Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2016/11/03 9:2 a.m.•51 views

Updated openjpeg2 packages fix security vulnerabilities

A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in opjtcdfreetile CVE-2016-3181. A specially crafted JPEG2000 image file can force Heap Corruption in opjfree CVE-2016-3182. A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in sycc422torgb CVE-2016-3183...

8.8CVSS6.4AI score0.07114EPSS
Exploits4References8
Mageia
Mageia
•added 2016/10/25 11:11 p.m.•51 views

Updated graphicsmagick packages fix security vulnerability

The updated packages fix security vulnerabilities: Stack-based buffer overflow in ReadSCTImage CVE-2016-8682. Memory allocation failure in ReadPCXImage CVE-2016-8683. Memory allocation failure in MagickMalloc CVE-2016-8684...

7.8CVSS2.9AI score0.0355EPSS
Exploits0References4
Mageia
Mageia
•added 2016/03/10 11:37 p.m.•51 views

Updated openssh packages fix security vulnerability

Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1 CVE-2016-3115...

6.4CVSS3.2AI score0.37016EPSS
Exploits13References3
Mageia
Mageia
•added 2016/03/02 6:28 p.m.•51 views

Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 7.x before 7.0.65 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used b...

8.8CVSS8.3AI score0.1838EPSS
Exploits0References2
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•51 views

Updated postgresql package fixes security vulnerability

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

9.8CVSS9.1AI score0.08565EPSS
Exploits0References5
Mageia
Mageia
•added 2015/02/11 8:47 p.m.•51 views

Updated owasp-esapi-java packages fix CVE-2013-5679

Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...

2.6CVSS3.5AI score0.02426EPSS
Exploits1References2
Mageia
Mageia
•added 2014/12/26 5:4 p.m.•51 views

Updated resteasy package fix CVE-2014-3490

Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...

7.5CVSS9AI score0.04572EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•51 views

Updated krb5 packages fix security vulnerability

The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access CVE-2014-5351...

2.1CVSS6.2AI score0.02616EPSS
Exploits0References2
Mageia
Mageia
•added 2014/07/08 10:44 p.m.•51 views

Updated gd and libgd packages fix security vulnerability

The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file CVE-2014-2497...

4.3CVSS8.1AI score0.22319EPSS
Exploits3References2
Mageia
Mageia
•added 2014/05/23 10:7 p.m.•51 views

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

7.4CVSS7.4AI score0.22475EPSS
Exploits19References13
Mageia
Mageia
•added 2014/03/06 9:52 p.m.•51 views

Updated chromium-browser-stable package fixes security vulnerabilities

Use-after-free in svg images CVE-2013-6663. Use-after-free in speech recognition CVE-2013-6664. Heap buffer overflow in software rendering CVE-2013-6665. Chrome allows requests in flash header request CVE-2013-6666. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6667...

7.5CVSS3.9AI score0.05428EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/25 9:54 p.m.•51 views

Updated xstream packages fix CVE-2013-7285

Updated xstream packages fix security vulnerability: It was found that XStream would deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code executio...

9.8CVSS3.8AI score0.84362EPSS
Exploits5References3
Mageia
Mageia
•added 2014/02/16 1:28 p.m.•51 views

Updated libpng and libpng12 packages fix security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS5.4AI score0.04692EPSS
Exploits1References3
Mageia
Mageia
•added 2013/11/20 8:31 p.m.•51 views

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

5CVSS2.2AI score0.10117EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/13 7:5 p.m.•51 views

Updated java-1.6.0-openjdk package fixes multiple vulnerabilities

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

10CVSS1.7AI score0.24738EPSS
Exploits0References4
Mageia
Mageia
•added 2013/10/17 7:55 p.m.•51 views

Updated clutter packages fix CVE-2013-2190

Updated clutter packages fix security vulnerability: A security flaw was found in the way Clutter, an open source software library for creating rich graphical user interfaces, used to manage translation of hierarchy events in certain circumstances when underlying device disappeared, causing...

2.1CVSS0.4AI score0.00533EPSS
Exploits1References2
Mageia
Mageia
•added 2013/07/29 2:6 p.m.•51 views

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

6.5CVSS0.7AI score0.01832EPSS
Exploits0References7
Mageia
Mageia
•added 2025/04/12 7:4 p.m.•50 views

Updated giflib packages fix security vulnerability

The giflib open-source component has a buffer overflow vulnerability. CVE-2025-31344...

7.3CVSS7AI score0.00232EPSS
Exploits0References3
Mageia
Mageia
•added 2024/11/22 7:25 a.m.•50 views

Updated kernel, kmod-xtables-addons, kmod-virtualbox & bluez packages fix security vulnerabilities

Upstream kernel version 6.6.61 fixes bugs and vulnerabilities. The bluez, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS8.2AI score0.00529EPSS
Exploits1References4
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•50 views

Updated python-gunicorn packages fix security vulnerability

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7AI score0.02996EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/22 5:32 p.m.•50 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...

8.6CVSS7.8AI score0.0107EPSS
Exploits1References3
Mageia
Mageia
•added 2024/04/12 8:45 p.m.•50 views

Updated squid packages fix security vulnerabilities

Affected versions of squid are subject to a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsedforwarding on" are vulnerable. Configurations with "collapsedforwarding off" or...

8.6CVSS7AI score0.05229EPSS
Exploits0References2
Mageia
Mageia
•added 2024/03/14 5:25 p.m.•50 views

Updated libgit2 packages fix security vulnerabilities

When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. CVE-2023-22742 Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. CVE-2024-24577...

9.8CVSS8.3AI score0.01546EPSS
Exploits0References5
Mageia
Mageia
•added 2024/02/27 1:21 a.m.•50 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by select element. CVE-2024-1548 Custom cursor could obscure the...

8.1CVSS7.4AI score0.00937EPSS
Exploits1References3
Mageia
Mageia
•added 2023/12/17 10:40 p.m.•50 views

Updated golang packages fix security vulnerabilities

Update to upstream golang 1.21.5 to fix CVE-2023-39326 and CVE-2023-452835 In Mageia 8, this update also allows build nodes to build docker stack...

7.5CVSS6.7AI score0.02758EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/13 6:32 p.m.•50 views

Updated curl packages fix security vulnerabilities

The updated Curl Mageia 8 and 9 packages contain a patch to fix CVE-2023-46218 The Mageia 9 packages als contain a patch to fix CVE-2023-46219. Curl in Mageia 8 does not need that patch because it is not affected by that issue...

6.5CVSS6.8AI score0.01685EPSS
Exploits2References1
Mageia
Mageia
•added 2023/11/09 12:55 p.m.•50 views

Updated gnome-shell packages fix a security vulnerability

The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. CVE-2023-43090...

5.5CVSS7.1AI score0.00311EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•50 views

Updated mediawiki packages fix security vulnerability

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS6.3AI score0.01216EPSS
Exploits1References2
Mageia
Mageia
•added 2023/06/19 4:29 p.m.•50 views

Updated sysstat packages fix security vulnerability

Multiplication integer overflow in checkoverflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. CVE-2023-33204...

7.8CVSS7.3AI score0.00327EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•50 views

Updated cmark packages fix security vulnerability

cmark incorrectly handled certain inputs. Fixes quadratic complexity in handleclosebracket "" which may lead to a denial of service CVE-2023-22486. Noting that this also fixes a quadratic parsing issue with repeated comment tags that was not in a released product but which was assigned a CVE...

7.5CVSS7.3AI score0.01108EPSS
Exploits2References3
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•50 views

Updated ceph packages fix security vulnerability

Openstack manilla owning a Ceph File system "share", enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system...

9.1CVSS8.3AI score0.00935EPSS
Exploits1References3
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•51 views

Updated thunderbird packages fix security vulnerability

Fullscreen notification obscured. CVE-2023-29533 Double-free in libwebp. MFSA-TMP-2023-0001 Potential Memory Corruption following Garbage Collector compaction. CVE-2023-29535 Invalid free from JavaScript code. CVE-2023-29536 Revocation status of S/Mime recipient certificates was not checked...

8.8CVSS7.7AI score0.00901EPSS
Exploits0References3
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•50 views

Updated ldb/samba packages fix security vulnerability

Deletion of AD DC "dnsHostname" attribute by unprivileged authenticated users CVE-2023-0225 Read access controlled AD LDAP attributes CVE-2023-0614 Cleartext password sending by AD DC admin tool CVE-2023-0922...

7.7CVSS5.9AI score0.00719EPSS
Exploits0References5
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•50 views

Updated libzen packages fix security vulnerability

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference...

7.5CVSS3.1AI score0.01177EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•50 views

Updated apr-util packages fix security vulnerability

Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer. CVE-2022-25147...

6.5CVSS9.1AI score0.01417EPSS
Exploits0References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•50 views

Updated php-smarty packages fix security vulnerability

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...

5.4CVSS3.1AI score0.00826EPSS
Exploits1References3
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•50 views

Updated php packages fix security vulnerability

Update to php version 8.0.27 fixes PDO/SQLite, where PDO::quote may return unquoted string See referenced changelog for other changes...

9.1CVSS3.1AI score0.02154EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•50 views

Updated leptonica packages fix security vulnerability

This update fixes a denial of service vulnerability in leptonlib. It can be made to crash with an arithmetic exception on specially crafted JPEG files. CVE-2022-38266...

6.5CVSS2.6AI score0.01104EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•50 views

Updated exiv2 packages fix security vulnerability

Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. CVE-2022-3756...

4AI score
Exploits0References2
Mageia
Mageia
•added 2022/09/26 6:22 a.m.•50 views

Updated tcpreplay packages fix security vulnerability

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in getlayer4v6 in common/get.c. CVE-2022-27939 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in getipv6next in common/get.c. CVE-2022-27940 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in getl2lenprotocol...

7.8CVSS1.3AI score0.01918EPSS
Exploits8References2
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•50 views

Updated libxslt packages fix security vulnerability

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30560...

8.8CVSS2.1AI score0.21623EPSS
Exploits0References3
Mageia
Mageia
•added 2022/03/07 11:10 p.m.•50 views

Updated webmin packages fix security vulnerability

Less privileged Webmin users who do not have any File Manager module restrictions configured can access files with root privileges, if using the default Authentic theme CVE-2022-0824, CVE-2022-0829...

9CVSS4.5AI score0.96977EPSS
Exploits14References3
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•50 views

Updated varnish packages fix security vulnerability

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. CVE-2022-23959...

9.1CVSS7.1AI score0.01957EPSS
Exploits0References4
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•50 views

Updated netcdf packages fix security vulnerability

Multiple security issues found in ezXML, bundled in netcdf...

8.1CVSS2.4AI score0.01605EPSS
Exploits15References4
Mageia
Mageia
•added 2021/12/02 4:49 p.m.•50 views

Updated gfbgraph packages fix security vulnerability

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

5.9CVSS3.4AI score0.00708EPSS
Exploits0References2
Mageia
Mageia
•added 2021/11/18 9:50 p.m.•50 views

Updated opensc packages fix security vulnerability

CVE-2021-42780: Fixed use after return in insertpin bsc1192005. CVE-2021-42779: Fixed use after free in scfilevalid bsc1191992. CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c bsc1192000. CVE-2021-42782: Stack buffer overflow issues in various places bsc1191957...

5.3CVSS1.3AI score0.02805EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/31 11:12 a.m.•50 views

Updated docker packages fix security vulnerabilities

Updated docker packages fix security vulnerabilities: A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug...

7.5CVSS3AI score0.02693EPSS
Exploits3References1
Mageia
Mageia
•added 2021/08/07 9:31 a.m.•50 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.56 and fixes at least the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism...

5.5CVSS1.6AI score0.0046EPSS
Exploits2References7
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•50 views

Updated libuv packages fix security vulnerability

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS1AI score0.23132EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•50 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls CVE-2020-25097...

8.6CVSS2.9AI score0.95785EPSS
Exploits5References11
Total number of security vulnerabilities5000