Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2015/07/05 5:22 p.m.54 views

Updated chromium-browser package fixes security vulnerability

A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...

5CVSS9.2AI score0.02306EPSS
Exploits1References3
Mageia
Mageia
added 2015/05/13 3:54 p.m.54 views

Updated qemu packages fix CVE-2015-3456

Updated qemu packages fix security vulnerability: An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller FDC handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially,...

7.7CVSS7.8AI score0.15275EPSS
Exploits1References2
Mageia
Mageia
added 2015/04/09 10:44 p.m.55 views

Updated batik packages fix security vulnerabilities

Updated batik packages fix security vulnerability: Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary fil...

6.4CVSS8.8AI score0.16564EPSS
Exploits1References3
Mageia
Mageia
added 2015/04/03 1:11 p.m.54 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.8AI score0.67135EPSS
Exploits3References8
Mageia
Mageia
added 2014/12/31 12:28 p.m.54 views

Updated couchdb packages fix CVE-2010-5312

Updated couchdb packages fix security vulnerability: Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option CVE-2010-5312. The embedded copy of jQuery UI in...

6.1CVSS2.8AI score0.18351EPSS
Exploits1References2
Mageia
Mageia
added 2014/12/13 8:16 p.m.54 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server...

5.4CVSS6.4AI score0.13451EPSS
Exploits0References3
Mageia
Mageia
added 2014/11/21 12:44 p.m.54 views

Updated qemu packages fix security vulnerabilities

The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileg...

7.2CVSS8.3AI score0.03742EPSS
Exploits0References5
Mageia
Mageia
added 2014/06/18 5:55 p.m.54 views

Updated musl package fixes CVE-2014-3484

Updated musl package fixes security vulnerability: A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo,...

9.8CVSS9.4AI score0.02204EPSS
Exploits0References2
Mageia
Mageia
added 2014/06/06 2:33 p.m.54 views

Updated tor packages fix multiple vulnerabilities

Update to version 0.2.4.22 which solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL CVE-2014-0160. - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. -...

7.5CVSS7.9AI score0.99999EPSS
Exploits88References2
Mageia
Mageia
added 2014/05/14 10:2 p.m.54 views

Updated php packages fix CVE-2014-0185

Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user CVE-2014-0185. Additionally updated...

7.2CVSS7.5AI score0.00505EPSS
Exploits1References5
Mageia
Mageia
added 2014/04/30 2:31 p.m.54 views

Updated flash-player-plugin package fixes CVE-2014-0515

Adobe Flash Player 11.2.202.356 contains a fix to a critical security vulnerability found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a buffer overflow vulnerability that could result in arbitrary code execution...

10CVSS7.6AI score0.94569EPSS
Exploits9References2
Mageia
Mageia
added 2014/04/08 12:49 p.m.54 views

Updated openssh packages fix CVE-2014-2653

Updated openssh packages fix security vulnerability: Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a...

6.5CVSS6.1AI score0.01988EPSS
Exploits1References2
Mageia
Mageia
added 2014/04/03 12:43 a.m.54 views

Updated php-ZendFramework packages fix multiple vulnerabilities

Updated php-ZendFramework packages fix security vulnerabilities: XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform oth...

7.5CVSS9.6AI score0.02802EPSS
Exploits0References6
Mageia
Mageia
added 2013/08/22 6:13 p.m.54 views

Updated python-django packages fix CVE-2013-4249

Updated python-django package fixes security vulnerability: The issafeurl function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript. CVE-2013-42...

4.3CVSS0.4AI score0.0288EPSS
Exploits2References2
Mageia
Mageia
added 2013/08/22 5:58 p.m.54 views

Updated python3, bzr and some python packages fix security vulnerabilties

Updated python3 packages fix security vulnerabilities: A denial of service flaw was found in the way SSL module implementation of Python 3 performed matching of the certificate's name in the case it contained many '' wildcard characters. A remote attacker, able to obtain valid certificate with it...

4.3CVSS0.9AI score0.05347EPSS
Exploits1References6
Mageia
Mageia
added 2013/07/29 2:2 p.m.54 views

Updated bind package fixes security vulnerability

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...

7.8CVSS5.8AI score0.3415EPSS
Exploits1References5
Mageia
Mageia
added 2013/06/26 6:9 p.m.54 views

Updated ffmpeg packages fix several security vulnerabilities

ffmpeg prior to 1.1.5 contains several security vulnerabilities CVE-2013-3671: The formatline function in log.c in libavutil uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service invalid pointer dereference and application...

4.3CVSS5.4AI score0.02054EPSS
Exploits0References1
Mageia
Mageia
added 2025/02/24 6:29 p.m.53 views

Updated neomutt packages fix security vulnerabilities

The To and Cc email header fields are not protected by cryptographic signing. CVE-2024-49393 The In-reply-to email header field is not protected by cryptographic signing. CVE-2024-49394...

6.5CVSS7.3AI score0.00331EPSS
Exploits0References2
Mageia
Mageia
added 2024/10/27 2:37 a.m.53 views

Updated redis packages fix security vulnerabilities

An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. CVE-2024-31227 Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported...

8.8CVSS8.2AI score0.04488EPSS
Exploits1References2
Mageia
Mageia
added 2024/09/27 1:30 a.m.53 views

Updated python3 packages fix security vulnerabilities

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

8.7CVSS7.1AI score0.02507EPSS
Exploits4References8
Mageia
Mageia
added 2024/06/24 7:4 p.m.53 views

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 High CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel on 2024-05-31 High CVE-2024-6102: Out of bounds memory acces...

8.8CVSS7.5AI score0.01123EPSS
Exploits0References2
Mageia
Mageia
added 2024/06/15 11:7 p.m.53 views

Updated nss & firefox packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...

8.6CVSS7.9AI score0.0107EPSS
Exploits1References4
Mageia
Mageia
added 2024/05/21 11:38 p.m.53 views

Updated thunderbird packages fix security vulnerabilities

Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...

8.8CVSS8AI score0.72648EPSS
Exploits18References3
Mageia
Mageia
added 2024/03/31 3:27 a.m.53 views

Updated microcode packages fix security vulnerabilities

Protection mechanism failure in some 3rd and 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-22655 Information exposure through microarchitectural state after transient...

6.5CVSS7.8AI score0.0075EPSS
Exploits0References3
Mageia
Mageia
added 2024/02/28 5:47 a.m.53 views

Updated c-ares packages fix security vulnerabilities

The updated packages fix a security vulnerability: Out of bounds read in aresreadline. CVE-2024-25629...

5.5CVSS6.7AI score0.00349EPSS
Exploits0References1
Mageia
Mageia
added 2024/02/19 5:35 p.m.53 views

Updated ruby-rack fixes a vulnerability and some bugs

This update to 2.2.8 fixes CVE-2023-27539 and some bugs...

5.3CVSS7.4AI score0.01063EPSS
Exploits0References3
Mageia
Mageia
added 2023/11/29 9:0 p.m.53 views

Updated docker packages fix security vulnerabilities and bugs

This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed /etc/sysconfig/docker-storage - Fix CVE-2023-26054 and CVE-2023-28840-2...

8.7CVSS7.1AI score0.02733EPSS
Exploits3References10
Mageia
Mageia
added 2023/10/20 8:34 a.m.53 views

Updated libxpm packages fix security vulnerabilities

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system. CVE-2023-43788 Out of bounds read on XPM with corrupted colormap...

5.5CVSS6.6AI score0.00365EPSS
Exploits0References2
Mageia
Mageia
added 2023/05/31 6:41 a.m.53 views

Updated tomcat packages fix security vulnerability

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

7.5CVSS6.9AI score0.51547EPSS
Exploits1References2
Mageia
Mageia
added 2023/05/21 8:42 a.m.53 views

Updated libssh packages fix security vulnerability

Potential NULL dereference during rekeying with algorithm guessing. CVE-2023-1667 Authorization bypass in pkiverifydatasignature. CVE-2023-2283...

6.5CVSS7.1AI score0.01314EPSS
Exploits2References5
Mageia
Mageia
added 2023/03/24 5:55 a.m.53 views

Updated vim packages fix security vulnerability

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1127 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. CVE-2023-1170 Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVE-2023-1175...

7.8CVSS7.2AI score0.00483EPSS
Exploits3References3
Mageia
Mageia
added 2022/10/01 5:48 p.m.53 views

Updated expat packages fix security vulnerability

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674...

8.1CVSS2.2AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
added 2022/10/01 5:48 p.m.53 views

Updated thunderbird packages fix security vulnerability

Improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properlyCVE-2022-39236 Too permissive key forwarding strategy allowing impersonation CVE-2022-39249 Trusting/verifying the user identity under the control of the homeserver instead of the intended one...

8.6CVSS3.7AI score0.01001EPSS
Exploits0References3
Mageia
Mageia
added 2022/09/10 8:26 p.m.53 views

Updated gstreamer1.0-plugins-good packages fix security vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2022-1920, CVE-2022-1921 It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this...

7.8CVSS8AI score0.00465EPSS
Exploits7References7
Mageia
Mageia
added 2022/09/02 7:59 p.m.53 views

Updated ytnef packages fix security vulnerability

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service and potentially code execution due to a double free which can be triggered via a crafted file. CVE-2021-3403 In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote...

7.8CVSS6.3AI score0.0193EPSS
Exploits2References2
Mageia
Mageia
added 2022/08/29 5:7 a.m.53 views

Updated thunderbird packages fix security vulnerability

Address bar spoofing via XSLT error handling CVE-2022-38472 Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-38473 Memory safety bugs. CVE-2022-38478...

8.8CVSS1.8AI score0.00905EPSS
Exploits0References3
Mageia
Mageia
added 2022/05/02 7:44 p.m.53 views

Updated curl packages fix security vulnerability

OAUTH2 bearer bypass in connection re-use. CVE-2022-22576 Credential leak on redirect. CVE-2022-27774 Bad local IPv6 connection reuse. CVE-2022-27775 Auth/cookie leak on redirect. CVE-2022-27776...

8.1CVSS2.2AI score0.03425EPSS
Exploits4References6
Mageia
Mageia
added 2022/05/02 7:44 p.m.53 views

Updated chromium-browser-stable packages fix security vulnerability

Use after free in Vulkan. CVE-2022-1477 Use after free in SwiftShader. CVE-2022-1478 Use after free in ANGLE. CVE-2022-1479 Use after free in Sharing. CVE-2022-1481 Inappropriate implementation in WebGL. CVE-2022-1482 Heap buffer overflow in WebGPU. CVE-2022-1483 Heap buffer overflow in Web UI...

8.8CVSS1.1AI score0.0105EPSS
Exploits23References2
Mageia
Mageia
added 2022/04/09 9:20 p.m.53 views

Updated python-paramiko packages fix security vulnerability

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure. CVE-2022-24302...

5.9CVSS2.6AI score0.0208EPSS
Exploits1References2
Mageia
Mageia
added 2022/03/11 8:51 a.m.53 views

Updated thunderbird packages fix security vulnerabilities

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash CVE-2022-26381. When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification CVE-2022-26383. If an attacker coul...

9.6CVSS1.5AI score0.00931EPSS
Exploits4References3
Mageia
Mageia
added 2021/12/30 4:41 p.m.53 views

Updated calibre packages fix security vulnerability

ReDoS vulnerability in htmlpreprocessrules in ebooks/conversion/preprocess.py...

7.5CVSS2.1AI score0.04986EPSS
Exploits1References2
Mageia
Mageia
added 2021/11/25 1:6 p.m.53 views

Updated postgresql packages fix security vulnerability

Server processes unencrypted bytes from man-in-the-middle. CVE-2021-23214 libpq processes unencrypted bytes from man-in-the-middle. CVE-2021-23222...

8.1CVSS2.1AI score0.01901EPSS
Exploits0References2
Mageia
Mageia
added 2021/10/13 7:39 p.m.53 views

Updated python-mpmath packages fix security vulnerability

Fix CVE-2021-29063 regular expression denial of service...

7.5CVSS3.4AI score0.041EPSS
Exploits1References3
Mageia
Mageia
added 2021/07/08 10:43 p.m.53 views

Updated redis package fixes a security vulnerability

It was discovered that there were a number of integer overflow issues in Redis. It is currently believed that the issues only affect 32-bit based systems CVE-2021-21309...

8.8CVSS3.2AI score0.047EPSS
Exploits0References2
Mageia
Mageia
added 2021/06/29 5:31 p.m.53 views

Updated openvpn packages fix a security vulnerability

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks CVE-2020-15078...

7.5CVSS5.6AI score0.05107EPSS
Exploits0References3
Mageia
Mageia
added 2021/06/23 5:11 p.m.53 views

Updated xscreensaver packages fix security vulnerability

An issue allowing to cause crash and locked screen bypass CVE-2021-34557...

4.6CVSS2AI score0.0048EPSS
Exploits1References3
Mageia
Mageia
added 2021/04/12 7:59 p.m.53 views

Updated pdfbox packages fix security vulnerabilities

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox Apache PDFBox version 2.0.22 and prior 2.0.x versions CVE-2021-27807. A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects...

5.5CVSS3.8AI score0.03337EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/22 11:50 p.m.53 views

Updated undertow packages fix security vulnerability

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling CVE-2020-10719...

6.5CVSS2.3AI score0.01005EPSS
Exploits0References2
Mageia
Mageia
added 2020/12/17 1:10 p.m.53 views

Updated bitcoin packages fix security vulnerabilities

Multiple vulnerabilities have been discovered in Bitcoin. In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their privat...

7.5CVSS2.7AI score0.03389EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/10 3:20 p.m.53 views

Updated openldap packages fix a security vulnerability

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet CVE-2020-25692. Also, the PID file path in the systemd service was fixed to...

7.5CVSS2AI score0.02183EPSS
Exploits0References3
Total number of security vulnerabilities5000