Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2021/10/12 6:56 a.m.•52 views

Updated libreoffice packages fix security vulnerability

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

7.5CVSS4.1AI score0.00709EPSS
Exploits0References4
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•52 views

Updated jasper packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened CVE-2021-3443. A NULL pointer dereference fl...

5.5CVSS2.7AI score0.00762EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/27 2:27 p.m.•52 views

Updated imagemagick packages fix security vulnerabilities

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability CVE-2021-20241. A flaw was found in...

7.1CVSS0.9AI score0.01228EPSS
Exploits0References3
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•52 views

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

7.2CVSS3.3AI score0.01109EPSS
Exploits1References3
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•52 views

Updated libmediainfo packages fix security vulnerabilities

Out-of-bounds read in function MediaInfoLib:FileTagsHelper:SynchedTest CVE-2019-11372. Out-of-bounds read in function FileAnalyze:GetL8 CVE-2019-11373...

6.5CVSS3.2AI score0.02503EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•52 views

Updated mozjs60 packages fix security vulnerability

The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox...

10CVSS1.6AI score0.55874EPSS
Exploits14References3
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•52 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code CVE-2019-10218. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full passwor...

6.5CVSS1.7AI score0.03515EPSS
Exploits1References4
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•52 views

Updated libssh2 packages fix security vulnerability

The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be...

8.1CVSS2.8AI score0.03793EPSS
Exploits1References5
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•52 views

Updated unbound packages fix security vulnerability

Updated unbound package to version 1.9.5 to fix a potential security vulnerability. In case users recompiled the Mageia package with --enable-ipsecmod, and ipsecmod is enabled and used in the configuration, shell code execution would end up being possible after receiving a specially crafted answe...

7.3CVSS4.7AI score0.03212EPSS
Exploits1References2
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•52 views

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerability: Daniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify, resulting in denial of service CVE-2019-17596...

7.5CVSS2.6AI score0.04693EPSS
Exploits1References3
Mageia
Mageia
•added 2019/09/21 11:7 a.m.•52 views

Updated thunderbird packages fix security vulnerabilities

The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. CVE-2019-11739 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. CVE-2019-11740...

9.3CVSS1.9AI score0.0216EPSS
Exploits1References3
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•52 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression CVE-2019-13224. A NULL...

9.8CVSS5.9AI score0.04047EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/22 1:8 a.m.•52 views

Updated libreoffice packages fix security vulnerability

Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document CVE-2018-16858. The libreoffice package has been updated to version 6.1.5.2, fixing this issue, and including several other bug fixes and...

9.8CVSS1.6AI score0.67547EPSS
Exploits10References3
Mageia
Mageia
•added 2019/01/15 10:15 p.m.•52 views

Updated libvncserver & x11vnc packages fix security vulnerabilities

A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity CVE-2018-6307. A heap use-after-free vulnerability in the server code of the file transfer extension,...

9.8CVSS2.2AI score0.26543EPSS
Exploits0References6
Mageia
Mageia
•added 2019/01/11 9:7 p.m.•52 views

Updated graphicsmagick packages fix security vulnerabilities

It was discovered that graphicsmagick was subject to vulnerabilities. heap-based buffer overflow in the WriteTGAImage function of tga.c CVE-2018-20184. denial of service vulnerability in ReadDIBImage function of coders/dib.c CVE-2018-20189. heap-based buffer over-read in the ReadBMPImage function...

6.5CVSS6.8AI score0.02307EPSS
Exploits3References3
Mageia
Mageia
•added 2018/10/26 6:47 p.m.•52 views

Updated lilypond packages fix security vulnerability

lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...

8.8CVSS5.6AI score0.02109EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•52 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named...

7.5CVSS1.3AI score0.59353EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/13 7:1 p.m.•52 views

Updated cantata packages fix security vulnerability

The mount target path check in mounter.cpp 'mpOk' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components CVE-2018-12559. Arbitrary unmounts can be performed by regular users the same way CVE-2018-12560. A regul...

9.8CVSS1.6AI score0.02068EPSS
Exploits0References2
Mageia
Mageia
•added 2018/07/11 9:7 p.m.•52 views

Updated graphviz packages fix security vulnerability

NULL pointer dereference vulnerability in the rebuildvlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service application crash via a crafted file. CVE-2018-10196...

5.5CVSS5.3AI score0.01719EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•52 views

Updated jackson-databind packages fix security vulnerability

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper CVE-2017-17485. A flaw was found in FasterXML jackson-databind which allows unauthenticate...

9.8CVSS3.5AI score0.49727EPSS
Exploits1References2
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•52 views

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

10CVSS3AI score0.23694EPSS
Exploits7References9
Mageia
Mageia
•added 2017/10/05 8:37 p.m.•52 views

Updated rawtherapee packages fix security vulnerabilities

It was discovered that rawtherapee had a floating point exception in the kodakradcloadraw function in dcraw.cc CVE-2017-13735. It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c CVE-2017-14348. It was discovered that...

9.8CVSS4.1AI score0.04336EPSS
Exploits0References7
Mageia
Mageia
•added 2017/08/20 8:48 a.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to cod...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.7AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/05/25 2:37 p.m.•52 views

Updated samba packages fix security vulnerability

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process CVE-2016-2126. Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this...

10CVSS2.6AI score0.99448EPSS
Exploits27References8
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•52 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption CVE-2016-9899. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript CVE-2016-9895. Memory corruption...

9.8CVSS7.2AI score0.21401EPSS
Exploits11References4
Mageia
Mageia
•added 2016/07/31 8:39 p.m.•52 views

Updated kernel packages fix security vulnerability

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS3.9AI score0.15073EPSS
Exploits16References4
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•52 views

Updated docker/golang packages fix security vulnerability

Manipulated layer IDs could have lead to local graph poisoning CVE-2014-8178. Manifest validation and parsing logic errors allowed pull-by-digest validation bypass CVE-2014-8179. To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to...

7.5CVSS6.4AI score0.02733EPSS
Exploits0References4
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•52 views

Updated firefox package fixes security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...

10CVSS6.9AI score0.9986EPSS
Exploits2References15
Mageia
Mageia
•added 2015/05/27 4:57 p.m.•52 views

Updated kernel-linus packages fix security vulnerabilities and bugs

Updated kernel-linus fixes security, critical data corruption and pdata loss issues This kernel-linus update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4...

7.2CVSS8AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/04/03 1:11 p.m.•52 views

Updated python-django packages fix security vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonlyfields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected...

5CVSS5.9AI score0.05026EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•52 views

Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...

7.8CVSS7.7AI score0.00421EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•52 views

Updated boinc-client packages fix security vulnerability

Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing BOINC client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when...

9.3CVSS2.4AI score0.02583EPSS
Exploits0References4
Mageia
Mageia
•added 2014/10/28 11:33 a.m.•52 views

Updated qemu packages fix multiple security vulnerabilities

Updated qemu packages fix security vulnerabilities: Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host CVE-2013-4544. Multiple integer overflow, input...

8.8CVSS9.1AI score0.05412EPSS
Exploits5References10
Mageia
Mageia
•added 2014/10/25 8:23 p.m.•52 views

Updated pidgin packages fix security vulnerabilities

In Pidgin before 2.10.10, both of libpurple's bundled SSL/TLS plugins one for GnuTLS and one for NSS failed to check that the Basic Constraints extension allowed intermediate certificates to act as CAs. This allowed anyone with any valid certificate to create a fake certificate for any arbitrary...

6.4CVSS9.1AI score0.03776EPSS
Exploits0References6
Mageia
Mageia
•added 2014/05/29 7:7 a.m.•52 views

Updated mono packages fix security vulnerability

Mono 2.10.9 does not properly randomize hash functions for form posts to protect against hash collision attacks. A remote attacker could send specially crafted parameters, possibly resulting in a Denial of Service condition CVE-2012-3543...

7.5CVSS4AI score0.02583EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/03 12:16 a.m.•53 views

Updated tomcat package fixes security vulnerabilities

Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling 1 a large total amount of chunked data or 2 whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data CVE-2013-4322...

5.8CVSS3.2AI score0.16833EPSS
Exploits5References2
Mageia
Mageia
•added 2014/03/20 6:33 p.m.•52 views

Updated nss, firefox and thunderbird packages fix security vulnerabilities

In the NSS library before version 3.16, in a wildcard certificate, the wildcard character was embedded within the U-label of an internationalized domain name, which is not in accordance with RFC 6125 CVE-2014-1492. Several flaws were found in the processing of malformed web content. A web page...

10CVSS9.1AI score0.83633EPSS
Exploits19References14
Mageia
Mageia
•added 2014/02/25 9:16 p.m.•52 views

Updated perl-Module-Metadata package clarifies the man page

This update clarifies the module's documentation about the code it executes i.e. it does "eval" a module to determine its version number. Previously it said that it did not execute unsafe code CVE-2013-1437...

9.8CVSS5AI score0.02943EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/22 7:10 p.m.•52 views

Updated file package fixes security vulnerability

It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally, other well-crafted files might result in long...

5CVSS7.7AI score0.0507EPSS
Exploits0References2
Mageia
Mageia
•added 2013/12/18 10:57 p.m.•52 views

Updated fcron package fixes security vulnerability and init script

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file CVE-2010-0792. An error in the init script as also been corrected...

1.9CVSS4.9AI score0.00351EPSS
Exploits0References2
Mageia
Mageia
•added 2013/07/16 7:33 a.m.•52 views

Updated kernel-rt package fixes security issues

This kernel-rt update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

7.9CVSS3.4AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
•added 2013/07/01 7:19 p.m.•52 views

Updated wordpress package fixes security vulnerabilities

A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of...

4.3CVSS0.5AI score0.03373EPSS
Exploits3References5
Mageia
Mageia
•added 2013/06/26 6:8 p.m.•52 views

Updated wireshark packages fix multiple security vulnerabilities

The CAPWAP dissector could crash CVE-2013-4074. The GMR-1 BCCH dissector could crash CVE-2013-4075. The PPP dissector could crash CVE-2013-4076. The NBAP dissector could crash CVE-2013-4077. The RDP dissector could crash CVE-2013-4078. The GSM CBCH dissector could crash CVE-2013-4079. The Assa...

5CVSS0.3AI score0.60643EPSS
Exploits7References13
Mageia
Mageia
•added 2025/03/08 1:26 a.m.•51 views

Updated gpac packages fix security vulnerabilities

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-5520 Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0321 Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0322...

9.8CVSS7.3AI score0.01043EPSS
Exploits3References2
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•51 views

Updated gdb packages fix security vulnerabilities

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE-2022-4285 A potential heap based buffer overflow was found in...

6.5CVSS8.1AI score0.00895EPSS
Exploits2References2
Mageia
Mageia
•added 2024/05/31 3:15 p.m.•51 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent checking DSA keys and parameters. CVE-2024-4603 Use After Free with SSLfreebuffers. CVE-2024-4741...

7.5CVSS7.1AI score0.02945EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•51 views

Updated libtiff packages fix security vulnerability

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. CVE-2023-6228...

5.5CVSS6AI score0.00399EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•51 views

Updated freeglut packages fix security vulnerabilities

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. CVE-2024-24258 freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. CVE-2024-24259...

7.5CVSS7.6AI score0.01147EPSS
Exploits2References2
Mageia
Mageia
•added 2024/04/17 2:13 a.m.•51 views

Updated nghttp2 packages fix security vulnerability

nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. This update fixes the issue. This is the latest release, which will bring some more fixes and...

5.3CVSS5.3AI score0.8496EPSS
Exploits1References3
Total number of security vulnerabilities5000