Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2020/12/17 1:10 p.m.•51 views

Updated jasper packages fix security vulnerability

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability CVE-2020-27828...

7.8CVSS5.3AI score0.01371EPSS
Exploits1References2
Mageia
Mageia
•added 2020/11/21 12:21 p.m.•51 views

Updated postgresql packages fix security vulnerabilities

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

8.8CVSS8.7AI score0.4644EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•51 views

Updated sleuthkit packages fix security vulnerability

Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table CVE-2019-14532. In version 4.8.0 and earlier of The Sleuth Kit TSK, there ...

9.8CVSS2.3AI score0.02352EPSS
Exploits2References1
Mageia
Mageia
•added 2020/05/27 12:46 a.m.•51 views

Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

9.8CVSS4.7AI score0.02475EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•51 views

Updated pdns-recursor packages fix security vulnerabilities

Updated pdns-recursor packages fix security vulnerabilities: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the...

7.5CVSS4.1AI score0.04372EPSS
Exploits0References5
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•51 views

Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest...

9.8CVSS2.3AI score0.27246EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/18 3:27 p.m.•51 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerability: WebKitGTK through 2.26.4 contains a memory corruption issue use-after-free that may lead to arbitrary code execution CVE-2020-10018...

9.8CVSS3AI score0.04987EPSS
Exploits0References3
Mageia
Mageia
•added 2019/12/31 4:51 p.m.•51 views

Updated roundcubemail packages fix security vulnerability

The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237...

7.4CVSS1.7AI score0.00927EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•51 views

Updated rsyslog packages fix security vulnerabilities

Updated rsyslog packages fix security vulnerabilities: Heap overflow in the parser for AIX log messages CVE-2019-17041. Heap overflow in the parser for Cisco log messages CVE-2019-17042...

9.8CVSS2.6AI score0.04568EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•51 views

Updated sdl2_image packages fix security vulnerabilities

Updated sdl2image packages fix security vulnerabilities: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially...

8.8CVSS2.3AI score0.04515EPSS
Exploits10References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•51 views

Updated python-sqlalchemy packages fix security vulnerabilities

Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the orderby parameter CVE-2019-7164. SQL Injection via the groupby parameter CVE-2019-7548...

9.8CVSS4AI score0.03525EPSS
Exploits3References2
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•51 views

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin packages fix security vulnerabilities: A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. CVE-2019-11768, PMASA-2019-3 A vulnerability was found that allows an attacker to trigger a...

9.8CVSS3.1AI score0.19184EPSS
Exploits4References3
Mageia
Mageia
•added 2018/12/29 11:24 p.m.•51 views

Updated keepalived package fixes security vulnerabilities

keepalived before version 2.0.9 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data ...

9.8CVSS1.8AI score0.03746EPSS
Exploits2References2
Mageia
Mageia
•added 2018/11/17 10:23 p.m.•51 views

Updated nginx package fixes security vulnerabilities

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption CVE-2018-16843. nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage...

8.2CVSS4.2AI score0.47057EPSS
Exploits1References1
Mageia
Mageia
•added 2018/10/20 1:55 p.m.•51 views

Updated libtiff packages fix security vulnerabilities

Heap-based buffer overflow in tifpackbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file CVE-2016-5319. In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tifpackbits.c CVE-2017-17942. TIFFWriteScanlin...

8.8CVSS5.8AI score0.0371EPSS
Exploits2References1
Mageia
Mageia
•added 2018/07/23 10:27 p.m.•51 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Buffer overflow using computed size of canvas element. CVE-2018-12359 Use-after-free when using focus. CVE-2018-12360 S/MIME and PGP decryption oracles can be built with HTML emails. CVE-2018-12372 S/MIME plaintext can be leaked...

9.8CVSS0.3AI score0.08654EPSS
Exploits1References10
Mageia
Mageia
•added 2018/03/01 9:27 p.m.•51 views

Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the Key Distribution Center KDC, which allows...

6.5CVSS4.3AI score0.026EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/08 11:30 a.m.•51 views

Updated gcc packages fix security vulnerability

This update provides and update to 5.5.0 maintenance release and adds support for retpoline, a mitigation technique for CVE-2017-5715 branch target injection aka 'Spectre Variant 2' that is needed at least for the kernels...

5.6CVSS2AI score0.74041EPSS
Exploits9References2
Mageia
Mageia
•added 2017/12/28 1:16 p.m.•53 views

Updated nonfree firmwares fixes security issues and adds new hw support

Updated nonfree firmwares fixes at least the following security issues: Broadcom firmware fixes: - dropping BRCM proprietary packets received over the air CVE-2016-0801 - adding length checks for TDLS action frames CVE-2017-0561 - adding length checks for WME IE CVE-2017-9417 Iwlwifi firmware...

10CVSS7.7AI score0.47537EPSS
Exploits9References1
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•51 views

Updated nagios packages fix security vulnerability

It was found that nagios daemon creates its PID file after dropping privileges, which allows to change its content by non-root user with PID of any other process, resulting into denial-of-service when daemon is stopped CVE-2017-12847. Note that the nagios package on Mageia 5 is no longer supporte...

6.3CVSS4.6AI score0.00786EPSS
Exploits0References2
Mageia
Mageia
•added 2017/10/19 10:5 p.m.•51 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.9.56 and fixes at least the following security issues: A flaw was found in the way the Linux KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack...

7.8CVSS1AI score0.03763EPSS
Exploits8References7
Mageia
Mageia
•added 2017/08/03 7:5 p.m.•51 views

Updated sqlite3 packages fix security vulnerability

Pointer disclosure in SQLite CVE-2017-7000. The getNodeSize function in ext/rtree/rtree.c in SQLite mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact CVE-2017-10989. Note: the CVE-2017-10989 issue only affected...

9.8CVSS4.7AI score0.08609EPSS
Exploits0References3
Mageia
Mageia
•added 2017/04/30 11:33 p.m.•51 views

Updated java-1.8.0-openjdk packages fix security vulnerability

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges CVE-2017-3511. It was found that the JAXP component of...

7.7CVSS0.5AI score0.03311EPSS
Exploits2References6
Mageia
Mageia
•added 2017/03/23 9:21 p.m.•51 views

Updated thunderbird packages fix security vulnerability

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. CVE-2017-5400 A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may...

10CVSS9.1AI score0.17484EPSS
Exploits8References3
Mageia
Mageia
•added 2017/02/02 8:11 a.m.•51 views

Updated python-pycrypto packages fix security vulnerabilities

This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...

9.8CVSS3.3AI score0.09501EPSS
Exploits1References4
Mageia
Mageia
•added 2016/12/22 9:41 p.m.•51 views

Updated php packages fix security vulnerability

NULL Pointer Dereference in WDDX Packet Deserialization with PDORow in PHP before 5.6.28 CVE-2016-9934. Invalid read when wddx decodes empty boolean element in PHP before 5.6.29 CVE-2016-9935...

9.8CVSS2.9AI score0.07031EPSS
Exploits0References3
Mageia
Mageia
•added 2016/11/03 9:2 a.m.•51 views

Updated openjpeg2 packages fix security vulnerabilities

A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in opjtcdfreetile CVE-2016-3181. A specially crafted JPEG2000 image file can force Heap Corruption in opjfree CVE-2016-3182. A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in sycc422torgb CVE-2016-3183...

8.8CVSS6.4AI score0.07114EPSS
Exploits4References8
Mageia
Mageia
•added 2016/10/25 11:11 p.m.•51 views

Updated graphicsmagick packages fix security vulnerability

The updated packages fix security vulnerabilities: Stack-based buffer overflow in ReadSCTImage CVE-2016-8682. Memory allocation failure in ReadPCXImage CVE-2016-8683. Memory allocation failure in MagickMalloc CVE-2016-8684...

7.8CVSS2.9AI score0.0355EPSS
Exploits0References4
Mageia
Mageia
•added 2016/09/21 8:38 p.m.•51 views

Updated tomcat packages fix security vulnerability

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS2.3AI score0.50896EPSS
Exploits0References2
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•51 views

Updated openssh packages fix security vulnerability

Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1 CVE-2016-3115...

6.4CVSS3.2AI score0.37016EPSS
Exploits13References3
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•51 views

Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 7.x before 7.0.65 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used b...

8.8CVSS8.3AI score0.1838EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•51 views

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P3, a buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c CVE-2015-8704. In ISC BIND before 9.10.3-P3, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the...

7CVSS7.3AI score0.20172EPSS
Exploits0References4
Mageia
Mageia
•added 2015/05/05 1:36 p.m.•51 views

Updated nodejs packages fix security vulnerabilities

Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges CVE-2015-0278. The libuv library is bundled with nodejs, and a fixed version of libuv is included wi...

10CVSS6.6AI score0.03242EPSS
Exploits0References7
Mageia
Mageia
•added 2015/04/15 5:22 p.m.•51 views

Updated java-1.7.0-openjdk packages fix security vulnerabilities

Updated java-1.7.0 packages fix security vulnerabilities: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrust...

10CVSS6.4AI score0.07224EPSS
Exploits1References4
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•51 views

Updated owasp-esapi-java packages fix CVE-2013-5679

Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...

2.6CVSS3.5AI score0.02426EPSS
Exploits1References2
Mageia
Mageia
•added 2015/02/05 10:26 p.m.•51 views

Updated vlc packages fix security vulnerabilities

Updated vlc packages fix security vulnerabilities: On 32 bit builds, parsing of update status files with a size of 4294967295 or more lead to an integer truncation caused by a cast to sizet in a call to malloc and a subsequent buffer overflow. This happened prior to checking the files' signature...

7.8CVSS8.4AI score0.02385EPSS
Exploits0References4
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•51 views

Updated resteasy package fix CVE-2014-3490

Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...

7.5CVSS9AI score0.04572EPSS
Exploits0References2
Mageia
Mageia
•added 2014/07/08 10:44 p.m.•51 views

Updated gd and libgd packages fix security vulnerability

The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file CVE-2014-2497...

4.3CVSS8.1AI score0.22319EPSS
Exploits3References2
Mageia
Mageia
•added 2014/05/23 10:7 p.m.•51 views

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/04/04 5:33 p.m.•51 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the file utility contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. A flaw was foun...

5CVSS8.4AI score0.0507EPSS
Exploits1References8
Mageia
Mageia
•added 2014/03/06 9:52 p.m.•51 views

Updated chromium-browser-stable package fixes security vulnerabilities

Use-after-free in svg images CVE-2013-6663. Use-after-free in speech recognition CVE-2013-6664. Heap buffer overflow in software rendering CVE-2013-6665. Chrome allows requests in flash header request CVE-2013-6666. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6667...

7.5CVSS3.9AI score0.05428EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/25 9:54 p.m.•51 views

Updated xstream packages fix CVE-2013-7285

Updated xstream packages fix security vulnerability: It was found that XStream would deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code executio...

9.8CVSS3.8AI score0.84362EPSS
Exploits5References3
Mageia
Mageia
•added 2014/02/16 1:28 p.m.•51 views

Updated libpng and libpng12 packages fix security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS5.4AI score0.04692EPSS
Exploits1References3
Mageia
Mageia
•added 2013/11/20 8:41 p.m.•51 views

Updated krb5 package fixes security vulnerabilities

An authenticated remote client can cause a KDC to crash by making a valid TGS-REQ to a KDC serving a realm with a single-component name. The processtgsreq function dereferences a null pointer because an unusual failure condition causes a helper function to return success CVE-2013-1417. If a KDC...

4.3CVSS1.1AI score0.05508EPSS
Exploits1References3
Mageia
Mageia
•added 2013/11/20 8:31 p.m.•51 views

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

5CVSS2.2AI score0.10117EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/13 7:5 p.m.•51 views

Updated java-1.6.0-openjdk package fixes multiple vulnerabilities

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

10CVSS1.7AI score0.24738EPSS
Exploits0References4
Mageia
Mageia
•added 2013/10/17 7:55 p.m.•51 views

Updated clutter packages fix CVE-2013-2190

Updated clutter packages fix security vulnerability: A security flaw was found in the way Clutter, an open source software library for creating rich graphical user interfaces, used to manage translation of hierarchy events in certain circumstances when underlying device disappeared, causing...

2.1CVSS0.4AI score0.00533EPSS
Exploits1References2
Mageia
Mageia
•added 2025/04/12 7:4 p.m.•50 views

Updated giflib packages fix security vulnerability

The giflib open-source component has a buffer overflow vulnerability. CVE-2025-31344...

7.3CVSS7AI score0.00232EPSS
Exploits0References3
Mageia
Mageia
•added 2024/11/22 7:25 a.m.•50 views

Updated kernel, kmod-xtables-addons, kmod-virtualbox & bluez packages fix security vulnerabilities

Upstream kernel version 6.6.61 fixes bugs and vulnerabilities. The bluez, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS8.2AI score0.00529EPSS
Exploits1References4
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•50 views

Updated python-gunicorn packages fix security vulnerability

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7AI score0.02996EPSS
Exploits0References2
Total number of security vulnerabilities5000