Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2015/01/24 2:32 p.m.50 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references,...

7.5CVSS9.7AI score0.04339EPSS
Exploits0References5
Mageia
Mageia
added 2015/01/14 9:55 p.m.50 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.429 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an improper file validation issue CVE-2015-0301. This update resolves an information...

10CVSS7.3AI score0.08742EPSS
Exploits0References2
Mageia
Mageia
added 2015/01/09 4:44 p.m.50 views

Updated glpi package fixes security vulnerabilities

Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria CVE-2014-5032. An issue in GLPI before 0.84.8 may allow arbitrary local files to be included ...

7.5CVSS7.5AI score0.03167EPSS
Exploits4References6
Mageia
Mageia
added 2015/01/09 4:44 p.m.50 views

Updated curl packages fix CVE-2014-8150

Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to...

4.3CVSS9.1AI score0.0681EPSS
Exploits0References2
Mageia
Mageia
added 2015/01/07 4:32 p.m.50 views

Updated asterisk packages fix CVE-2014-9374

Updated asterisk packages fix security vulnerability: Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service crash by sending a zero length frame after a non-zero length frame...

5CVSS6.3AI score0.09525EPSS
Exploits0References5
Mageia
Mageia
added 2014/12/09 8:12 p.m.50 views

Updated openafs packages fix security vulnerabilies

Updated openafs packages fix security vulnerabilities: Buffer overflow in the GetStatistics64 remote procedure call RPC in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service crash via a crafted statsVersion argument CVE-2014-0159. OpenAFS before 1.6.7 delays the listen thre...

5CVSS6.4AI score0.02179EPSS
Exploits1References14
Mageia
Mageia
added 2014/11/21 12:44 p.m.50 views

Updated python-djblets packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name CVE-2014-3994...

4.3CVSS8.3AI score0.02392EPSS
Exploits2References2
Mageia
Mageia
added 2014/10/29 11:30 a.m.50 views

Updated KDE 4 and related packages move to KDE 4.12.5

This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw CVE-2014-3494 - mga13545 - KAuth PID Reuse...

8.8CVSS9.3AI score0.0783EPSS
Exploits3References38
Mageia
Mageia
added 2014/10/25 8:23 p.m.50 views

Updated drupal packages fix security vulnerability

An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of...

7.5CVSS8AI score0.99974EPSS
Exploits20References6
Mageia
Mageia
added 2014/10/07 9:22 a.m.50 views

Updated xerces-j2 packages fix CVE-2013-4002

Updated xerces-j2 packages fix security vulnerability: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using...

7.1CVSS3.1AI score0.24738EPSS
Exploits0References3
Mageia
Mageia
added 2014/10/07 9:22 a.m.50 views

Updated libvncserver & remmina packages fix security vulnerabilities

Updated libvncserver and remmina packages fix security vulnerabilities: A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on...

7.5CVSS9.4AI score0.08272EPSS
Exploits1References3
Mageia
Mageia
added 2014/08/26 11:4 p.m.50 views

Updated file packages fix CVE-2014-3587

Updated file packages fix security vulnerability: A flaw was found in the way file uses cdfreadpropertyinfo function when checks stream offsets for certain Composite Document Format CDF. An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow. This...

4.3CVSS8.4AI score0.20237EPSS
Exploits1References2
Mageia
Mageia
added 2014/05/10 7:34 p.m.50 views

Updated libpng packages fix two security vulnerabilities

Updated libpng12 and libpng packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the pngsetsPLT and pngsettext2 API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to...

6.5CVSS4.3AI score0.02397EPSS
Exploits0References3
Mageia
Mageia
added 2014/04/03 3:18 p.m.50 views

Updated python-pillow packages fix insecure use of temporary files

Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created via mktemp in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perfo...

4.4CVSS8.6AI score0.00492EPSS
Exploits2References4
Mageia
Mageia
added 2014/02/25 9:22 p.m.50 views

Updated otrs packages fix security vulnerabilities and a missing dependency

Updated otrs package fixes security vulnerabilities: In OTRS before 3.2.14, an attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks CVE-2014-1694. In OTRS before 3.2.14, an...

7.5CVSS6.6AI score0.01827EPSS
Exploits1References5
Mageia
Mageia
added 2014/02/21 6:16 p.m.50 views

Updated python-numpy packages fix security vulnerabilities

f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py CVE-2014-1858, CVE-2014-1859...

5.5CVSS5.6AI score0.00471EPSS
Exploits0References3
Mageia
Mageia
added 2014/02/12 10:53 p.m.50 views

Updated kernel-vserver packages fix security vulnerability

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

6.9CVSS7.8AI score0.34649EPSS
Exploits19References5
Mageia
Mageia
added 2014/02/11 10:37 p.m.50 views

Updated ruby-will_paginate package fixes CVE-2013-6459

Updated ruby-willpaginate packages fix security vulnerability: Cross-Site Scripting XSS vulnerabilities were found in willpaginate gem for Ruby, where certain input related to generated pagination links were not properly sanitised before being returned. This could be exploited to execute arbitrar...

4.3CVSS0.7AI score0.02209EPSS
Exploits1References3
Mageia
Mageia
added 2014/02/05 3:35 p.m.50 views

Updated flash-player-plugin packages fix CVE-2014-0497

Adobe Flash Player 11.2.202.336 contains a fix to a critical security vulnerability found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves an integer underflow vulnerability that could be exploited...

10CVSS7.2AI score0.99883EPSS
Exploits7References2
Mageia
Mageia
added 2014/02/05 3:27 p.m.50 views

Updated hplip package fixes security vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. CVE-2013-6402 It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker...

6.8CVSS2.4AI score0.03945EPSS
Exploits1References3
Mageia
Mageia
added 2013/12/17 11:30 p.m.50 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
added 2013/11/13 7:3 p.m.50 views

Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

10CVSS1.8AI score0.24738EPSS
Exploits0References4
Mageia
Mageia
added 2013/09/19 9:45 a.m.50 views

Updated wordpress and php-phpmailer packages fix security vulnerabilities

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations CVE-2013-4338. WordPress before 3.6.1 does not properly validate URLs before...

7.5CVSS4.6AI score0.08749EPSS
Exploits8References3
Mageia
Mageia
added 2013/09/03 7:50 p.m.50 views

Updated roundcubemail package fixes security vulnerability

XSS vulnerabilities when saving HTML signatures and when editing a message "as new" or draft in roundcubemail before 0.9.3 CVE-2013-5645...

4.3CVSS1.3AI score0.0188EPSS
Exploits2References3
Mageia
Mageia
added 2024/11/12 7:53 p.m.49 views

Updated php-tcpdf packages fix security vulnerability

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file. CVE-2024-22641...

7.5CVSS6.8AI score0.01113EPSS
Exploits1References2
Mageia
Mageia
added 2024/07/05 4:28 p.m.49 views

Updated python-js2py packages fix security vulnerability

CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...

5.3CVSS7.2AI score0.04548EPSS
Exploits22References2
Mageia
Mageia
added 2024/06/14 5:30 p.m.49 views

Updated vte packages fix security vulnerability

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535...

4.4CVSS7.2AI score0.00238EPSS
Exploits0References3
Mageia
Mageia
added 2024/05/21 11:17 p.m.49 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.60 release. It includes 9 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium...

9.6CVSS7.9AI score0.15111EPSS
Exploits5References2
Mageia
Mageia
added 2024/05/09 2:40 a.m.49 views

Updated libvirt packages fix security vulnerability

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of...

5.5CVSS7.1AI score0.0025EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/12 8:45 p.m.49 views

Updated indent packages fix security vulnerability

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash. CVE-2024-0911...

5.5CVSS7.2AI score0.00312EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/05 6:24 p.m.49 views

Updated texlive-20220321 packages fix security vulnerabilities

LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

8.1CVSS7.8AI score0.00902EPSS
Exploits1References2
Mageia
Mageia
added 2024/03/24 4:57 a.m.49 views

Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

7.5CVSS6.8AI score0.01028EPSS
Exploits0References4
Mageia
Mageia
added 2023/12/15 5:57 p.m.49 views

Updated audiofile packages fix a security vulnerability

2 patches are added to audiofile source to correct a vulnerability. In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. CVE-2019-13147...

6.5CVSS6.9AI score0.01913EPSS
Exploits1References1
Mageia
Mageia
added 2023/09/11 1:7 p.m.49 views

Updated libtiff packages fix security vulnerability

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

6.5CVSS6.8AI score0.01124EPSS
Exploits5References2
Mageia
Mageia
added 2023/09/11 1:7 p.m.49 views

Updated clamav packages fix security vulnerability

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

7.5CVSS6.7AI score0.02599EPSS
Exploits0References1
Mageia
Mageia
added 2023/06/28 5:21 a.m.49 views

Updated libx11 packages fix security vulnerability

Buffer overflows in InitExt.c in libX11 prior to 1.8.6. CVE-2023-3138...

7.5CVSS7AI score0.01656EPSS
Exploits0References3
Mageia
Mageia
added 2022/12/13 10:9 p.m.49 views

Updated busybox packages fix security vulnerability

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. CVE-2022-30065...

7.8CVSS3.3AI score0.01167EPSS
Exploits1References2
Mageia
Mageia
added 2022/11/27 8:51 p.m.49 views

Updated botan packages fix security vulnerability

Fixed validation of embedded certificates was when checking OCSP responses CVE-2022-43705...

9.1CVSS1.9AI score0.00415EPSS
Exploits0References2
Mageia
Mageia
added 2022/11/27 8:51 p.m.49 views

Updated xterm packages fix security vulnerability

xterm before patch 375 can enable an RCE under certain conditions...

9.8CVSS2AI score0.04949EPSS
Exploits1References3
Mageia
Mageia
added 2022/08/25 9:21 p.m.49 views

Updated rsync packages fix security vulnerability

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

7.4CVSS3.5AI score0.0165EPSS
Exploits1References4
Mageia
Mageia
added 2022/07/29 8:53 p.m.49 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

It was discovered that gdk-pixbuf contained a buffer overwrite in io-gif-animation.c compositeframe exploitable using a crafted GIF CVE-2021-46829...

7.8CVSS3AI score0.00748EPSS
Exploits1References3
Mageia
Mageia
added 2022/07/05 7:11 p.m.49 views

Updated ruby-git packages fix security vulnerability

Command Injection via git argument injection CVE-2022-25648...

9.8CVSS4.4AI score0.04871EPSS
Exploits1References2
Mageia
Mageia
added 2022/05/28 8:56 a.m.49 views

Updated golang packages fix security vulnerability

The syscall.Faccessat function checks whether the calling process can access a file. Faccessat contains a bug where it checks a file’s group permission bits if the process’s user is a member of the process’s group rather than a member of the file’s group. CVE-2022-29526...

5.3CVSS1.7AI score0.02593EPSS
Exploits1References3
Mageia
Mageia
added 2022/04/09 9:20 p.m.49 views

Updated busybox packages fix security vulnerability

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. CVE-2022-28391...

8.8CVSS7AI score0.03505EPSS
Exploits1References3
Mageia
Mageia
added 2022/01/25 12:13 p.m.49 views

Updated webkit2 packages fix security vulnerability

Multiple security issues affecting webkit2. See references for details...

9.3CVSS2.4AI score0.07617EPSS
Exploits1References2
Mageia
Mageia
added 2021/12/19 12:26 p.m.49 views

Updated vim packages fix security vulnerability

Updated vim packages fix security vulnerability: vim is vulnerable to Use After Free CVE-2021-4069...

7.8CVSS2AI score0.01293EPSS
Exploits1References1
Mageia
Mageia
added 2021/11/10 10:53 p.m.49 views

Updated libzapojit packages fix security vulnerability

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. CVE-2021-39360...

5.9CVSS3.2AI score0.00831EPSS
Exploits0References2
Mageia
Mageia
added 2021/09/29 5:22 p.m.49 views

Updated libgcrypt packages fix security vulnerability

The updated packages fix a security vulnerability: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defin...

5.9CVSS1.6AI score0.01423EPSS
Exploits1References2
Mageia
Mageia
added 2021/06/30 11:58 p.m.49 views

Updated thunar packages fix a security vulnerability

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program based on the file type without user confirmation. This could be used to achieve code execution CVE-2021-32563...

9.8CVSS2AI score0.03076EPSS
Exploits0References3
Mageia
Mageia
added 2021/06/28 9:16 p.m.49 views

Updated openjpeg2 packages fix a security vulnerability

A heap-based buffer overflow was found in openjpeg. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg CVE-2021-3575...

7.8CVSS5AI score0.01536EPSS
Exploits1References2
Total number of security vulnerabilities5000