Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2022/04/02 10:22 p.m.•48 views

Updated openjpeg2 packages fix security vulnerability

A flaw was found in the opj2decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and...

5.5CVSS1.5AI score0.01078EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/28 4:23 p.m.•48 views

Updated docker packages fix security vulnerability

Containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during 'execve2' CVE-2022-24769...

5.9CVSS3.1AI score0.00492EPSS
Exploits0References3
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•48 views

Updated 389-ds-base packages fix security vulnerability

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091...

7.5CVSS2.5AI score0.01983EPSS
Exploits0References2
Mageia
Mageia
•added 2022/01/15 8:9 a.m.•48 views

Updated vim packages fix security vulnerability

CWE-122 Heap-based Buffer Overflow CVE-2021-4136 CWE-125 Out-of-bounds Read CVE-2021-4166 CWE-416 Use After Free CVE-2021-4173 CWE-416 Use After Free CVE-2021-4187...

7.8CVSS3.4AI score0.01831EPSS
Exploits4References2
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•48 views

Updated keepalived packages fix security vulnerability

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable writable property...

5.5CVSS2.4AI score0.01159EPSS
Exploits0References6
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•48 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: == Security fixes == T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322,...

7.5CVSS4.5AI score0.0135EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/02 4:49 p.m.•48 views

Updated gfbgraph packages fix security vulnerability

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

5.9CVSS3.4AI score0.00708EPSS
Exploits0References2
Mageia
Mageia
•added 2021/11/18 9:50 p.m.•48 views

Updated opensc packages fix security vulnerability

CVE-2021-42780: Fixed use after return in insertpin bsc1192005. CVE-2021-42779: Fixed use after free in scfilevalid bsc1191992. CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c bsc1192000. CVE-2021-42782: Stack buffer overflow issues in various places bsc1191957...

5.3CVSS1.3AI score0.02805EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•48 views

Updated python-mpmath packages fix security vulnerability

Fix CVE-2021-29063 regular expression denial of service...

7.5CVSS3.4AI score0.041EPSS
Exploits1References3
Mageia
Mageia
•added 2021/09/29 5:22 p.m.•48 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.32.4, fixing various bugs and the following security issue: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30858...

8.8CVSS5AI score0.13486EPSS
Exploits0References3
Mageia
Mageia
•added 2021/09/08 9:23 a.m.•48 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.62 and fixes at least the following security issues: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel...

7.1CVSS6.8AI score0.0072EPSS
Exploits4References4
Mageia
Mageia
•added 2021/08/15 8:38 a.m.•48 views

Updated qtwebengine5 packages fix security vulnerabilities

Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.5, fixing several security issues in the bundled chromium code...

9.6CVSS3.5AI score0.23406EPSS
Exploits8References2
Mageia
Mageia
•added 2021/07/25 8:34 a.m.•48 views

Updated lib3mf packages fix security vulnerability

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2021-21772. A new package 'act' is...

8.1CVSS4.8AI score0.04339EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•48 views

Updated firefox packages fix security vulnerabilities

A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled CVE-2021-29970. Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Petta...

8.8CVSS2.2AI score0.03582EPSS
Exploits1References6
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•48 views

Updated openexr packages fix security vulnerabilities

Updated openexr packages fix security vulnerabilities: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

8.8CVSS3AI score0.02291EPSS
Exploits1References5
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•48 views

Updated htmldoc packages fix security vulnerabilities

Updated htmldoc packages fix security vulnerabilities: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181 CVE-2021-20308. AddressSanitizer: double-free in function pspdfexport ps-pdf.cxx...

10CVSS1.9AI score0.03291EPSS
Exploits8References4
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•48 views

Updated thunar packages fix a security vulnerability

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program based on the file type without user confirmation. This could be used to achieve code execution CVE-2021-32563...

9.8CVSS2AI score0.03076EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•48 views

Updated perl-Image-ExifTool package fixes a security vulnerability

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image CVE-2021-22204...

7.8CVSS8.3AI score0.99981EPSS
Exploits39References5
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•48 views

Updated rust packages fix security vulnerabilities

This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit...

9.8CVSS3AI score0.0289EPSS
Exploits4References6
Mageia
Mageia
•added 2021/02/04 1:40 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Cross-origin information leakage via redirected PDF requests. CVE-2021-23953 Type confusion when using logical assignment operators in JavaScript switch statements. CVE-2021-23954 IMAP Response Injection when using STARTTLS. CVE-2020-15685 HTTPS pages could have been intercepted by a registered...

8.8CVSS1.1AI score0.01556EPSS
Exploits1References3
Mageia
Mageia
•added 2021/01/27 12:40 a.m.•48 views

Updated sudo packages fix security vulnerability

A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is no...

7.8CVSS3.9AI score0.99295EPSS
Exploits81References2
Mageia
Mageia
•added 2020/08/28 2:46 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

8.8CVSS1.4AI score0.01378EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/01 9:25 a.m.•48 views

Updated php-phpmailer packages fix security vulnerability

Fix insufficient output escaping bug in file attachment names CVE-2020-13625...

7.5CVSS2.1AI score0.0378EPSS
Exploits1References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•48 views

Updated virtualbox packages fix security vulnerability

Multiple security vulnerabilities in virtualbox allow unauthorized access to critical data or takeover of Oracle VM VirtualBox. See CVE references for details...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•48 views

Updated chocolate-doom packages fix security vulnerability

The server in Chocolate Doom 3.0.0 doesn't validate the user-controlled numplayers value, leading to a buffer overflow. A malicious user can overwrite the server's stack CVE-2020-14983...

9.8CVSS3.4AI score0.02245EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/06 8:42 p.m.•48 views

Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability: A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this...

5.7CVSS2AI score0.00813EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•48 views

Updated roundcubemail packages fix security vulnerability

The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting XSS via malicious XML attachment and improves the fix for CVE-2020-12641...

6.3CVSS1.8AI score0.76596EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•48 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server CVE-2020-10700. A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing ...

7.5CVSS3.2AI score0.03455EPSS
Exploits0References6
Mageia
Mageia
•added 2020/04/16 11:1 p.m.•48 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS2.2AI score0.01977EPSS
Exploits9References3
Mageia
Mageia
•added 2020/04/08 5:12 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...

9.8CVSS0.5AI score0.01905EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•48 views

Updated nextcloud packages fix security vulnerability

Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes CVE-2019-15613. The nextcloud package has been updated to version 15.0.14, fixing this issue and other bugs...

8CVSS3.6AI score0.0113EPSS
Exploits0References3
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•48 views

Updated libxml2_2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak CVE-2019-20388. xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation CVE-2020-7595...

7.5CVSS7.9AI score0.07836EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...

8.8CVSS2.6AI score0.01976EPSS
Exploits3References3
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•48 views

Updated djvulibre packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...

7.5CVSS3.8AI score0.03667EPSS
Exploits5References2
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•48 views

Updated libsoup packages fix security vulnerability

Updated libsoup package fixes security vulnerability: It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service...

9.8CVSS3.9AI score0.02784EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•48 views

Updated sysstat packages fix security vulnerabilities

Updated sysstat package fix security vulnerabilities: Out-of-bounds read during a memmove call inside the remapstruct function CVE-2018-19416. Out-of-bounds read during a memset call inside the remapstruct function CVE-2018-19517...

10CVSS3.1AI score0.05692EPSS
Exploits2References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•48 views

Updated python3 packages fix security vulnerability

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

9.8CVSS1.4AI score0.20743EPSS
Exploits2References4
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•48 views

Updated file packages fix security vulnerabilities

The updated file packages fix security vulnerabilities: docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 docorenote in readelf.c in libmagic.a in file 5.35 allows remote...

8.8CVSS7.4AI score0.03465EPSS
Exploits2References6
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•48 views

Updated gnutls packages fix security vulnerability

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.6CVSS2.8AI score0.00573EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/05 9:49 p.m.•48 views

Updated wget packages fix security vulnerability

Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes xattrs of the file system - by default. This includes username + password and other credentials or private data if those have been used within the URLs. Anyone with read access to those files...

7.8CVSS1.4AI score0.00659EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/27 9:45 a.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390. Mozilla: Crash with nested event loops CVE-2018-12392. Mozilla: Integer overflow during...

9.8CVSS1.2AI score0.03924EPSS
Exploits0References4
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•48 views

Updated 389-ds-base packages fix security vulnerabilities

Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search CVE-2018-10850 ldapsearch with server side sort allows users to cause a crash CVE-2018-10935 a server crash through the modify command with large DN CVE-2018-1462...

7.5CVSS4.2AI score0.02451EPSS
Exploits1References5
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•48 views

Updated dropbear packages fix security vulnerability

Dropbear is prone to a user enumeration vulnerability CVE-2018-15599. An external user without credentials can determine whether a given username exists on a server...

5.3CVSS2.6AI score0.02709EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...

7.5CVSS5AI score0.08654EPSS
Exploits1References3
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•48 views

Updated file packages fix a security vulnerability

The updated packages fix a security vulnerability: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360...

6.5CVSS5.1AI score0.0341EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•48 views

Updated SDL_image packages fix security vulnerability

Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-1444...

8.8CVSS2.9AI score0.02677EPSS
Exploits3References2
Mageia
Mageia
•added 2018/05/24 4:30 p.m.•48 views

Updated mbedtls packages fix security issues

CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that...

7.5CVSS1.8AI score0.02173EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:58 a.m.•48 views

Updated perl packages fix security vulnerability

GwanYeong Kim reported that 'pack' could cause a heap buffer write overflow with a large item count CVE-2018-6913...

9.8CVSS1.6AI score0.10866EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•48 views

Updated mariadb packages fix security vulnerability

Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Partition. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized...

7.5CVSS2.9AI score0.03952EPSS
Exploits0References3
Mageia
Mageia
•added 2018/01/19 11:12 p.m.•48 views

Updated mariadb packages fix security vulnerability

It was discovered that mariadb contained a security vulnerability CVE-2017-15365. This update fixes a few more bugs on the InnoDB Engine...

8.8CVSS2.5AI score0.0335EPSS
Exploits0References2
Total number of security vulnerabilities5000