Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2016/05/20 11:38 a.m.•55 views

Updated expat packages fix security vulnerability

Gustavo Grieco discovered that Expat does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially...

9.8CVSS2.7AI score0.13335EPSS
Exploits3References2
Mageia
Mageia
•added 2016/04/29 5:21 p.m.•55 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2805,...

10CVSS3.9AI score0.04692EPSS
Exploits0References6
Mageia
Mageia
•added 2014/11/26 10:14 a.m.•55 views

Updated clamav packages fix security vulnerabilities

Certain javascript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file CVE-2014-9050. ClamAV has been updated to version 0.98.5 to address these...

5CVSS6.9AI score0.04878EPSS
Exploits1References5
Mageia
Mageia
•added 2014/09/15 10:36 a.m.•55 views

Updated glibc packages fix multiple security vulnerabilities

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes...

7.5CVSS8.6AI score0.18099EPSS
Exploits5References4
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•55 views

Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a craft...

6.8CVSS9.2AI score0.20237EPSS
Exploits1References4
Mageia
Mageia
•added 2014/08/05 8:8 p.m.•55 views

Updated file packages fix security vulnerability

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345...

5CVSS7.4AI score0.11814EPSS
Exploits1References3
Mageia
Mageia
•added 2014/07/26 1:9 p.m.•55 views

Updated ruby-actionpack packages fix security issues

Updated ruby-actionpack and ruby-activerecord packages fix security vulnerabilities: Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 4.0.5, when certain route globbing configurations are enabled, allows...

7.5CVSS7.1AI score0.53703EPSS
Exploits2References6
Mageia
Mageia
•added 2014/06/04 8:44 p.m.•55 views

Updated chkrootkit packages fix CVE-2014-0476 and a false positive

Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit usually root, allowing the attacker to escalate privileges CVE-2014-0476. The Mageia 3 update...

3.7CVSS6.1AI score0.03828EPSS
Exploits6References3
Mageia
Mageia
•added 2014/04/24 7:2 p.m.•55 views

Updated ruby-rails and associated packages fix multiple vulnerabilities

Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended CVE-2014-0080. There is an XSS vulnerability in th...

6.8CVSS6.6AI score0.04032EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/03 12:56 a.m.•55 views

Updated curl packages fix multiple vulnerabilities

Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user CVE-2014-0015. libcu...

6.4CVSS6.8AI score0.05599EPSS
Exploits1References5
Mageia
Mageia
•added 2013/11/22 7:6 p.m.•55 views

Updated kernel-vserver package fixes security vulnerabilites.

This kernel-vserver update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
•added 2013/07/06 2:25 p.m.•55 views

Updated kernel packages fix multiple security vulnerabilities

This kernel update provides the upstream 3.4.52 kernel and fixes the following security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

7.9CVSS3.7AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
•added 2013/07/01 7:16 p.m.•55 views

Updated otrs package fixes security vulnerabilities

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see CVE-2013-3551, CVE-2013-4088...

6.5CVSS3.9AI score0.02366EPSS
Exploits0References5
Mageia
Mageia
•added 2013/06/26 6:13 p.m.•55 views

Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

10CVSS1.7AI score0.98704EPSS
Exploits32References4
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•54 views

Updated htmldoc packages fix security vulnerabilities

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. CVE-2024-45508 HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681. CVE-2024-46478...

9.8CVSS7.9AI score0.00706EPSS
Exploits2References2
Mageia
Mageia
•added 2024/06/27 5:12 p.m.•54 views

Updated wget packages fix security vulnerability

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. CVE-2024-38428...

9.1CVSS7.1AI score0.00672EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/30 10:25 p.m.•54 views

Updated libarchive packages fix security vulnerability

Remote Code Execution Vulnerability. CVE-2024-26256...

7.8CVSS7.6AI score0.87784EPSS
Exploits0References1
Mageia
Mageia
•added 2024/04/13 4:56 p.m.•54 views

Updated rear packages fix security vulnerability

Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301...

5.5CVSS7.3AI score0.00291EPSS
Exploits1References1
Mageia
Mageia
•added 2024/04/01 7:50 p.m.•54 views

Updated w3m packages fix security vulnerabilities

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. CVE-2023-38252 An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an...

5.5CVSS6.6AI score0.00355EPSS
Exploits4References2
Mageia
Mageia
•added 2024/03/20 3:35 a.m.•54 views

Updated python-django package fixes a security vulnerability

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. CVE-2024-27351...

5.3CVSS6.7AI score0.01854EPSS
Exploits0References1
Mageia
Mageia
•added 2024/03/18 4:12 p.m.•54 views

Updated expat packages fix security vulnerabilities

It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. CVE-2023-52425, CVE-2024-28757...

7.5CVSS7.4AI score0.02006EPSS
Exploits2References2
Mageia
Mageia
•added 2024/03/06 4:53 p.m.•54 views

Updated wpa_supplicant packages fix security vulnerabilities

The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...

6.5CVSS7.4AI score0.01177EPSS
Exploits0References4
Mageia
Mageia
•added 2023/12/05 10:31 p.m.•54 views

Updated samba packages fix security vulnerabilities

This update fixes the security issues below. A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like...

9.8CVSS7.5AI score0.02409EPSS
Exploits1References3
Mageia
Mageia
•added 2023/12/01 11:54 a.m.•54 views

Updated xrdp packages fix security vulnerability

The updated packages fix a security vulnerability Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a...

6.5CVSS6.8AI score0.0063EPSS
Exploits0References2
Mageia
Mageia
•added 2023/11/15 11:35 a.m.•54 views

Updated freerdp packages fix security vulnerabilities

This issue affects Clients only: Integer underflow leading to DOS e.g. abort due to WINPRASSERT with default compilation flags. When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service DOS vulnerability...

9.8CVSS6.7AI score0.01432EPSS
Exploits10References2
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•54 views

Updated cadence packages fix security vulnerabilities

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. CVE-2023-43782 Cadence through 0.9.2 2023-08-21 uses...

7.5CVSS7.1AI score0.00614EPSS
Exploits2References2
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•54 views

Updated curl packages fix security vulnerability

TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...

9.8CVSS6AI score0.62246EPSS
Exploits11References16
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•54 views

Updated maven packages fix security vulnerability

No longer use http non-SSL repository references by default...

9.1CVSS7.1AI score0.08691EPSS
Exploits2References4
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•54 views

Updated libreoffice packages fix security vulnerability

Arbitrary File Write in hsqldb 1.8.0. CVE-2023-1183...

5.5CVSS7AI score0.65692EPSS
Exploits0References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•54 views

Updated x11-server packages fix security vulnerability

X.Org Server XkbGetKbdByName use-after-free. CVE-2022-4283 X.Org Server XTestSwapFakeInput stack overflow. CVE-2022-46340 X.Org Server XIPassiveUngrab out-of-bounds access. CVE-2022-46341 X.Org Server XvdiSelectVideoNotify use-after-free. CVE-2022-46342 X.Org Server ScreenSaverSetAttributes...

8.8CVSS8.4AI score0.02685EPSS
Exploits0References5
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•54 views

Updated wayland packages fix security vulnerability

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

6.6CVSS1.8AI score0.00297EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•54 views

Updated dhcp packages fix security vulnerability

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

6.5CVSS6.9AI score0.00664EPSS
Exploits0References5
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•54 views

Updated open-vm-tools packages fix security vulnerability

A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine CVE-2022-31676...

7.8CVSS2.7AI score0.0054EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•54 views

Updated net-snmp packages fix security vulnerability

A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. CVE-2022-24805 Buffer overflow and out of bounds memory access. CVE-2022-24806 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memo...

8.8CVSS2.6AI score0.01299EPSS
Exploits0References4
Mageia
Mageia
•added 2022/05/08 7:58 a.m.•54 views

Updated ruby-nokogiri packages fix security vulnerability

Fix for possible DOS by regex. CVE-2022-24836...

7.5CVSS1.9AI score0.03549EPSS
Exploits0References2
Mageia
Mageia
•added 2022/02/22 9:25 p.m.•54 views

Updated htmldoc packages fix security vulnerability

A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gifgetcode and occurs when opening a malicious GIF file, which can result in a crash segmentation fault. CVE-2022-0534...

5.5CVSS1.8AI score0.0094EPSS
Exploits1References2
Mageia
Mageia
•added 2022/01/16 8:39 p.m.•54 views

Updated thunderbird packages fix security vulnerability

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

10CVSS0.2AI score0.0134EPSS
Exploits6References4
Mageia
Mageia
•added 2021/12/02 4:49 p.m.•54 views

Updated bluez packages fix security vulnerability

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

9.1CVSS1.2AI score0.01544EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/02 6:57 p.m.•54 views

Updated apache-mod_auth_openidc packages fix security vulnerability

In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. CVE-2021-32786 In modauthopenidc before version 2.4.9, the AES GCM encrypti...

7.5CVSS2.6AI score0.02731EPSS
Exploits1References4
Mageia
Mageia
•added 2021/08/27 3:29 p.m.•54 views

Updated opencontainers-runc packages fix security vulnerability

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS5.8AI score0.06604EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•54 views

Updated tomcat packages fix security vulnerabilities

When responding to new h2c connection requests, Apache Tomcat versions 9.0.0.M1 to 9.0.41 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request CVE-2021-25122. The fix for...

7.5CVSS7.6AI score0.18114EPSS
Exploits15References6
Mageia
Mageia
•added 2021/05/04 8:40 p.m.•54 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...

7CVSS1.9AI score0.01071EPSS
Exploits1References4
Mageia
Mageia
•added 2021/03/21 10:43 a.m.•54 views

Updated glibc packages fixes security vulnerabilities

Updated glibc packages fix a security vulnerabilities: The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead t...

7.5CVSS2.4AI score0.03093EPSS
Exploits1References1
Mageia
Mageia
•added 2021/02/28 11:16 p.m.•54 views

Updated nodejs packages fix security vulnerabilities

Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. Upgrade from Mageia 7 to 8 problem fixed...

7.8CVSS2.6AI score0.77385EPSS
Exploits1References5
Mageia
Mageia
•added 2021/01/22 11:50 p.m.•54 views

Updated blosc packages fix a security vulnerability

A heap-based buffer overflow vulnerability was found in the blosc library. Depending on how the library is used, if there is a lack of space to write compressed data, an attacker might exploit this flaw to crash the program or potentially execute arbitrary code CVE-2020-29367...

9.3CVSS3.7AI score0.01176EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•54 views

Updated bind packages fix security vulnerability

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability CVE-2020-8622. A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are...

6.5CVSS6.5AI score0.05545EPSS
Exploits0References4
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•54 views

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

7.2CVSS3.3AI score0.01109EPSS
Exploits1References3
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•54 views

Updated libvirt packages fix security vulnerability

A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...

7.2CVSS2.4AI score0.00529EPSS
Exploits0References3
Mageia
Mageia
•added 2020/11/21 12:21 p.m.•54 views

Updated tcpdump package fixes a security vulnerability

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037...

7.5CVSS7.2AI score0.03071EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/24 5:51 p.m.•54 views

Updated nss and firefox packages fix security vulnerabilities

Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

9.8CVSS1.2AI score0.03854EPSS
Exploits0References4
Total number of security vulnerabilities5000