Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2023/01/24 7:58 a.m.•114 views

Updated virtualbox packages fix security vulnerability

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. CVE-2023-21884 Unauthenticated attacker with network access via multiple protocols to compromise Oracle VM...

8.1CVSS5.2AI score0.01205EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•114 views

Updated compat-openssl10 packages fix security vulnerabilities

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

5.9CVSS6.3AI score0.06968EPSS
Exploits3References6
Mageia
Mageia
•added 2019/08/12 9:8 p.m.•114 views

Updated kernel packages fix security vulnerabilities

This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An...

5.6CVSS0.9AI score0.04521EPSS
Exploits5References10
Mageia
Mageia
•added 2014/05/14 10:13 p.m.•113 views

Updated struts packages fix CVE-2014-0114

Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...

7.5CVSS9.2AI score0.95821EPSS
Exploits4References2
Mageia
Mageia
•added 2021/05/19 7:29 p.m.•112 views

Updated libxml2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Use-after-free in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3516 Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3517 Use-after-free in xmlXIncludeDoProcess in xinclude.c. CVE-2021-3518 NULL pointer...

8.8CVSS8.3AI score0.0828EPSS
Exploits1References4
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•111 views

Updated docker packages fix security vulnerability

Server side request forgery CVE-2022-29153 Bypass primary group restrictions due to a flaw in the supplementary group access setup CVE-2022-36109 Imported Nodes/Services Information leak in moby-engine. CVE-2022-3920...

7.5CVSS6.8AI score0.08519EPSS
Exploits0References7
Mageia
Mageia
•added 2022/01/18 3:43 p.m.•111 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.15 and fixes at least the following security issues: A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the...

7.8CVSS1.8AI score0.0193EPSS
Exploits7References7
Mageia
Mageia
•added 2026/05/04 4:5 p.m.•110 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.137 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

9.8CVSS6.2AI score0.96267EPSS
Exploits229References8
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•110 views

Updated samba packages fix security vulnerability

There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...

9.8CVSS1.2AI score0.06419EPSS
Exploits1References25
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•109 views

Updated nodejs packages fix security vulnerability

HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. CVE-2021-22959 HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing...

6.5CVSS0.4AI score0.02936EPSS
Exploits2References2
Mageia
Mageia
•added 2018/01/01 10:38 a.m.•109 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 2.4.14, which fixes several security vulnerabilities and other bugs which were corrected upstream...

9.8CVSS4AI score0.16437EPSS
Exploits6References1
Mageia
Mageia
•added 2014/08/25 8:44 a.m.•109 views

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...

4.3CVSS2AI score0.05844EPSS
Exploits0References3
Mageia
Mageia
•added 2024/01/08 10:12 a.m.•108 views

Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.1AI score0.9378EPSS
Exploits4References2
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•108 views

Updated radare2/rizin packages fix security vulnerability

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. CVE-2021-32613 A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS...

9.8CVSS2.3AI score0.01799EPSS
Exploits19References7
Mageia
Mageia
•added 2022/09/04 7:47 p.m.•108 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 105 branch with the 105.0.5195.102 version, fixing many bugs and 25 vulnerabilities. Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. Some of the addressed CVE are listed below: High CVE-2022-3075:...

9.6CVSS0.3AI score0.24738EPSS
Exploits1References4
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•108 views

Updated python-ujson packages fix security vulnerability

Add support for arbitrary size integers. Replace 'wchart' string decoding implementation with a 'uint32t'-based one; fix handling of surrogates on decoding CVE-2022-31116 Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized -...

7.5CVSS3AI score0.02283EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/23 10:5 a.m.•108 views

Updated tomcat packages fix security vulnerability

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. CVE-2021-30640 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not...

7.5CVSS7AI score0.75353EPSS
Exploits1References8
Mageia
Mageia
•added 2022/04/15 9:35 p.m.•107 views

Updated libarchive packages fix security vulnerability

7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in readchildren. RARv4 redaer: fix multiple issues in RARv4 filter code introduced in libarchive 3.6.0: - fix heap use after free in archivereadformatrarreaddata;...

6.5CVSS1.1AI score0.01877EPSS
Exploits1References3
Mageia
Mageia
•added 2020/01/28 11:32 a.m.•107 views

Updated python-pip packages fix security vulnerabilities

Updated python-pip packages fix security vulnerabilities: The python-pip package bundles a copy of python-urllib3, which was affected by security issues. The bundled copy was updated to fix these issues CVE-2019-11324, CVE-2019-11236...

7.5CVSS8.5AI score0.02813EPSS
Exploits1References3
Mageia
Mageia
•added 2024/03/13 11:14 p.m.•106 views

Updated java-17-openjdk packages fix security vulnerabilities

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

7.5CVSS7.5AI score0.014EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•106 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a...

8.2CVSS1.6AI score0.02972EPSS
Exploits7References7
Mageia
Mageia
•added 2022/04/22 5:7 p.m.•106 views

Updated git packages fix security vulnerability

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in /tmp, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs 'git status' or 'git diff' and navigating to a directory which ...

7.8CVSS0.9AI score0.00782EPSS
Exploits0References4
Mageia
Mageia
•added 2022/01/21 9:41 p.m.•106 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.15.16 and fixes at least the following security issue: William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local...

8.4CVSS4AI score0.25151EPSS
Exploits11References2
Mageia
Mageia
•added 2022/04/18 8:0 p.m.•105 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 100.0.4896.127 version, fixing many CVE, along with fixes from the 100.0.4896.75 and 100.0.4896.88 versions. Google is aware that an exploit for CVE-2022-1364 exists in the wild. 1315901 High CVE-2022-1364: Type Confusion in V8. Reported...

9.6CVSS0.3AI score0.16488EPSS
Exploits14References5
Mageia
Mageia
•added 2021/07/25 2:45 p.m.•105 views

Updated redis package fixes security vulnerabilities

An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution CVE-2021-29477. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially...

8.8CVSS5.9AI score0.31049EPSS
Exploits0References6
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•105 views

Updated kernel packages fix security vulnerabilities

This update is based on the upstream 5.6.8 kernel and fixes at least the following security issues: usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a referenceCVE-2020-12464. An issue was discovered in the Linux...

7.2CVSS0.4AI score0.00802EPSS
Exploits2References3
Mageia
Mageia
•added 2017/08/08 8:24 p.m.•105 views

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.1.26 maintenance release, fixing security and other issues: This Critical Patch Update contains 14 new unspcified security fixes for Oracle VM VirtualBox. According to currently known info, none of these vulnerabilities may be remotely exploitable without...

8.8CVSS1.9AI score0.01643EPSS
Exploits7References2
Mageia
Mageia
•added 2025/05/01 4:42 p.m.•104 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.87 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

8.8CVSS7.4AI score0.00571EPSS
Exploits0References10
Mageia
Mageia
•added 2024/02/15 6:36 p.m.•104 views

Updated bind packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. CVE-2023-4408 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. CVE-2023-5517 Enabling both DNS64 and serve-stale may cause an assertion...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References7
Mageia
Mageia
•added 2023/01/22 8:39 p.m.•104 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the...

8CVSS7.6AI score0.71737EPSS
Exploits3References8
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•104 views

Updated php packages fix security vulnerability

Core Fixed bug GH-9323 Crash in ZENDRETURN/GC/zendcallfunction Fixed bug GH-9361 Segmentation fault on script exit 9379. Fixed bug GH-9407 LSP error in eval'd code refers to wrong class for static type. Fixed bug 81727: Don't mangle HTTP variable names that clash with ones that have a specific...

6.5CVSS6.4AI score0.49336EPSS
Exploits2References2
Mageia
Mageia
•added 2022/07/20 8:24 p.m.•104 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and Networ...

7.8CVSS1.2AI score0.05451EPSS
Exploits10References9
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•103 views

Updated apache packages fix security vulnerability

SECURITY: CVE-2022-23943: modsed: Read/write beyond bounds. Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. Credits: Ronald Crane Zippenhop LLC SECURITY: CVE-2022-22721: core: Possible buffer...

9.8CVSS9.4AI score0.69803EPSS
Exploits0References4
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•103 views

Updated libxml2 packages fix security vulnerability

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308...

7.5CVSS2.9AI score0.0601EPSS
Exploits0References2
Mageia
Mageia
•added 2021/03/04 12:26 p.m.•103 views

Updated nonfree firmware packages fix security vulnerability

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes at least the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a...

3.1CVSS0.2AI score0.07709EPSS
Exploits7References1
Mageia
Mageia
•added 2019/10/29 2:54 p.m.•103 views

Updated php and pcre2 packages fix security vulnerabilities

Updated php and pcre2 packages fix security vulnerabilities: - FPM 78599 envpathinfo underflow in fpmmain.c can lead to RCE. CVE-2019-11043 - MBString 78633 Heap buffer overflow read in mberegi. - Mysqlnd 78525 Memory leak in pdo when reusing native prepared statements. - PCRE 78272 calling...

9.8CVSS1.2AI score0.9947EPSS
Exploits54References3
Mageia
Mageia
•added 2024/03/23 1:0 a.m.•102 views

Updated python python3 packages fix security vulnerabilities

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

9.8CVSS7.4AI score0.20459EPSS
Exploits8References8
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•102 views

Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

8.6CVSS3.9AI score0.15014EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•101 views

Updated heimdal packages fix security vulnerability

Heimdal was not properly handling logical conditions that related to memory management operations. An attacker could possibly use this issue to cause a denial of service. CVE-2022-3116...

7.5CVSS2.8AI score0.00885EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•101 views

Updated grub2 packages fix security vulnerabilities

All CVEs below are against the SecureBoot functionality in GRUB2. We do not ship this as part of Mageia. Therefore, we ship an updated grub2 package to 2.06 for Mageia 8 fixing upstream bugfixes. A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and...

8.2CVSS8.7AI score0.01738EPSS
Exploits1References6
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•101 views

Updated systemd packages fix a security vulnerability

A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw...

6.7CVSS3.3AI score0.00464EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•101 views

Updated python and python3 packages fix security vulnerabilities

It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service CVE-2019-9674. It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this...

7.5CVSS7.3AI score0.12826EPSS
Exploits3References8
Mageia
Mageia
•added 2023/11/09 12:55 p.m.•100 views

Updated zlib packages fix a security vulnerability

The updated packages fix a security vulnerability: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. CVE-2023-45853...

9.8CVSS7.8AI score0.02918EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/27 9:49 p.m.•100 views

Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST cve.mitre.org When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were n...

7.5CVSS7.5AI score0.70595EPSS
Exploits1References2
Mageia
Mageia
•added 2023/06/08 7:34 p.m.•100 views

Updated openssl packages fix security vulnerability

Possible DoS translating ASN.1 object identifiers. CVE-2023-2650...

6.5CVSS7.1AI score0.73461EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/02 4:56 p.m.•99 views

Updated kernel, kmod-xtables-addons. kmod-virtualbox, kernel-firmware & kernel-firmware-nonfree radeon-firmware packages fix security vulnerabilities

Upstream kernel version 6.6.58 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

9.1CVSS7.3AI score0.01367EPSS
Exploits2References7
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•99 views

Updated git packages fix security vulnerability

By feeding specially crafted input to 'git apply --reject', a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch. CVE-2023-25652. When Git is compiled with runtime prefix support and runs without translated...

7.8CVSS7.4AI score0.52164EPSS
Exploits2References3
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•99 views

Updated apache packages fix security vulnerability

CVE-2022-37436: Apache HTTP Server: modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers ha...

9CVSS7.5AI score0.57941EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•99 views

Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS1.5AI score0.01342EPSS
Exploits0References5
Mageia
Mageia
•added 2022/06/13 8:44 p.m.•99 views

Updated apache packages fix security vulnerability

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

9.8CVSS0.5AI score0.19008EPSS
Exploits2References3
Total number of security vulnerabilities5000