Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2022/06/13 8:44 p.m.•55 views

Updated docker-containerd packages fix security vulnerability

A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the 'ExecSync' API. CVE-2022-31030...

5.5CVSS2.4AI score0.00377EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•55 views

Updated docker-containerd packages fix security vulnerability

A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS1AI score0.27392EPSS
Exploits4References3
Mageia
Mageia
•added 2021/11/20 7:31 p.m.•55 views

Updated php packages fix security vulnerability

Header injection via defaultmimetype / defaultcharset mbstring may use pointer from some previous request Unexpected behavior with arrays and JIT Special character is breaking the path in xml function CVE-2021-21707 XMLReader::getParserProperty may throw with a valid property...

5.3CVSS2.1AI score0.25951EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•55 views

Updated ffmpeg packages fix security vulnerability

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. CVE-2020-20446 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service...

9.8CVSS3.9AI score0.0269EPSS
Exploits11References7
Mageia
Mageia
•added 2021/10/27 12:13 p.m.•55 views

Updated qtbase5 packages fix security vulnerability

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...

7.5CVSS1.9AI score0.03915EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•55 views

Updated python-flask-restx packages fix security vulnerability

Regular expression denial of service in emailregex...

7.5CVSS3.4AI score0.01804EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•55 views

Updated curl packages fix security vulnerabilities

Wrong content via metalink not discarded CVE-2021-22922. Metalink download sends credentials CVE-2021-22923. Bad connection reuse due to flawed path name checks CVE-2021-22924. TELNET stack contents disclosure again CVE-2021-22925...

6.5CVSS6.5AI score0.0627EPSS
Exploits4References6
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•55 views

Updated guile1.8 packages fix security vulnerabilities

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. Th...

5.3CVSS3.3AI score0.02788EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/28 10:51 p.m.•55 views

Updated trousers packages fix security vulnerabilities

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed CVE-2020-24330. An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with...

7.8CVSS6.8AI score0.00553EPSS
Exploits3References3
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•55 views

Updated gnutls packages fix security vulnerabilities

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences CVE-2021-20231. A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other...

9.8CVSS2.3AI score0.03751EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/25 2:43 p.m.•55 views

Updated samba and ldb packages fix security vulnerabilities

A flaw was found in samba. Spaces used in a string around a domain name DN, while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability...

7.5CVSS7.6AI score0.04328EPSS
Exploits0References5
Mageia
Mageia
•added 2021/03/12 1:25 a.m.•55 views

Updated python-cryptography package fixes a security vulnerability

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow CVE-2020-36242...

9.1CVSS9.3AI score0.06718EPSS
Exploits1References2
Mageia
Mageia
•added 2021/02/05 11:54 a.m.•55 views

Updated nodejs-ini package fixes a security vulnerability

It was discovered that there was an issue in nodejs-ini, where an application could be exploited by a malicious input file. This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on th...

9.8CVSS4AI score0.03612EPSS
Exploits1References2
Mageia
Mageia
•added 2021/01/14 3:13 p.m.•55 views

Updated awstats package fixes a security vulnerability

It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present CVE-2020-29600...

9.8CVSS5AI score0.02909EPSS
Exploits1References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•55 views

Updated thunderbird packages fix security vulnerability

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection CVE-2020-12398. When browsing a malicious page, a race condition in our...

9.3CVSS0.4AI score0.03034EPSS
Exploits2References3
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•55 views

Updated nginx packages fix security vulnerability

Nginx was updated due to the following vulnerabilities: ngxhttpspecialresponse.c: With a certain errorpage configuration, HTTP request smuggling is possible. Thus, an attacker may be able to read unauthorized web pages at times when NGINX is being fronted by a load balancer. CVE-2019-20372...

5.3CVSS0.7AI score0.14961EPSS
Exploits3References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•55 views

Updated ansible packages fix security vulnerabilities

Updated ansible package fixes security vulnerabilities: A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with...

7.9CVSS0.3AI score0.00506EPSS
Exploits3References5
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•55 views

Updated qt4 packages fix security vulnerabilities

Updated qt4 packages fix security vulnerabilities: A double-free or corruption during parsing of a specially crafted illegal XML document CVE-2018-15518. A malformed SVG image could cause a segmentation fault in qsvghandler.cpp CVE-2018-19869. A malformed GIF image might have caused a NULL pointe...

9.8CVSS2.3AI score0.03382EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•55 views

Updated openldap packages fix security vulnerabilities

Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service slapd crash via a member MODDN operation CVE-2017-17740. I...

7.5CVSS3.7AI score0.07022EPSS
Exploits1References7
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•55 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...

6.1CVSS6.7AI score0.56691EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•55 views

Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956...

7.5CVSS7.8AI score0.05515EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•55 views

Updated libvpx packages fix security vulnerabilities

Updated libvpx packages fix security vulnerabilities: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary cod...

9.3CVSS3.3AI score0.05392EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•55 views

Updated libtasn1 packages fix security vulnerability

Updated libtasn1 packages fix security vulnerability: Denial of service in asn1Parser CVE-2018-1000654...

7.1CVSS6.2AI score0.02008EPSS
Exploits1References2
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•55 views

Updated thunderbird packages fix security vulnerabilities

This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Thunderbird 68. CVE-2019-11710 Script...

9.8CVSS0.20271EPSS
Exploits3References5
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•55 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...

9.8CVSS0.2AI score0.09393EPSS
Exploits4References3
Mageia
Mageia
•added 2018/12/07 12:53 p.m.•55 views

Updated flash-player-plugin packages fix security vulnerability

Use after free flaw enabling arbitrary code execution. CVE-2018-15982 Insecure Library Loading DLL hijacking flaw enabling privilege escalation. CVE-2018-15983...

10CVSS2.9AI score0.81971EPSS
Exploits13References2
Mageia
Mageia
•added 2018/04/20 5:24 p.m.•55 views

Updated libtiff packages fix security vulnerability

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tifprint.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. This affects an earlier part of the TIFFPrintDirectory function that was not addressed...

6.5CVSS3.6AI score0.03021EPSS
Exploits1References1
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•55 views

Updated bugzilla packages fix security vulnerability

A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to CVE-2018-5123...

8.8CVSS4.1AI score0.00504EPSS
Exploits1References4
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•55 views

Updated glpi packages fix security vulnerability

The glpi package has been updated to version 9.1.6, which fixes several security issues and other bugs. See the upstream release announcements for details. An issue in the php-zetacomponents-base package which prevented GLPI from working has also been fixed...

9.8CVSS3.6AI score0.01633EPSS
Exploits0References6
Mageia
Mageia
•added 2018/01/25 12:47 p.m.•55 views

Updated glibc packages fix security vulnerabilities

An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't return a valid absolute pathname CVE-2018-1000001...

9.3CVSS2.4AI score0.13614EPSS
Exploits9References2
Mageia
Mageia
•added 2018/01/02 4:25 p.m.•55 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. CVE-2017-12150 Stefan Metzmacher discovered that Samba incorrectly...

9.8CVSS1.6AI score0.21408EPSS
Exploits0References13
Mageia
Mageia
•added 2018/01/01 1:17 a.m.•55 views

Updated ncurses packages fix security vulnerabilities

Possible RCE via stack-based buffer overflow in the fmtentry function CVE-2017-10684. Possible RCE with format string vulnerability in the fmtentry function CVE-2017-10685. Illegal address access in appendacs CVE-2017-11112. Dereferencing NULL pointer in ncparseentry CVE-2017-11113...

9.8CVSS5.6AI score0.04876EPSS
Exploits1References3
Mageia
Mageia
•added 2017/12/31 12:0 p.m.•55 views

Updated bind packages fix security vulnerability

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-9131. It was discovered that Bind incorrectly handled certain malformed responses to an AN...

7.5CVSS1.7AI score0.40556EPSS
Exploits1References19
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•55 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users t...

8.8CVSS3.5AI score0.16181EPSS
Exploits12References7
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•55 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References8
Mageia
Mageia
•added 2017/08/19 9:58 a.m.•55 views

Updated mercurial packages fix security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

10CVSS3AI score0.05734EPSS
Exploits1References2
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•55 views

Updated nginx packages fix security vulnerability

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...

7.5CVSS3.1AI score0.62597EPSS
Exploits6References2
Mageia
Mageia
•added 2017/06/19 7:44 a.m.•55 views

Updated thunderbird packages fix security vulnerability and bugs

Use-after-free using destroyed node when regenerating trees CVE-2017-5472. Use-after-free during docshell reloading CVE-2017-7749. Use-after-free with track elements CVE-2017-7750. Use-after-free with content viewer listeners CVE-2017-7751. Use-after-free with IME input CVE-2017-7752. Out-of-boun...

9.8CVSS1.7AI score0.05216EPSS
Exploits5References2
Mageia
Mageia
•added 2017/05/26 6:54 a.m.•55 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel-tmb update is based on upstream 4.4.68 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadloc...

10CVSS4.2AI score0.17827EPSS
Exploits23References10
Mageia
Mageia
•added 2017/04/21 7:24 a.m.•55 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser 57.0.2987.133 fixes security issues: Multiple flaws were found in the way Chromium 55 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.6CVSS2.1AI score0.41603EPSS
Exploits6References6
Mageia
Mageia
•added 2017/03/31 8:28 p.m.•55 views

Updated kernel-tmb packages fixes security vulnerability

This kernel-tmb update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root...

7.8CVSS4.6AI score0.01902EPSS
Exploits4References5
Mageia
Mageia
•added 2017/03/02 3:11 p.m.•55 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.14.5, fixing several security issues and other bugs...

9.6CVSS3.4AI score0.66788EPSS
Exploits31References11
Mageia
Mageia
•added 2016/11/28 12:13 a.m.•55 views

Updated libtiff packages fix security vulnerability

The updated packages fix: - A regression introduced by the fix for CVE-2016-9297 CVE-2016-9448. - An out-of-bounds Write memcpy and less bound check in tiff2pdf CVE-2016-9453...

7.8CVSS2.7AI score0.04975EPSS
Exploits0References5
Mageia
Mageia
•added 2016/11/27 12:34 p.m.•55 views

Updated clamav packages fix security vulnerability

ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted mew packer executable CVE-2016-1371. ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted 7z file...

7.5CVSS5.9AI score0.03406EPSS
Exploits2References2
Mageia
Mageia
•added 2016/06/02 9:40 p.m.•55 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: In php-intl, geticuvalueinternal out-of-bounds read CVE-2016-5093. Integer Overflow in phphtmlentities CVE-2016-5094. Integer underflow / arbitrary null write in fread/gzread CVE-2016-5096. The php package has been updated to version 5.6.22, whic...

8.6CVSS4.6AI score0.05487EPSS
Exploits2References2
Mageia
Mageia
•added 2016/05/20 11:38 a.m.•55 views

Updated expat packages fix security vulnerability

Gustavo Grieco discovered that Expat does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially...

9.8CVSS2.7AI score0.13335EPSS
Exploits3References2
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•55 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...

10CVSS3.9AI score0.04692EPSS
Exploits0References6
Mageia
Mageia
•added 2015/07/27 9:53 a.m.•55 views

Updated mariadb package fixes security vulnerabilities

The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled CVE-2015-3152. The Mageia 4 update...

5.9CVSS6.4AI score0.07083EPSS
Exploits1References5
Mageia
Mageia
•added 2015/02/17 6:38 p.m.•55 views

Updated patch packages fix security vulnerabilities

Updated patch package fixes security vulnerabilities: It was reported that a crafted diff file can make patch eat memory and later segfault CVE-2014-9637. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could...

7.8CVSS6.5AI score0.11199EPSS
Exploits1References3
Mageia
Mageia
•added 2015/01/19 4:47 p.m.•55 views

Updated file packages fix security vulnerabilities

Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers CVE-2014-9620, CVE-2014-9621. As part of...

5CVSS7.5AI score0.04683EPSS
Exploits0References3
Total number of security vulnerabilities5000