Lucene search
K
MageiaMost viewed

6005 matches found

Mageia
Mageia
•added 2020/04/08 5:12 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...

9.8CVSS0.5AI score0.01905EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•48 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS8.2AI score0.78808EPSS
Exploits29References7
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•48 views

Updated libxml2_2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak CVE-2019-20388. xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation CVE-2020-7595...

7.5CVSS7.9AI score0.07836EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•48 views

Updated nss packages fix security vulnerability

Updated nss packages fix security vulnerability: Out-of-bounds write when passing an output buffer smaller than the block size to NSCEncryptUpdate CVE-2019-11745. Also, rootcerts has been updated to 20191126.00...

8.8CVSS2AI score0.02994EPSS
Exploits0References3
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...

8.8CVSS2.6AI score0.01976EPSS
Exploits3References3
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•48 views

Updated djvulibre packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...

7.5CVSS3.8AI score0.03667EPSS
Exploits5References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•48 views

Updated python-sqlalchemy packages fix security vulnerabilities

Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the orderby parameter CVE-2019-7164. SQL Injection via the groupby parameter CVE-2019-7548...

9.8CVSS4AI score0.03525EPSS
Exploits3References2
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•48 views

Updated mariadb packages fix security vulnerability

Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthoriz...

4.9CVSS2.8AI score0.0301EPSS
Exploits0References3
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•48 views

Updated sysstat packages fix security vulnerabilities

Updated sysstat package fix security vulnerabilities: Out-of-bounds read during a memmove call inside the remapstruct function CVE-2018-19416. Out-of-bounds read during a memset call inside the remapstruct function CVE-2018-19517...

10CVSS3.1AI score0.05692EPSS
Exploits2References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•48 views

Updated python3 packages fix security vulnerability

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

9.8CVSS1.4AI score0.20743EPSS
Exploits2References4
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•48 views

Updated poppler packages fix security vulnerabilities

The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data...

8.8CVSS2.3AI score0.03473EPSS
Exploits1References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•48 views

Updated file packages fix security vulnerabilities

The updated file packages fix security vulnerabilities: docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 docorenote in readelf.c in libmagic.a in file 5.35 allows remote...

8.8CVSS7.4AI score0.03465EPSS
Exploits2References6
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•48 views

Updated gnutls packages fix security vulnerability

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.6CVSS2.8AI score0.00573EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/26 11:8 p.m.•48 views

Updated sqlite3 packages fix security vulnerability

A security issue fixed upstream in sqlite3 has been announced: https://www.openwall.com/lists/oss-security/2018/12/21/1 The issue is fixed in 3.25.3...

8.1CVSS0.5AI score0.09683EPSS
Exploits1References3
Mageia
Mageia
•added 2018/10/27 9:45 a.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390. Mozilla: Crash with nested event loops CVE-2018-12392. Mozilla: Integer overflow during...

9.8CVSS1.2AI score0.03924EPSS
Exploits0References4
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•48 views

Updated 389-ds-base packages fix security vulnerabilities

Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search CVE-2018-10850 ldapsearch with server side sort allows users to cause a crash CVE-2018-10935 a server crash through the modify command with large DN CVE-2018-1462...

7.5CVSS4.2AI score0.02451EPSS
Exploits1References5
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...

7.5CVSS5AI score0.08654EPSS
Exploits1References3
Mageia
Mageia
•added 2018/08/17 10:27 p.m.•48 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 68.0.3440.106 fixes security issues: Multiple flaws were found in the way Chromium 67.0.3396.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.6CVSS1.5AI score0.03296EPSS
Exploits0References5
Mageia
Mageia
•added 2018/07/11 9:7 p.m.•48 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 CVE-2018-6149 and incorrect handling of content security policy CVE-2018-6148. It also contains a new google API key...

8.8CVSS1.6AI score0.00726EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•48 views

Updated file packages fix a security vulnerability

The updated packages fix a security vulnerability: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360...

6.5CVSS5.1AI score0.0341EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•48 views

Updated SDL_image packages fix security vulnerability

Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-1444...

8.8CVSS2.9AI score0.02677EPSS
Exploits3References2
Mageia
Mageia
•added 2018/06/03 11:2 a.m.•48 views

Updated git packages fix security vulnerabilities

It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory CVE-2018-11233. Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by...

7.8CVSS1.5AI score0.49188EPSS
Exploits10References2
Mageia
Mageia
•added 2018/05/31 8:34 p.m.•48 views

Updated libvirt packages fix security vulnerability

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

5.5CVSS5.5AI score0.60631EPSS
Exploits2References2
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•48 views

Updated mbedtls packages fix security issues

CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that...

7.5CVSS1.8AI score0.02173EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/11 8:13 p.m.•48 views

Updated Qt5 packages fix security vulnerability

This update provide an update the new Qt5 LTS version 5.9...

8.8CVSS3.7AI score0.02479EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/03 6:48 p.m.•48 views

Updated acpica-tools packages fix security vulnerabilities

acpi operand cache leak in dsutils.c CVE-2017-13693. acpi parse and parseext cache leaks CVE-2017-13694. acpi operand cache leak in nseval.c CVE-2017-13695...

5.5CVSS3.5AI score0.00439EPSS
Exploits0References2
Mageia
Mageia
•added 2018/03/07 8:37 p.m.•48 views

Updated tor packages fix security vulnerabilities

A protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception CVE-2018-0490. A bug can be remotely triggered in order to crash relays with a use-after-free pattern CVE-2018-0491...

7.5CVSS1.3AI score0.15591EPSS
Exploits4References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•48 views

Updated mariadb packages fix security vulnerability

Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized...

7.5CVSS2.9AI score0.03952EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/19 11:12 p.m.•48 views

Updated mariadb packages fix security vulnerability

It was discovered that mariadb contained a security vulnerability CVE-2017-15365. This update fixes a few more bugs on the InnoDB Engine...

8.8CVSS2.5AI score0.0335EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/12 7:49 p.m.•48 views

Updated wireshark packages fix security vulnerabilities

The MRDISC dissector could crash CVE-2017-17997. The IxVeriWave file parser could crash CVE-2018-5334. The WCP dissector could crash CVE-2018-5335. Multiple dissectors could crash CVE-2018-5336. Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpfjitenabl...

7.5CVSS2.4AI score0.93838EPSS
Exploits9References7
Mageia
Mageia
•added 2017/11/26 9:18 p.m.•48 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.3, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.10151EPSS
Exploits51References6
Mageia
Mageia
•added 2017/09/10 12:36 p.m.•48 views

Updated tcpdump packages fix security vulnerabilities

Summary for 4.9.2 tcpdump release Do not use getprotobynumber for protocol name resolution. Do not do any protocol name resolution if -n is specified. Improve errors detection in the test scripts. Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. Clean up IS-IS printing. Fix buffer...

9.8CVSS0.5AI score0.06196EPSS
Exploits3References1
Mageia
Mageia
•added 2017/09/03 2:31 p.m.•48 views

Updated rt/perl-Encode packages fix security vulnerability

RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...

8.8CVSS9.2AI score0.02825EPSS
Exploits0References5
Mageia
Mageia
•added 2017/08/29 8:36 p.m.•48 views

Updated gstreamer0.10-plugins-base and gstreamer1.0-plugins-base packages fix security vulnerabilities

Denial of service in GStreamer base plugins can be caused by floating point exceptions CVE-2017-5837, CVE-2017-5844, stack overflow CVE-2017-5839, or out-of-bounds heap read CVE-2017-5842. Note that GStreamer 0.10 was only affected by the floating point exceptions...

7.5CVSS2.8AI score0.0448EPSS
Exploits0References3
Mageia
Mageia
•added 2017/07/25 10:7 p.m.•48 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.0.14, which fixes several security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.8CVSS3AI score0.03024EPSS
Exploits0References9
Mageia
Mageia
•added 2017/04/16 6:29 a.m.•48 views

Updated webkit2 packages fix security vulnerability

Multiple security fixes in latest webkit2 update...

8.8CVSS1.8AI score0.08511EPSS
Exploits44References6
Mageia
Mageia
•added 2017/03/31 6:14 a.m.•48 views

Updated mariadb packages fix security vulnerability

Crash in libmysqlclient.so in MariaDB 10.0.x through 10.0.29 CVE-2017-3302. Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: MyISAM. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to...

7.5CVSS4.9AI score0.04945EPSS
Exploits0References3
Mageia
Mageia
•added 2017/02/23 2:58 p.m.•48 views

Updated libpcap/tcpdump packages fix security vulnerability

The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ahprint. CVE-2016-7922 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arpprint. CVE-2016-7923 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oamprint. CVE-2016-7924...

9.8CVSS2.3AI score0.06196EPSS
Exploits0References3
Mageia
Mageia
•added 2017/01/27 8:30 p.m.•48 views

Updated shadow-utils packages fix security vulnerabilities

It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...

7.8CVSS1.7AI score0.00409EPSS
Exploits0References2
Mageia
Mageia
•added 2016/08/31 5:34 p.m.•48 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.12.4, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.18843EPSS
Exploits4References8
Mageia
Mageia
•added 2016/06/17 5:58 a.m.•48 views

Updated virtualbox packages fix security vulnerability

This update provides virtualbox 5.0.20 maintenance release, and fixes the following security issue: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vecto...

6.7CVSS5.1AI score0.00378EPSS
Exploits0References2
Mageia
Mageia
•added 2016/05/21 10:11 p.m.•48 views

Updated p7zip packages fix CVE-2016-2335

Updated p7zip package fixes security vulnerability: An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution CVE-2016-2335...

8.8CVSS2.5AI score0.09795EPSS
Exploits2References3
Mageia
Mageia
•added 2016/05/12 8:0 p.m.•48 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 11.2.202.621 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution CVE-2016-1105,...

10CVSS2.6AI score0.94354EPSS
Exploits14References2
Mageia
Mageia
•added 2016/03/07 6:3 p.m.•48 views

Updated jasper packages fix security vulnerabilities

Updated jasper packages fix security vulnerabilities: The jasmatrixclip function in jasseq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service invalid read and application crash via a crafted JPEG 2000 image CVE-2016-2089. Jacob Baines discovered that a double free...

7.6CVSS5.6AI score0.03269EPSS
Exploits0References3
Mageia
Mageia
•added 2016/03/07 11:20 a.m.•48 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerability: Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses CVE-2016-2569, CVE-2016-2570, CVE-2016-2571...

7.5CVSS0.7AI score0.31187EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/24 11:8 a.m.•48 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

9.8CVSS6.9AI score0.01888EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary...

10CVSS8.7AI score0.06058EPSS
Exploits1References10
Mageia
Mageia
•added 2015/11/05 10:46 p.m.•48 views

Updated libxml2 packages fix security vulnerability

A denial of service in libxml2 when parsing a specially crafted XML file if XZ support is enabled may cause applications to hang as the parsing never terminates CVE-2015-8035...

2.6CVSS7.4AI score0.03199EPSS
Exploits1References2
Mageia
Mageia
•added 2015/11/04 6:3 p.m.•48 views

Updated springframework packages fix security vulnerability

Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...

9.6CVSS7.8AI score0.0257EPSS
Exploits1References2
Mageia
Mageia
•added 2015/09/08 7:20 a.m.•48 views

Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly...

9.3CVSS10.1AI score0.67465EPSS
Exploits4References25
Total number of security vulnerabilities5000