Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2021/12/26 12:14 a.m.•56 views

Updated lapack/openblas packages fix security vulnerability

Fixes out of bounds read issue in larrv functions CVE-2021-4048...

9.1CVSS2.4AI score0.0262EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/10 10:19 p.m.•56 views

Updated libvirt packages fix security vulnerability

Fix deadlock on virStoragePoolLookupByTargetPath failure bz 1986113 CVE-2021-3667 More CAPSETPCAP warning fixes bz 1924218 Handle unknown firmware.json errors...

6.5CVSS2.9AI score0.01366EPSS
Exploits0References4
Mageia
Mageia
•added 2021/10/27 12:13 p.m.•56 views

Updated qtbase5 packages fix security vulnerability

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...

7.5CVSS1.9AI score0.03915EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•56 views

Updated vim packages fix security vulnerability

CVE-2021-3778: vim: Heap-based Buffer Overflow in utfptr2char Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo "Ywp2XTCqCi4KeQpAMA=...

8.2CVSS8AI score0.01626EPSS
Exploits2References8
Mageia
Mageia
•added 2021/03/17 11:1 a.m.•56 views

Updated chromium-browser-stable packages fix security vulnerability

The updated packages fix security vulnerabilities. At least one of them is known to be actively exploited...

8.8CVSS3.1AI score0.26525EPSS
Exploits26References4
Mageia
Mageia
•added 2021/03/17 6:16 a.m.•56 views

Updated microcode package fixes security vulnerabilities

This update adds new microcode updates to mitigate CVE-2020-8696 for Intel Skylake server 50654 and Cascade Lake Server 50656 & 50657 processors. The new microcode update mitigates an issue when using an active JTAG agent like In Target Probe ITP, Direct Connect Interface DCI or a Baseboard...

5.5CVSS2.4AI score0.0051EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•56 views

Updated python3 packages fix security vulnerability

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...

9.8CVSS7.9AI score0.08235EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/20 4:22 p.m.•56 views

Updated freetype2 packages fix security vulnerability

A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in LoadSBitPng as libpng uses the original 32-bit values, which are saved in pngstruct. If the original width and/or height are greater than 65535, the...

9.6CVSS0.4AI score0.5063EPSS
Exploits2References3
Mageia
Mageia
•added 2020/08/18 8:43 p.m.•56 views

Updated freerdp packages fix security vulnerability

Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on invalid length arguments to a memcpy CVE-2020-1510...

5.9CVSS2.9AI score0.04105EPSS
Exploits1References3
Mageia
Mageia
•added 2020/06/10 11:59 p.m.•56 views

Updated nghttp2 packages fix security vulnerability

nghttp2 has been updated to version 1.41.0 to fix CVE-2020-11080. The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and...

7.5CVSS4AI score0.05316EPSS
Exploits0References1
Mageia
Mageia
•added 2020/06/10 9:39 p.m.•56 views

Updated vino packages fix security vulnerability

Updated vino packages fix security vulnerabilities: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service memory consumption ...

9.8CVSS9.2AI score0.07563EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•56 views

Updated sleuthkit packages fix security vulnerability

Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table CVE-2019-14532. In version 4.8.0 and earlier of The Sleuth Kit TSK, there ...

9.8CVSS2.3AI score0.02352EPSS
Exploits2References1
Mageia
Mageia
•added 2020/04/03 10:53 p.m.•56 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on upstream 5.5.15 and fixes at least the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu...

7.8CVSS7.3AI score0.0606EPSS
Exploits13References17
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•56 views

Updated mozjs60 packages fix security vulnerability

The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox...

10CVSS1.6AI score0.55874EPSS
Exploits14References3
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•56 views

Updated ansible packages fix security vulnerabilities

Updated ansible package fixes security vulnerabilities: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them CVE-2019-10206. Ansible was...

7.8CVSS3.4AI score0.01503EPSS
Exploits0References2
Mageia
Mageia
•added 2019/10/29 2:54 p.m.•56 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 5.3.7 and fixes several issues: various security issues in the usb subsystem rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow CVE-2019-17666 Other...

8.8CVSS0.3AI score0.03017EPSS
Exploits0References4
Mageia
Mageia
•added 2019/08/10 12:12 a.m.•56 views

Updated php packages fix security vulnerabilities

Updated php packages fixes at least the following security issues: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause ...

7.1CVSS3.1AI score0.0442EPSS
Exploits2References3
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•56 views

Updated apache packages fix security vulnerability

By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections in Apache HTTP Server versions 2.4.37 and prior CVE-2018-17189. In Apache HTTP Serv...

7.5CVSS0.7AI score0.19994EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•56 views

Updated php packages fix security vulnerability

Bypassing disabled exec functions in PHP via imapopen CVE-2018-19518...

8.5CVSS3.4AI score0.9523EPSS
Exploits6References1
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•56 views

Updated php packages fix security vulnerability

- Int Overflow lead to Heap OverFlow in exifthumbnailextract of exif.c CVE-2018-14883 - heap-buffer-overflow READ of size 48 while reading exif data CVE-2018-14851 - XSS due to the header Transfer-Encoding: chunked...

7.5CVSS2.1AI score0.08975EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•56 views

Updated spring-ldap packages fix security vulnerability

It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...

8.1CVSS3AI score0.02606EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/20 5:24 p.m.•56 views

Updated thunderbird packages fix bugs and security vulnerabilities

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash CVE-2018-5127. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially...

9.8CVSS2.7AI score0.12054EPSS
Exploits3References2
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•56 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 3.3.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...

9.8CVSS4AI score0.03332EPSS
Exploits0References4
Mageia
Mageia
•added 2017/12/31 12:0 p.m.•56 views

Updated bind packages fix security vulnerability

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-9131. It was discovered that Bind incorrectly handled certain malformed responses to an AN...

7.5CVSS1.7AI score0.40556EPSS
Exploits1References19
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•56 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References8
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•56 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-öinus update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References7
Mageia
Mageia
•added 2017/08/20 9:10 a.m.•56 views

Updated ruby packages fix security vulnerabilities

It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. CVE-2015-9096 Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this...

9.8CVSS8.6AI score0.06204EPSS
Exploits5References2
Mageia
Mageia
•added 2017/08/19 9:58 a.m.•56 views

Updated mercurial packages fix security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

10CVSS3AI score0.05734EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/13 10:19 p.m.•56 views

Updated cacti packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php CVE-2017-10970. Cross-site scripting XSS vulnerability in...

9.8CVSS3.4AI score0.02921EPSS
Exploits2References6
Mageia
Mageia
•added 2017/05/26 6:54 a.m.•56 views

Updated kernel packages fixes security vulnerabilities

This kernel update is based on upstream 4.4.68 and fixes at least the following security issues: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service system crash via a long RPC reply, related to net/sunrpc/svc.c,...

9.8CVSS6.3AI score0.05794EPSS
Exploits0References4
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•56 views

Updated freetype2 packages fix security vulnerability

It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-10328. FreeType 2...

9.8CVSS4.8AI score0.04188EPSS
Exploits0References3
Mageia
Mageia
•added 2017/03/25 8:15 p.m.•56 views

Updated kernel-linus packages fixes security vulnerabilities

This kernel-linus update is based on upstream 4.4.55 and fixes at least the following security issues: Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline...

7.8CVSS4.4AI score0.01029EPSS
Exploits2References6
Mageia
Mageia
•added 2016/11/28 12:13 a.m.•56 views

Updated libtiff packages fix security vulnerability

The updated packages fix: - A regression introduced by the fix for CVE-2016-9297 CVE-2016-9448. - An out-of-bounds Write memcpy and less bound check in tiff2pdf CVE-2016-9453...

7.8CVSS2.7AI score0.04975EPSS
Exploits0References5
Mageia
Mageia
•added 2016/11/26 10:41 a.m.•56 views

Updated kernel-4.4.32 packages fixes security vulnerabilities

This update is based on upstream 4.4.32 and fixes at least the following security issues: The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data,...

6.8CVSS1.5AI score0.01765EPSS
Exploits0References3
Mageia
Mageia
•added 2016/11/02 8:43 a.m.•56 views

Updated libtiff packages fix security vulnerability

The TIFFWriteDirectoryTagLongLong8Array function in tifdirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read via vectors involving the ma variable CVE-2016-3658. They also fix: An out-of-bound read of up to 3 bytes in...

7.5CVSS7.4AI score0.05669EPSS
Exploits0References1
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•56 views

Updated libxml2 packages fix security vulnerability

When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack CVE-2016-3627. libxml2 limits the number of recursions an XML...

7.5CVSS3.1AI score0.07025EPSS
Exploits1References3
Mageia
Mageia
•added 2016/04/13 5:39 p.m.•56 views

Updated apache-commons-collections packages fix CVE-2015-8103

Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...

9.8CVSS9.3AI score0.86829EPSS
Exploits12References2
Mageia
Mageia
•added 2016/03/16 6:7 p.m.•56 views

Updated nss packages fix CVE-2016-1950

Updated rootcerts and nss packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute...

8.8CVSS4.7AI score0.04192EPSS
Exploits0References4
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•56 views

Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

10CVSS7AI score0.14714EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/30 9:35 p.m.•56 views

Updated kernel packages provides 4.1 longterm and fixes security issues

This kernel update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.8 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey function. A...

5.5CVSS7.9AI score0.00493EPSS
Exploits1References11
Mageia
Mageia
•added 2015/07/27 9:53 a.m.•56 views

Updated mariadb package fixes security vulnerabilities

The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled CVE-2015-3152. The Mageia 4 update...

5.9CVSS6.4AI score0.07083EPSS
Exploits1References5
Mageia
Mageia
•added 2015/07/23 9:39 a.m.•56 views

Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

10CVSS9AI score0.06303EPSS
Exploits1References3
Mageia
Mageia
•added 2015/04/23 9:14 p.m.•56 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 42.0.2311.90 fixes several security issues, among others a cross-origin-bypass in HTML parser CVE-2015-1235, a cross-origin-bypass in Blink CVE-2015-1236, a use-after-free in IPC CVE-2015-1237, an out-of-bounds write in Skia CVE-2015-1238, an out-of-bounds read in WebGL...

7.5CVSS6.9AI score0.02702EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•56 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.32 and fixes the following security issues: The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by...

10CVSS6.7AI score0.09828EPSS
Exploits3References6
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•56 views

Updated patch packages fix security vulnerabilities

Updated patch package fixes security vulnerabilities: It was reported that a crafted diff file can make patch eat memory and later segfault CVE-2014-9637. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could...

7.8CVSS6.5AI score0.11199EPSS
Exploits1References3
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•56 views

Updated file packages fix security vulnerabilities

Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers CVE-2014-9620, CVE-2014-9621. As part of...

5CVSS7.5AI score0.04683EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/28 11:33 a.m.•56 views

Updated php packages fix security vulnerabilities

An integer overflow flaw in PHP's unserialize function was reported. If unserialize were used on untrusted data, this issue could lead to a crash or potentially information disclosure CVE-2014-3669. A heap corruption issue was reported in PHP's exifthumbnail function. A specially-crafted JPEG ima...

7.5CVSS8AI score0.28862EPSS
Exploits2References7
Mageia
Mageia
•added 2014/10/23 1:27 p.m.•56 views

Updated iceape package fixes security vulnerabilities

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

10CVSS9.5AI score0.05951EPSS
Exploits2References29
Mageia
Mageia
•added 2014/10/09 2:6 p.m.•56 views

Updated perl-Data-Dumper package fixes CVE-2014-4330

Updated perl-Data-Dumper package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which triggers a large number of...

2.1CVSS7.2AI score0.00554EPSS
Exploits3References2
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•56 views

Updated glibc packages fix multiple security vulnerabilities

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes...

7.5CVSS8.6AI score0.18099EPSS
Exploits5References4
Total number of security vulnerabilities5000