Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2022/09/21 6:15 p.m.•99 views

Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS1.5AI score0.01342EPSS
Exploits0References5
Mageia
Mageia
•added 2022/06/13 8:44 p.m.•99 views

Updated apache packages fix security vulnerability

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

9.8CVSS0.5AI score0.19008EPSS
Exploits2References3
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•99 views

Updated edk2 packages fix multiples security vulnerabilities

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12179. Insufficient memory write check in SMM service for EDK II may allow an authenticated...

9.8CVSS4AI score0.01366EPSS
Exploits0References7
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•99 views

Updated pcre2 packages fix security vulnerability

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...

7.5CVSS4AI score0.01561EPSS
Exploits1References2
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•99 views

Updated kernel-tmb packages fix security vulnerability

This kernel-tmb update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map t...

7.8CVSS7.2AI score0.98745EPSS
Exploits4References11
Mageia
Mageia
•added 2019/05/12 8:58 p.m.•99 views

Updated binutils packages fixes security vulnerabilities

This update provides the latest stable binutils, currently version 2.32 and fixes at least the following security issues: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects CVE-2014-9939 Use-after-free vulnerability in libiberty allows...

9.8CVSS9.2AI score0.08544EPSS
Exploits30References27
Mageia
Mageia
•added 2024/04/30 10:25 p.m.•98 views

Updated mediawiki packages fix security vulnerabilities

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator...

9CVSS6.4AI score0.22699EPSS
Exploits5References1
Mageia
Mageia
•added 2024/02/18 1:49 a.m.•98 views

Updated dnsmasq packages fix security vulnerabilities

This updated dnsmasq package fixes security issues: Certain DNSSEC aspects of the DNS protocol allow a remote attacker to trigger a denial of service via extreme consumption of resource caused by DNSSEC query or response: - KeyTrap - Extreme CPU consumption in DNSSEC validator. CVE-2023-50387 -...

7.5CVSS7.2AI score0.99995EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•98 views

Updated git packages fix security vulnerability

gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a '.gitattributes' file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes,...

9.8CVSS3.6AI score0.56334EPSS
Exploits0References5
Mageia
Mageia
•added 2020/03/10 7:4 p.m.•98 views

Updated gpac packages fix security vulnerabilities

The updated packages fix security vulnerabilities: AVCDuplicateConfig at isomedia/avcext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file. There is "cfgnew-AVCLevelIndication = cfg-AVCLevelIndication;" but cfg...

7.5CVSS5.5AI score0.02344EPSS
Exploits10References2
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•98 views

Updated python-jinja2 packages fix security vulnerability

Sandbox escape due to information disclosure via str.format CVE-2016-10745. str.formatmap allows sandbox escape CVE-2019-10906...

8.6CVSS2.6AI score0.03603EPSS
Exploits1References3
Mageia
Mageia
•added 2018/11/03 11:55 a.m.•98 views

Updated perl-Dancer2 packages fix security vulnerabilities

Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing...

1.7AI score
Exploits0References2
Mageia
Mageia
•added 2018/03/19 12:13 p.m.•98 views

Updated microcode packages fix security vulnerabilities

This update provides new microcode fixes and mitigations for Spectre CVE-2017-5715 for many Intel CPUs produced in the last 5 years. So far the Intel microcode updates are for several processors from many of Intel Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake, Apollo Lake,...

5.6CVSS1.5AI score0.74041EPSS
Exploits9References2
Mageia
Mageia
•added 2017/02/25 8:29 a.m.•98 views

Updated kernel-tmb packages fixes security vulnerabilities

This kernel-tmb update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access to ...

9.8CVSS4AI score0.0596EPSS
Exploits13References12
Mageia
Mageia
•added 2022/11/04 9:16 p.m.•97 views

Updated wkhtmltopdf packages fix security vulnerability

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. CVE-2020-21365...

7.5CVSS3.8AI score0.01817EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•97 views

Updated python-pillow packages fix security vulnerability

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary...

9.8CVSS5.3AI score0.03399EPSS
Exploits0References5
Mageia
Mageia
•added 2022/03/29 2:25 p.m.•97 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local...

7.8CVSS8.1AI score0.06197EPSS
Exploits24References5
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•97 views

Updated freerdp/remmina packages fix security vulnerability

It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. The freerdp package has been updated to version 2.1.2 to fix these issues. Also, th...

8.3CVSS4.9AI score0.02653EPSS
Exploits12References41
Mageia
Mageia
•added 2024/11/02 4:56 p.m.•96 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.1CVSS7.3AI score0.01367EPSS
Exploits2References7
Mageia
Mageia
•added 2024/07/14 5:23 a.m.•96 views

Updated freeradius packages fix security vulnerability

This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS serv...

9CVSS7.2AI score0.14859EPSS
Exploits2References3
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•96 views

Updated log4j packages fix security vulnerability

Apache Log4j2 is vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed b...

8.5CVSS2.9AI score0.97906EPSS
Exploits9References3
Mageia
Mageia
•added 2018/05/12 6:28 a.m.•96 views

Updated imagemagick packages fix security vulnerabilities

The imagemagick package has been updated to version 6.9.9.41 which fixes several unspecified security vulnerabilities. This update fixes several vulnerabilities in imagemagick, including: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of...

9.8CVSS2.2AI score0.2831EPSS
Exploits21References2
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•95 views

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

8.8CVSS6.8AI score0.0178EPSS
Exploits3References4
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•95 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. This issue could occur when associnfo-reqlen data is bigger than the siz...

7.8CVSS7.1AI score0.16642EPSS
Exploits9References5
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•95 views

Updated apache packages fix security vulnerability

Some modproxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target URL data an...

9.8CVSS8.7AI score0.8377EPSS
Exploits5References2
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•95 views

Updated unrar packages fix security vulnerability

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. CVE-2022-30333...

7.5CVSS5AI score0.98975EPSS
Exploits12References2
Mageia
Mageia
•added 2021/01/25 3:25 p.m.•95 views

Updated python-urllib3 packages fix security vulnerability

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest CVE-2020-26137...

6.5CVSS7.6AI score0.02269EPSS
Exploits0References2
Mageia
Mageia
•added 2020/11/15 3:45 p.m.•95 views

Updated golang packages fix a security vulnerability

A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...

6.1CVSS6.2AI score0.03646EPSS
Exploits2References3
Mageia
Mageia
•added 2018/01/03 4:40 p.m.•95 views

Updated curl packages fix security vulnerability

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...

9.8CVSS0.11175EPSS
Exploits0References19
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•94 views

Updated sqlite3 packages fix security vulnerability

It was discovered that sqlite contained an assertion failure upon queries when compiled with -DSQLITEENABLESTAT4 CVE-2022-35737...

7.5CVSS1.8AI score0.19193EPSS
Exploits2References3
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•94 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allo...

8.2CVSS1.9AI score0.02972EPSS
Exploits7References7
Mageia
Mageia
•added 2022/03/29 2:25 p.m.•94 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to...

7.8CVSS8.1AI score0.06197EPSS
Exploits24References5
Mageia
Mageia
•added 2017/08/11 10:24 p.m.•94 views

Updated jackson-databind packages fix security vulnerability

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper CVE-2017-7525...

9.8CVSS3.4AI score0.37925EPSS
Exploits7References2
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•94 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1...

7.2CVSS7.3AI score0.03751EPSS
Exploits8References27
Mageia
Mageia
•added 2024/04/10 4:3 a.m.•93 views

Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames cve.mitre.org HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in...

7.5CVSS7.2AI score0.91327EPSS
Exploits2References3
Mageia
Mageia
•added 2022/12/24 9:14 a.m.•93 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 108.0.5359.124 release, fixing 8 vulnerabilities. Some of the security fixes are ... High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 High CVE-2022-4437: Use after free in Mojo IPC. Reported by...

8.8CVSS1AI score0.00651EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•93 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a...

7.8CVSS0.6AI score0.12746EPSS
Exploits14References6
Mageia
Mageia
•added 2021/03/12 1:25 a.m.•93 views

Updated python-yaml packages fix security vulnerability

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw...

10CVSS9.9AI score0.05984EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/03 11:55 a.m.•93 views

Updated axis packages fix security vulnerability

Updated axis packages fix security vulnerability: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services CVE-2018-8032...

6.1CVSS1.5AI score0.10554EPSS
Exploits0References2
Mageia
Mageia
•added 2017/12/21 10:14 p.m.•93 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.4.105 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink...

8.8CVSS0.9AI score0.02285EPSS
Exploits8References14
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•92 views

Updated python-twisted packages fix security vulnerabilities

Twisted.web has disordered HTTP pipeline response. CVE-2023-46137 Twisted.web has disordered HTTP pipeline response. CVE-2024-41671 HTML injection in HTTP redirect body. CVE-2024-41810...

8.3CVSS6.5AI score0.01109EPSS
Exploits1References4
Mageia
Mageia
•added 2023/03/01 9:14 p.m.•92 views

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

9.8CVSS9.1AI score0.01639EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•92 views

Updated imagemagick packages fix security vulnerability

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. CVE-2021-3574 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows a...

7.8CVSS1.3AI score0.0238EPSS
Exploits4References16
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•92 views

Updated expat packages fix security vulnerability

Passing malformed 2- and 3-byte UTF-8 sequences e.g. from start tag names to the XML processing application on top of Expat can cause arbitrary damage e.g. code execution depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with co...

9.8CVSS2.3AI score0.34174EPSS
Exploits1References3
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•92 views

Updated samba packages fix security vulnerability

When Samba is used as a domain controller, an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw CVE-2020-1472. Note that Samba installations are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel...

10CVSS2.2AI score0.99512EPSS
Exploits75References4
Mageia
Mageia
•added 2018/09/22 7:23 p.m.•92 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.70 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets targeti...

7.8CVSS1.1AI score0.24575EPSS
Exploits5References2
Mageia
Mageia
•added 2018/01/06 12:53 a.m.•92 views

kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

8.8CVSS4.1AI score0.30052EPSS
Exploits32References17
Mageia
Mageia
•added 2014/09/24 6:42 p.m.•92 views

Updated bash packages fix CVE-2014-6271

Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

10CVSS9.7AI score0.99999EPSS
Exploits130References5
Mageia
Mageia
•added 2024/07/29 6:26 p.m.•91 views

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change. Successf...

8.2CVSS6.8AI score0.00457EPSS
Exploits0References3
Mageia
Mageia
•added 2024/01/17 11:50 p.m.•91 views

Updated tinyxml packages fix a security vulnerability

The updated packages fix a security vulnerability: StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace. CVE-2023-34194...

7.5CVSS7.3AI score0.01372EPSS
Exploits0References2
Total number of security vulnerabilities5000