a class of recently...

10CVSS2.1AI score0.25353EPSS
Exploits0References3
Mageia
Mageia
•added 2018/04/03 6:48 p.m.•57 views

Updated openssl packages fix security vulnerability

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

6.5CVSS3.8AI score0.19295EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/22 10:31 a.m.•57 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.105 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

8.8CVSS0.9AI score0.02285EPSS
Exploits8References14
Mageia
Mageia
•added 2017/10/05 8:37 p.m.•57 views

Updated firefox packages fix security vulnerabilities

A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the...

10CVSS3.4AI score0.03641EPSS
Exploits3References5
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•57 views

Updated unrar packages fix security vulnerabilities

Directory traversal issue in UnRAR before 5.5.7 CVE-2017-12938. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function CVE-2017-12940. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack2...

9.8CVSS5AI score0.0357EPSS
Exploits4References3
Mageia
Mageia
•added 2017/08/24 7:52 a.m.•57 views

Updated apache packages fix security vulnerabilities

In Apache httpd before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized poo...

9.1CVSS1.2AI score0.5677EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•57 views

Updated util-linux packages fix security vulnerability

The util-linux libblkid is vulnerable to a Denial of Service attack during MSDOS partition table parsing, in the extended partition boot record EBR. If the next EBR starts at relative offset 0, parsedosextended will loop until running out of memory. An attacker could install a specially crafted...

4.9CVSS4.1AI score0.00464EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/23 10:0 p.m.•57 views

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content CVE-2016-1234. A stack...

7.5CVSS2.4AI score0.07629EPSS
Exploits3References3
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•57 views

Updated apache-commons-collections packages fix CVE-2015-8103

Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...

9.8CVSS9.3AI score0.86829EPSS
Exploits12References2
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•57 views

Updated nss packages fix CVE-2016-1950

Updated rootcerts and nss packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute...

8.8CVSS4.7AI score0.04192EPSS
Exploits0References4
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•57 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service CVE-2015-5312. In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to...

9.8CVSS8.3AI score0.0721EPSS
Exploits1References5
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•57 views

Updated subversion packages fix security vulnerabilities

Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible CVE-2015-3184. Subversion server...

5CVSS8AI score0.10607EPSS
Exploits0References6
Mageia
Mageia
•added 2015/07/23 9:39 a.m.•57 views

Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

10CVSS9AI score0.06303EPSS
Exploits1References3
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•57 views

Updated vsftpd package fixes security vulnerability

The vsftp daemon was not handling the "denyfile" option properly, allowing unauthorized access in some specific scenarios CVE-2015-1419...

5CVSS6.5AI score0.06725EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•57 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.32 and fixes the following security issues: The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by...

10CVSS6.7AI score0.09828EPSS
Exploits3References6
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•57 views

Updated java-1.7.0-openjdk packages fix security vulnerabilities

Updated java-1.7.0 packages fix security vulnerabilities: A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions CVE-2014-6601. Multiple improper...

10CVSS5.4AI score0.67234EPSS
Exploits5References4
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•57 views

Updated smack packages fix security vulnerabilities

Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers...

6.8CVSS8.6AI score0.0123EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•57 views

Updated ffmpeg packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.1.14 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an unspecified impact...

7.5CVSS8.6AI score0.04697EPSS
Exploits0References5
Mageia
Mageia
•added 2014/10/09 2:6 p.m.•57 views

Updated perl-Data-Dumper package fixes CVE-2014-4330

Updated perl-Data-Dumper package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which triggers a large number of...

2.1CVSS7.2AI score0.00554EPSS
Exploits3References2
Mageia
Mageia
•added 2014/04/24 7:11 p.m.•57 views

Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

4.3CVSS8.5AI score0.01478EPSS
Exploits2References5
Mageia
Mageia
•added 2014/02/06 8:2 p.m.•57 views

Updated Firefox & Thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.3AI score0.07072EPSS
Exploits7References11
Mageia
Mageia
•added 2014/01/06 1:20 a.m.•57 views

Updated nodejs package fixes security vulnerabilities

A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...

7.5CVSS0.8AI score0.3722EPSS
Exploits3References4
Mageia
Mageia
•added 2013/11/22 7:16 p.m.•57 views

Updated bip packages fix CVE-2013-4550

Updated bip package fixes security vulnerability: bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a resource leak. A remote attacker can use this flaw to cause bip to run out of resources, resulting in a denial of service CVE-2013-4550...

5.1CVSS2.2AI score0.02224EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/12 1:54 p.m.•57 views

Updated firefox and thunderbird packages fix security vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS9.9AI score0.40118EPSS
Exploits14References9
Mageia
Mageia
•added 2013/07/09 5:56 p.m.•57 views

Updated kernel packages fix multiple security vulnerabilities

This kernel update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to...

7.9CVSS2.1AI score0.07313EPSS
Exploits5References2
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•56 views

Updated tomcat packages fix security vulnerabilities

DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...

9.8CVSS6.9AI score0.66933EPSS
Exploits6References3
Mageia
Mageia
•added 2024/06/25 4:12 p.m.•56 views

Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS7.2AI score0.00382EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/17 5:44 p.m.•56 views

Updated libndp packages fix security vulnerabilities

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information...

8.1CVSS7AI score0.01165EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/16 5:29 p.m.•56 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 124.0.6367.207 release. It includes 4 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...

9.6CVSS8.5AI score0.11007EPSS
Exploits4References4
Mageia
Mageia
•added 2024/04/20 6:11 p.m.•56 views

Updated putty & filezilla packages fix security vulnerability

The PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques. These signatures c...

5.9CVSS7.2AI score0.05773EPSS
Exploits0References2
Total number of security vulnerabilities5000