Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2022/03/21 8:18 p.m.•52 views

Updated python-django/python-asgiref packages fix security vulnerability

The % debug % template tag didn't properly encode the current context posing an XSS attack vector CVE-2022-22818. Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service CVE-2022-23833. The python-django update necessitated a...

7.5CVSS2.7AI score0.49246EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•52 views

Updated bind packages fix security vulnerability

DNS forwarders - cache poisoning vulnerability. CVE-2021-25220...

6.8CVSS7.4AI score0.0325EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/10 10:19 p.m.•52 views

Updated opencontainers-runc packages fix security vulnerability

It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have so...

6CVSS3AI score0.01663EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•52 views

Updated libslirp packages fix security vulnerability

Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootpinput function while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory fr...

3.8CVSS2.5AI score0.00326EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•52 views

Updated jasper packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened CVE-2021-3443. A NULL pointer dereference fl...

5.5CVSS2.7AI score0.00762EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/21 10:43 a.m.•52 views

Updated glibc packages fixes security vulnerabilities

Updated glibc packages fix a security vulnerabilities: The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead t...

7.5CVSS2.4AI score0.03093EPSS
Exploits1References1
Mageia
Mageia
•added 2021/02/28 11:16 p.m.•52 views

Updated nodejs packages fix security vulnerabilities

Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. Upgrade from Mageia 7 to 8 problem fixed...

7.8CVSS2.6AI score0.77385EPSS
Exploits1References5
Mageia
Mageia
•added 2020/11/10 3:20 p.m.•52 views

Updated openldap packages fix a security vulnerability

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet CVE-2020-25692. Also, the PID file path in the systemd service was fixed to...

7.5CVSS2AI score0.02183EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•52 views

Updated squid packages fix security vulnerability

Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates. This attack is limited to Squid built with OpenSSL features and opening peer or server connections for HTTPS traffic an...

7.5CVSS0.9AI score0.04408EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•52 views

Updated thunderbird packages fix security vulnerability

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection CVE-2020-12398. When browsing a malicious page, a race condition in our...

9.3CVSS0.4AI score0.03034EPSS
Exploits2References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•52 views

Updated microcode packages fix security vulnerability

Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 Cleanup errors in some IntelR Processors may allow an authenticated user to potentially enable...

5.5CVSS3.9AI score0.00587EPSS
Exploits0References6
Mageia
Mageia
•added 2020/07/05 11:26 a.m.•52 views

Updated tomcat packages fix security vulnerability

Updated tomcat packages fix security vulnerability: When using Apache Tomcat versions 9.0.0.M1 to 9.0.34, if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the PersistenceManager ...

7CVSS4.5AI score0.56636EPSS
Exploits15References2
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•52 views

Updated http-parser packages fix security vulnerability

http-parser has been updated to fix a security issue. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed VE-2019-15605...

9.8CVSS9.3AI score0.57132EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•52 views

Updated libmediainfo packages fix security vulnerabilities

Out-of-bounds read in function MediaInfoLib:FileTagsHelper:SynchedTest CVE-2019-11372. Out-of-bounds read in function FileAnalyze:GetL8 CVE-2019-11373...

6.5CVSS3.2AI score0.02503EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•52 views

Updated samba packages fix security vulnerabilities

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...

6.5CVSS1.7AI score0.03151EPSS
Exploits0References6
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•52 views

Updated upx packages fix security vulnerability

The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an...

7.8CVSS7.4AI score0.01803EPSS
Exploits2References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•52 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code CVE-2019-10218. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full passwor...

6.5CVSS1.7AI score0.03515EPSS
Exploits1References4
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•52 views

Updated unbound packages fix security vulnerability

Updated unbound package to version 1.9.5 to fix a potential security vulnerability. In case users recompiled the Mageia package with --enable-ipsecmod, and ipsecmod is enabled and used in the configuration, shell code execution would end up being possible after receiving a specially crafted answe...

7.3CVSS4.7AI score0.03212EPSS
Exploits1References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•52 views

Updated libssh2 packages fix security vulnerability

The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be...

8.1CVSS2.8AI score0.03793EPSS
Exploits1References5
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•52 views

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerability: Daniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify, resulting in denial of service CVE-2019-17596...

7.5CVSS2.6AI score0.04693EPSS
Exploits1References3
Mageia
Mageia
•added 2019/10/23 9:6 p.m.•52 views

Updated bind packages fix security vulnerabilities

Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective CVE-2018-5743 Race condition when discarding malformed packets can cause bind to exit with assertion failure CVE-2019-6471 In addition to those two security issues, this package releases also fixes...

7.5CVSS1.3AI score0.06404EPSS
Exploits0References3
Mageia
Mageia
•added 2019/09/21 11:7 a.m.•52 views

Updated thunderbird packages fix security vulnerabilities

The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. CVE-2019-11739 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. CVE-2019-11740...

9.3CVSS1.9AI score0.0216EPSS
Exploits1References3
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•52 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression CVE-2019-13224. A NULL...

9.8CVSS5.9AI score0.04047EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/22 1:8 a.m.•52 views

Updated libreoffice packages fix security vulnerability

Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document CVE-2018-16858. The libreoffice package has been updated to version 6.1.5.2, fixing this issue, and including several other bug fixes and...

9.8CVSS1.6AI score0.67547EPSS
Exploits10References3
Mageia
Mageia
•added 2019/01/15 10:15 p.m.•52 views

Updated libvncserver & x11vnc packages fix security vulnerabilities

A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity CVE-2018-6307. A heap use-after-free vulnerability in the server code of the file transfer extension,...

9.8CVSS2.2AI score0.26543EPSS
Exploits0References6
Mageia
Mageia
•added 2018/10/26 6:47 p.m.•52 views

Updated lilypond packages fix security vulnerability

lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...

8.8CVSS5.6AI score0.02109EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•52 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named...

7.5CVSS1.3AI score0.59353EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/13 7:1 p.m.•52 views

Updated cantata packages fix security vulnerability

The mount target path check in mounter.cpp 'mpOk' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components CVE-2018-12559. Arbitrary unmounts can be performed by regular users the same way CVE-2018-12560. A regul...

9.8CVSS1.6AI score0.02068EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/11 9:7 p.m.•52 views

Updated graphviz packages fix security vulnerability

NULL pointer dereference vulnerability in the rebuildvlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service application crash via a crafted file. CVE-2018-10196...

5.5CVSS5.3AI score0.01719EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/15 1:33 p.m.•52 views

Updated firefox packages fix security vulnerability

Memory safety bugs fixed in Firefox ESR 52.7 CVE-2018-5125. Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5127. Out-of-bounds write with malformed IPC messages CVE-2018-5129. Mismatched RTP payload type can trigger memory corruption CVE-2018-5130. Fetch API improperly returns cach...

9.8CVSS1.4AI score0.08024EPSS
Exploits3References5
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•52 views

Updated jackson-databind packages fix security vulnerability

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper CVE-2017-17485. A flaw was found in FasterXML jackson-databind which allows unauthenticate...

9.8CVSS3.5AI score0.49727EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/21 9:31 p.m.•52 views

Updated golang packages fix security vulnerabilities

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side CVE-2017-15041. It w...

9.8CVSS2.5AI score0.08944EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•52 views

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

10CVSS3AI score0.23694EPSS
Exploits7References9
Mageia
Mageia
•added 2017/10/30 7:23 p.m.•52 views

Updated rpm package fixes security vulnerabilities

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory ...

7.8CVSS1AI score0.00415EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/05 8:37 p.m.•52 views

Updated rawtherapee packages fix security vulnerabilities

It was discovered that rawtherapee had a floating point exception in the kodakradcloadraw function in dcraw.cc CVE-2017-13735. It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c CVE-2017-14348. It was discovered that...

9.8CVSS4.1AI score0.04336EPSS
Exploits0References7
Mageia
Mageia
•added 2017/09/01 9:10 p.m.•52 views

Updated botan packages fix security vulnerabilities

While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are like...

9.8CVSS3.2AI score0.01978EPSS
Exploits2References4
Mageia
Mageia
•added 2017/08/20 8:48 a.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to cod...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.7AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/07/13 9:10 a.m.•52 views

Updated nodejs packages fix security vulnerability

Node.js has a defect that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead on an HTTP response, a new-line character may be used to inject additional responses CVE-2016-5325. The tls.checkServerIdentity function in...

6.1CVSS6.5AI score0.04093EPSS
Exploits0References5
Mageia
Mageia
•added 2017/05/26 6:54 a.m.•52 views

Updated kernel-linus packages fixes security vulnerabilities

This kernel-linus update is based on upstream 4.4.68 and fixes at least the following security issues: fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and...

10CVSS4.2AI score0.17827EPSS
Exploits23References10
Mageia
Mageia
•added 2017/05/25 2:37 p.m.•52 views

Updated samba packages fix security vulnerability

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process CVE-2016-2126. Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this...

10CVSS2.6AI score0.99448EPSS
Exploits27References8
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•52 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption CVE-2016-9899. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript CVE-2016-9895. Memory corruption...

9.8CVSS7.2AI score0.21401EPSS
Exploits11References4
Mageia
Mageia
•added 2016/08/09 8:58 a.m.•52 views

Updated openntpd/busybox packages fix security vulnerability

The busybox NTP implementation doesn't check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of...

7.8CVSS2AI score0.08894EPSS
Exploits5References2
Mageia
Mageia
•added 2016/07/31 8:39 p.m.•52 views

Updated kernel packages fix security vulnerability

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS3.9AI score0.15073EPSS
Exploits16References4
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•52 views

Updated docker/golang packages fix security vulnerability

Manipulated layer IDs could have lead to local graph poisoning CVE-2014-8178. Manifest validation and parsing logic errors allowed pull-by-digest validation bypass CVE-2014-8179. To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to...

7.5CVSS6.4AI score0.02733EPSS
Exploits0References4
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•52 views

Updated firefox package fixes security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...

10CVSS6.9AI score0.9986EPSS
Exploits2References15
Mageia
Mageia
•added 2015/05/27 4:57 p.m.•52 views

Updated kernel-linus packages fix security vulnerabilities and bugs

Updated kernel-linus fixes security, critical data corruption and pdata loss issues This kernel-linus update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4...

7.2CVSS8AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/04/03 1:11 p.m.•52 views

Updated python-django packages fix security vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonlyfields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected...

5CVSS5.9AI score0.05026EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•52 views

Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...

7.8CVSS7.7AI score0.00421EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•52 views

Updated boinc-client packages fix security vulnerability

Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing BOINC client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when...

9.3CVSS2.4AI score0.02583EPSS
Exploits0References4
Total number of security vulnerabilities5000