Lucene search
K
MageiaMost viewed

6011 matches found

Mageia
Mageia
•added 2022/12/30 10:39 p.m.•57 views

Updated freeradius packages fix security vulnerability

Information leakage in EAP-PWD. CVE-2022-41859 Crash on unknown option in EAP-SIM. CVE-2022-41860 Crash on invalid abinary data. CVE-2022-41861...

7.5CVSS6.9AI score0.01171EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•57 views

Updated java packages fix security vulnerability

Class compilation issue. CVE-2022-21540 Improper restriction of MethodHandle.invokeBasic. CVE-2022-21541 Integer truncation issue in Xalan-J. CVE-2022-34169 Improper MultiByte conversion can lead to buffer overflow. CVE-2022-21618 Improper handling of long NTLM client hostnames. CVE-2022-21619...

7.5CVSS2.3AI score0.17673EPSS
Exploits2References7
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•57 views

Updated webkit2 packages fix security vulnerability

The updated packages fix a security vulnerability and other issues...

8.8CVSS7.2AI score0.0141EPSS
Exploits0References3
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•57 views

Updated firefox packages fix security vulnerability

expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 Fixes webrtc...

8.1CVSS8.4AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•57 views

Updated thunderbird packages fix security vulnerability

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674...

8.1CVSS8.4AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•57 views

Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

6.5CVSS1.4AI score0.0131EPSS
Exploits3References2
Mageia
Mageia
•added 2022/07/05 7:11 p.m.•57 views

Updated firefox packages fix security vulnerability

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution CVE-2022-2200. An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing...

9.8CVSS0.1AI score0.23941EPSS
Exploits1References4
Mageia
Mageia
•added 2022/06/24 8:50 p.m.•57 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: Use after free in Base. CVE-2022-2156 Use after free in Interest groups. CVE-2022-2157 Type Confusion in V8. CVE-2022-2158 Insufficient policy enforcement ...

8.8CVSS1.7AI score0.01312EPSS
Exploits1References3
Mageia
Mageia
•added 2022/06/04 8:25 p.m.•57 views

Updated thunderbird packages fix security vulnerability

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

9.8CVSS0.5AI score0.01055EPSS
Exploits0References4
Mageia
Mageia
•added 2021/12/26 12:14 a.m.•57 views

Updated lapack/openblas packages fix security vulnerability

Fixes out of bounds read issue in larrv functions CVE-2021-4048...

9.1CVSS2.4AI score0.0262EPSS
Exploits0References2
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise the MariaDB server...

7.1CVSS2.3AI score0.08216EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•57 views

Updated libosinfo packages fix security vulnerability

Updated libosinfo packages fix security vulnerability: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system...

7.8CVSS2.3AI score0.00431EPSS
Exploits0References3
Mageia
Mageia
•added 2021/04/29 9:41 a.m.•57 views

Updated firefox packages fix security vulnerabilities

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...

8.8CVSS0.5AI score0.01764EPSS
Exploits1References4
Mageia
Mageia
•added 2021/03/14 9:20 p.m.•57 views

Updated git packages fix a security vulnerability

On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone CVE-2021-21300...

8CVSS2.7AI score0.88644EPSS
Exploits5References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•57 views

Updated microcode packages fix security vulnerability

Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 Cleanup errors in some IntelR Processors may allow an authenticated user to potentially enable...

5.5CVSS3.9AI score0.00587EPSS
Exploits0References6
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•57 views

Updated xmlsec1 packages fix security vulnerability

Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to...

7.1CVSS2.3AI score0.01341EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/13 4:51 p.m.•57 views

Updated kernel packages fix security vulnerability

This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. CVE-2019-19037 It also fixes various potential...

5.5CVSS0.5AI score0.01886EPSS
Exploits1References10
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•57 views

Updated libreoffice packages fix security vulnerabilities

Updated libreoffice packages fix security vulnerabilities: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphi...

9.8CVSS1.4AI score0.78347EPSS
Exploits6References8
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A vulnerability in Server: Optimizer contains an easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in...

6.5CVSS6AI score0.03726EPSS
Exploits0References1
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•57 views

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Stored passwords in 'Saved Logins' can be copied without master password entry. CVE-2019-11733 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. CVE-2019-11735 File...

9.8CVSS1.2AI score0.0216EPSS
Exploits2References10
Mageia
Mageia
•added 2019/07/02 3:0 p.m.•57 views

Updated firefox packages fix security vulnerability

Updated firefox packages fix a security vulnerability thats being exploited in the wild: sandbox escape using Prompt:Open. CVE-2019-11708...

10CVSS0.9AI score0.55874EPSS
Exploits10References3
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•57 views

Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

7.8CVSS3.7AI score0.01756EPSS
Exploits0References2
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•57 views

Updated apache packages fix security vulnerability

By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections in Apache HTTP Server versions 2.4.37 and prior CVE-2018-17189. In Apache HTTP Serv...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References3
Mageia
Mageia
•added 2019/03/13 8:41 p.m.•57 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.104 and fixes at least the following security issue: Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware...

7.7CVSS6.6AI score0.039EPSS
Exploits0References5
Mageia
Mageia
•added 2019/02/17 5:17 p.m.•57 views

Updated thunderbird packages fix security vulnerability

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. CVE-2018-18356 An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash...

8.8CVSS2.9AI score0.03724EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•57 views

Updated php packages fix security vulnerability

Bypassing disabled exec functions in PHP via imapopen CVE-2018-19518...

8.5CVSS3.4AI score0.9523EPSS
Exploits6References1
Mageia
Mageia
•added 2018/09/07 10:15 a.m.•57 views

Updated sleuthkit packages fix security vulnerabilities

Updated sleuthkit packages fix security vulnerabilities: In The Sleuth Kit TSK 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660procdir in tsk/fs/iso9660dent.c in libtskfs.a, as demonstrated by fls CVE-2017-13755. In The Sleuth Kit TSK 4.4.2, opening a crafted disk...

8.1CVSS1.4AI score0.01326EPSS
Exploits6References2
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•57 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...

9.8CVSS0.3AI score0.08654EPSS
Exploits1References11
Mageia
Mageia
•added 2018/06/16 9:28 a.m.•57 views

Updated flash-player-plugin packages fixes security issues

Updated flash-player-plugin packages fixes the following security issues A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002. In response to a class of recently...

10CVSS2.1AI score0.25353EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/31 12:0 p.m.•57 views

Updated bind packages fix security vulnerability

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-9131. It was discovered that Bind incorrectly handled certain malformed responses to an AN...

7.5CVSS1.7AI score0.40556EPSS
Exploits1References19
Mageia
Mageia
•added 2017/12/22 10:31 a.m.•57 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.105 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

8.8CVSS0.9AI score0.02285EPSS
Exploits8References14
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•57 views

Updated unrar packages fix security vulnerabilities

Directory traversal issue in UnRAR before 5.5.7 CVE-2017-12938. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function CVE-2017-12940. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack2...

9.8CVSS5AI score0.0357EPSS
Exploits4References3
Mageia
Mageia
•added 2017/08/24 7:52 a.m.•57 views

Updated apache packages fix security vulnerabilities

In Apache httpd before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized poo...

9.1CVSS1.2AI score0.5677EPSS
Exploits0References3
Mageia
Mageia
•added 2016/07/14 8:33 p.m.•57 views

Updated util-linux packages fix security vulnerability

The util-linux libblkid is vulnerable to a Denial of Service attack during MSDOS partition table parsing, in the extended partition boot record EBR. If the next EBR starts at relative offset 0, parsedosextended will loop until running out of memory. An attacker could install a specially crafted...

4.9CVSS4.1AI score0.00464EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•57 views

Updated libxml2 packages fix security vulnerability

When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack CVE-2016-3627. libxml2 limits the number of recursions an XML...

7.5CVSS3.1AI score0.07025EPSS
Exploits1References3
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•57 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...

10CVSS3.9AI score0.04692EPSS
Exploits0References6
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•57 views

Updated apache-commons-collections packages fix CVE-2015-8103

Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...

9.8CVSS9.3AI score0.86829EPSS
Exploits12References2
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•57 views

Updated nss packages fix CVE-2016-1950

Updated rootcerts and nss packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute...

8.8CVSS4.7AI score0.04192EPSS
Exploits0References4
Mageia
Mageia
•added 2015/11/26 8:47 p.m.•57 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service CVE-2015-5312. In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to...

9.8CVSS8.3AI score0.0721EPSS
Exploits1References5
Mageia
Mageia
•added 2015/09/30 9:35 p.m.•57 views

Updated kernel packages provides 4.1 longterm and fixes security issues

This kernel update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey function. A...

5.5CVSS7.9AI score0.00493EPSS
Exploits1References11
Mageia
Mageia
•added 2015/07/23 9:39 a.m.•57 views

Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

10CVSS9AI score0.06303EPSS
Exploits1References3
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•57 views

Updated vsftpd package fixes security vulnerability

The vsftp daemon was not handling the "denyfile" option properly, allowing unauthorized access in some specific scenarios CVE-2015-1419...

5CVSS6.5AI score0.06725EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•57 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.32 and fixes the following security issues: The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by...

10CVSS6.7AI score0.09828EPSS
Exploits3References6
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•57 views

Updated java-1.7.0-openjdk packages fix security vulnerabilities

Updated java-1.7.0 packages fix security vulnerabilities: A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions CVE-2014-6601. Multiple improper...

10CVSS5.4AI score0.67234EPSS
Exploits5References4
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•57 views

Updated smack packages fix security vulnerabilities

Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers...

6.8CVSS8.6AI score0.0123EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•57 views

Updated ffmpeg packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.1.14 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an unspecified impact...

7.5CVSS8.6AI score0.04697EPSS
Exploits0References5
Mageia
Mageia
•added 2014/10/09 2:6 p.m.•57 views

Updated perl-Data-Dumper package fixes CVE-2014-4330

Updated perl-Data-Dumper package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which triggers a large number of...

2.1CVSS7.2AI score0.00554EPSS
Exploits3References2
Mageia
Mageia
•added 2014/04/24 7:11 p.m.•57 views

Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

4.3CVSS8.5AI score0.01478EPSS
Exploits2References5
Mageia
Mageia
•added 2014/02/06 8:2 p.m.•57 views

Updated Firefox & Thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.3AI score0.07072EPSS
Exploits7References11
Mageia
Mageia
•added 2014/01/06 1:20 a.m.•57 views

Updated nodejs package fixes security vulnerabilities

A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...

7.5CVSS0.8AI score0.3722EPSS
Exploits3References4
Total number of security vulnerabilities5000