Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/02/08 11:30 a.m.•52 views

Updated gcc packages fix security vulnerability

This update provides and update to 5.5.0 maintenance release and adds support for retpoline, a mitigation technique for CVE-2017-5715 branch target injection aka 'Spectre Variant 2' that is needed at least for the kernels...

5.6CVSS2AI score0.74041EPSS
Exploits9References2
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•52 views

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

10CVSS3AI score0.23694EPSS
Exploits7References9
Mageia
Mageia
•added 2017/10/05 8:37 p.m.•52 views

Updated rawtherapee packages fix security vulnerabilities

It was discovered that rawtherapee had a floating point exception in the kodakradcloadraw function in dcraw.cc CVE-2017-13735. It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c CVE-2017-14348. It was discovered that...

9.8CVSS4.1AI score0.04336EPSS
Exploits0References7
Mageia
Mageia
•added 2017/08/20 8:48 a.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to cod...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/13 1:17 p.m.•52 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS0.7AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/07/30 6:27 p.m.•52 views

Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...

7.8CVSS1AI score0.03763EPSS
Exploits0References6
Mageia
Mageia
•added 2017/05/25 2:37 p.m.•52 views

Updated samba packages fix security vulnerability

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process CVE-2016-2126. Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this...

10CVSS2.6AI score0.99448EPSS
Exploits27References8
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•52 views

Updated python-pycrypto packages fix security vulnerabilities

This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...

9.8CVSS3.3AI score0.09501EPSS
Exploits1References4
Mageia
Mageia
•added 2017/01/06 8:28 a.m.•52 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption CVE-2016-9899. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript CVE-2016-9895. Memory corruption...

9.8CVSS7.2AI score0.21401EPSS
Exploits11References4
Mageia
Mageia
•added 2016/09/21 8:38 p.m.•52 views

Updated tomcat packages fix security vulnerability

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS2.3AI score0.50896EPSS
Exploits0References2
Mageia
Mageia
•added 2016/07/31 8:39 p.m.•52 views

Updated kernel packages fix security vulnerability

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS3.9AI score0.15073EPSS
Exploits16References4
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•52 views

Updated docker/golang packages fix security vulnerability

Manipulated layer IDs could have lead to local graph poisoning CVE-2014-8178. Manifest validation and parsing logic errors allowed pull-by-digest validation bypass CVE-2014-8179. To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to...

7.5CVSS6.4AI score0.02733EPSS
Exploits0References4
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•52 views

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P3, a buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c CVE-2015-8704. In ISC BIND before 9.10.3-P3, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the...

7CVSS7.3AI score0.20172EPSS
Exploits0References4
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•52 views

Updated firefox package fixes security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...

10CVSS6.9AI score0.9986EPSS
Exploits2References15
Mageia
Mageia
•added 2015/05/27 4:57 p.m.•52 views

Updated kernel-linus packages fix security vulnerabilities and bugs

Updated kernel-linus fixes security, critical data corruption and pdata loss issues This kernel-linus update is based on upstream -longterm 3.14.43 and fixes a security issue, and critical data corruption and data loss issues: drivers/vhost/scsi.c: potential memory corruption CVE-2015-4036 ext4...

7.2CVSS8AI score0.00589EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/05 1:36 p.m.•52 views

Updated nodejs packages fix security vulnerabilities

Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges CVE-2015-0278. The libuv library is bundled with nodejs, and a fixed version of libuv is included wi...

10CVSS6.6AI score0.03242EPSS
Exploits0References7
Mageia
Mageia
•added 2015/04/15 5:22 p.m.•52 views

Updated java-1.7.0-openjdk packages fix security vulnerabilities

Updated java-1.7.0 packages fix security vulnerabilities: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrust...

10CVSS6.4AI score0.07224EPSS
Exploits1References4
Mageia
Mageia
•added 2015/04/03 1:11 p.m.•52 views

Updated python-django packages fix security vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonlyfields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected...

5CVSS5.9AI score0.0499EPSS
Exploits1References3
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•52 views

Updated vlc packages fix security vulnerabilities

Updated vlc packages fix security vulnerabilities: On 32 bit builds, parsing of update status files with a size of 4294967295 or more lead to an integer truncation caused by a cast to sizet in a call to malloc and a subsequent buffer overflow. This happened prior to checking the files' signature...

7.8CVSS8.4AI score0.02385EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/03 7:27 p.m.•52 views

Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...

7.8CVSS7.7AI score0.00421EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•52 views

Updated boinc-client packages fix security vulnerability

Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing BOINC client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when...

9.3CVSS2.4AI score0.02583EPSS
Exploits0References4
Mageia
Mageia
•added 2014/10/28 11:33 a.m.•52 views

Updated qemu packages fix multiple security vulnerabilities

Updated qemu packages fix security vulnerabilities: Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host CVE-2013-4544. Multiple integer overflow, input...

8.8CVSS9.1AI score0.05412EPSS
Exploits5References10
Mageia
Mageia
•added 2014/10/25 8:23 p.m.•52 views

Updated pidgin packages fix security vulnerabilities

In Pidgin before 2.10.10, both of libpurple's bundled SSL/TLS plugins one for GnuTLS and one for NSS failed to check that the Basic Constraints extension allowed intermediate certificates to act as CAs. This allowed anyone with any valid certificate to create a fake certificate for any arbitrary...

6.4CVSS9.1AI score0.03776EPSS
Exploits0References6
Mageia
Mageia
•added 2014/09/26 3:55 p.m.•52 views

Updated perl-Email-Address packages fix security vulnerabilities

Updated perl-Email-Address package fixes security vulnerability: The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via an empty quoted string in an RFC 2822 address...

5CVSS6.2AI score0.03584EPSS
Exploits2References2
Mageia
Mageia
•added 2014/04/20 6:48 p.m.•52 views

Updated virtualbox packages fixes security vulnerabilities

Multiple vulnerabilities in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core CVE-2013-5892, CVE-2014-0404, CVE-2014-0405,...

6.9CVSS7.4AI score0.08195EPSS
Exploits12References5
Mageia
Mageia
•added 2014/04/04 5:33 p.m.•52 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the file utility contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. A flaw was foun...

5CVSS8.4AI score0.0507EPSS
Exploits1References8
Mageia
Mageia
•added 2014/03/20 6:33 p.m.•52 views

Updated nss, firefox and thunderbird packages fix security vulnerabilities

In the NSS library before version 3.16, in a wildcard certificate, the wildcard character was embedded within the U-label of an internationalized domain name, which is not in accordance with RFC 6125 CVE-2014-1492. Several flaws were found in the processing of malformed web content. A web page...

10CVSS9.1AI score0.83633EPSS
Exploits19References14
Mageia
Mageia
•added 2014/02/25 9:16 p.m.•52 views

Updated perl-Module-Metadata package clarifies the man page

This update clarifies the module's documentation about the code it executes i.e. it does "eval" a module to determine its version number. Previously it said that it did not execute unsafe code CVE-2013-1437...

9.8CVSS5AI score0.02943EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/22 7:10 p.m.•52 views

Updated file package fixes security vulnerability

It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally, other well-crafted files might result in long...

5CVSS7.7AI score0.0507EPSS
Exploits0References2
Mageia
Mageia
•added 2013/12/18 10:57 p.m.•52 views

Updated fcron package fixes security vulnerability and init script

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file CVE-2010-0792. An error in the init script as also been corrected...

1.9CVSS4.9AI score0.00351EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/20 8:41 p.m.•52 views

Updated krb5 package fixes security vulnerabilities

An authenticated remote client can cause a KDC to crash by making a valid TGS-REQ to a KDC serving a realm with a single-component name. The processtgsreq function dereferences a null pointer because an unusual failure condition causes a helper function to return success CVE-2013-1417. If a KDC...

4.3CVSS1.1AI score0.05508EPSS
Exploits1References3
Mageia
Mageia
•added 2013/07/16 7:33 a.m.•52 views

Updated kernel-rt package fixes security issues

This kernel-rt update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

7.9CVSS3.4AI score0.07313EPSS
Exploits5References8
Mageia
Mageia
•added 2013/07/01 7:19 p.m.•52 views

Updated wordpress package fixes security vulnerabilities

A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of...

4.3CVSS0.5AI score0.03373EPSS
Exploits3References5
Mageia
Mageia
•added 2013/06/26 6:8 p.m.•52 views

Updated wireshark packages fix multiple security vulnerabilities

The CAPWAP dissector could crash CVE-2013-4074. The GMR-1 BCCH dissector could crash CVE-2013-4075. The PPP dissector could crash CVE-2013-4076. The NBAP dissector could crash CVE-2013-4077. The RDP dissector could crash CVE-2013-4078. The GSM CBCH dissector could crash CVE-2013-4079. The Assa...

5CVSS0.3AI score0.60643EPSS
Exploits7References13
Mageia
Mageia
•added 2026/05/07 5:6 a.m.•51 views

Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References3
Mageia
Mageia
•added 2025/03/08 1:26 a.m.•51 views

Updated gpac packages fix security vulnerabilities

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-5520 Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0321 Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0322...

9.8CVSS7.3AI score0.01043EPSS
Exploits3References2
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•51 views

Updated gdb packages fix security vulnerabilities

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE-2022-4285 A potential heap based buffer overflow was found in...

6.5CVSS8.1AI score0.00895EPSS
Exploits2References2
Mageia
Mageia
•added 2024/05/27 9:11 p.m.•51 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.112 release. It includes 1 security fix. High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20 Google is aware that an explo...

9.6CVSS7.3AI score0.1002EPSS
Exploits3References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•51 views

Updated libtiff packages fix security vulnerability

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. CVE-2023-6228...

5.5CVSS6AI score0.00399EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•51 views

Updated freeglut packages fix security vulnerabilities

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. CVE-2024-24258 freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. CVE-2024-24259...

7.5CVSS7.6AI score0.01147EPSS
Exploits2References2
Mageia
Mageia
•added 2024/04/27 12:37 a.m.•51 views

Updated thunderbird packages fix security vulnerabilities

CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not ...

8.8CVSS6.7AI score0.00847EPSS
Exploits2References4
Mageia
Mageia
•added 2024/04/17 2:13 a.m.•51 views

Updated nghttp2 packages fix security vulnerability

nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. This update fixes the issue. This is the latest release, which will bring some more fixes and...

5.3CVSS5.3AI score0.8496EPSS
Exploits1References3
Mageia
Mageia
•added 2023/12/08 10:55 a.m.•51 views

Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. CVE-2023-48231 A floating point exception may occur when calculating the line offset for...

4.7CVSS7.6AI score0.00749EPSS
Exploits1References3
Mageia
Mageia
•added 2023/11/28 5:12 p.m.•51 views

Updated kernel packages fix security vulnerabilities and other bugs

This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue ma...

9.8CVSS9.7AI score0.09141EPSS
Exploits3References14
Mageia
Mageia
•added 2023/11/09 12:55 p.m.•51 views

Updated gnome-shell packages fix a security vulnerability

The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. CVE-2023-43090...

5.5CVSS7.1AI score0.00311EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/03 10:53 a.m.•51 views

Updated libwebp packages fix a security vulnerability

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

8.8CVSS8.8AI score0.99735EPSS
Exploits9References2
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•51 views

Updated wireshark packages fix security vulnerabilities

The updated wireshark packages fix security vulnerabilities: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVE-2023-2906 BT SDP dissector...

7.5CVSS7.1AI score0.02771EPSS
Exploits3References6
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•51 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 116.0.5845.140 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim@cassidy6564 on 2023-08-02 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 High...

8.8CVSS7.4AI score0.3398EPSS
Exploits0References3
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•51 views

Updated postgresql packages fix security vulnerability

Extension script @substitutions@ within quoting allow SQL injection. CVE-2023-39417 MERGE fails to enforce UPDATE or SELECT row security policies. CVE-2023-39418...

8.8CVSS7.9AI score0.01572EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•52 views

Updated thunderbird packages fix security vulnerability

Fullscreen notification obscured. CVE-2023-29533 Double-free in libwebp. MFSA-TMP-2023-0001 Potential Memory Corruption following Garbage Collector compaction. CVE-2023-29535 Invalid free from JavaScript code. CVE-2023-29536 Revocation status of S/Mime recipient certificates was not checked...

8.8CVSS7.7AI score0.00901EPSS
Exploits0References3
Total number of security vulnerabilities5000