Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2022/03/28 4:23 p.m.•48 views

Updated docker packages fix security vulnerability

Containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during 'execve2' CVE-2022-24769...

5.9CVSS3.1AI score0.00492EPSS
Exploits0References3
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•48 views

Updated 389-ds-base packages fix security vulnerability

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091...

7.5CVSS2.5AI score0.01983EPSS
Exploits0References2
Mageia
Mageia
•added 2022/01/15 8:9 a.m.•48 views

Updated vim packages fix security vulnerability

CWE-122 Heap-based Buffer Overflow CVE-2021-4136 CWE-125 Out-of-bounds Read CVE-2021-4166 CWE-416 Use After Free CVE-2021-4173 CWE-416 Use After Free CVE-2021-4187...

7.8CVSS3.4AI score0.01831EPSS
Exploits4References2
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•48 views

Updated keepalived packages fix security vulnerability

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable writable property...

5.5CVSS2.4AI score0.01159EPSS
Exploits0References6
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•48 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: == Security fixes == T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322,...

7.5CVSS4.5AI score0.0135EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/02 4:49 p.m.•48 views

Updated nss packages fix security vulnerability

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using NSS...

9.8CVSS2.3AI score0.17563EPSS
Exploits0References2
Mageia
Mageia
•added 2021/09/29 5:22 p.m.•48 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.32.4, fixing various bugs and the following security issue: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30858...

8.8CVSS5AI score0.13486EPSS
Exploits0References3
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•48 views

Updated ghostscript packages fix security vulnerability

Trivial -dSAFER bypass in 9.55. CVE-2021-3781...

9.9CVSS2.1AI score0.83913EPSS
Exploits0References6
Mageia
Mageia
•added 2021/09/08 9:23 a.m.•48 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.62 and fixes at least the following security issues: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel...

7.1CVSS6.8AI score0.0072EPSS
Exploits4References4
Mageia
Mageia
•added 2021/09/04 5:1 p.m.•48 views

Updated golang packages fix security vulnerability

The updated golang packages fix a security vulnerability: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort CVE-2021-36221...

5.9CVSS7AI score0.03128EPSS
Exploits0References6
Mageia
Mageia
•added 2021/08/15 8:38 a.m.•48 views

Updated qtwebengine5 packages fix security vulnerabilities

Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.5, fixing several security issues in the bundled chromium code...

9.6CVSS3.5AI score0.23406EPSS
Exploits8References2
Mageia
Mageia
•added 2021/07/25 8:34 a.m.•48 views

Updated lib3mf packages fix security vulnerability

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2021-21772. A new package 'act' is...

8.1CVSS4.8AI score0.04339EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•48 views

Updated firefox packages fix security vulnerabilities

A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled CVE-2021-29970. Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Petta...

8.8CVSS2.2AI score0.03582EPSS
Exploits1References6
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•48 views

Updated openexr packages fix security vulnerabilities

Updated openexr packages fix security vulnerabilities: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

8.8CVSS3AI score0.02291EPSS
Exploits1References5
Mageia
Mageia
•added 2021/07/10 12:56 p.m.•48 views

Updated htmldoc packages fix security vulnerabilities

Updated htmldoc packages fix security vulnerabilities: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181 CVE-2021-20308. AddressSanitizer: double-free in function pspdfexport ps-pdf.cxx...

10CVSS1.9AI score0.03291EPSS
Exploits8References4
Mageia
Mageia
•added 2021/02/08 5:58 p.m.•48 views

Updated phppgadmin package fixes a security vulnerability

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, database.php does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit...

9.6CVSS2.2AI score0.0364EPSS
Exploits1References1
Mageia
Mageia
•added 2021/01/08 3:34 p.m.•48 views

Updated firefox packages fix security vulnerability

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. CVE-2020-16044...

8.8CVSS2.6AI score0.01304EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/28 2:46 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

8.8CVSS1.4AI score0.01378EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/01 9:25 a.m.•48 views

Updated php-phpmailer packages fix security vulnerability

Fix insufficient output escaping bug in file attachment names CVE-2020-13625...

7.5CVSS2.1AI score0.0378EPSS
Exploits1References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•48 views

Updated virtualbox packages fix security vulnerability

Multiple security vulnerabilities in virtualbox allow unauthorized access to critical data or takeover of Oracle VM VirtualBox. See CVE references for details...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•48 views

Updated chocolate-doom packages fix security vulnerability

The server in Chocolate Doom 3.0.0 doesn't validate the user-controlled numplayers value, leading to a buffer overflow. A malicious user can overwrite the server's stack CVE-2020-14983...

9.8CVSS3.4AI score0.02245EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/06 8:42 p.m.•48 views

Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability: A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this...

5.7CVSS2AI score0.00813EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•48 views

Updated roundcubemail packages fix security vulnerability

The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting XSS via malicious XML attachment and improves the fix for CVE-2020-12641...

6.3CVSS1.8AI score0.76596EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•48 views

Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server CVE-2020-10700. A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing ...

7.5CVSS3.2AI score0.03455EPSS
Exploits0References6
Mageia
Mageia
•added 2020/04/16 11:1 p.m.•48 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

8.8CVSS2.2AI score0.01977EPSS
Exploits9References3
Mageia
Mageia
•added 2020/04/08 5:12 p.m.•48 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...

9.8CVSS0.5AI score0.01905EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•48 views

Updated nextcloud packages fix security vulnerability

Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes CVE-2019-15613. The nextcloud package has been updated to version 15.0.14, fixing this issue and other bugs...

8CVSS3.6AI score0.0113EPSS
Exploits0References3
Mageia
Mageia
•added 2020/02/24 9:44 p.m.•48 views

Updated libxml2_2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak CVE-2019-20388. xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation CVE-2020-7595...

7.5CVSS7.9AI score0.07836EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•48 views

Updated python-pillow packages fix security vulnerabilities

Updated python-pillow packages fix security vulnerabilities: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service CVE-2019-16865, CVE-2019-19911. It was discovered that Pillow incorrectly handled certain TIFF...

9.8CVSS2.8AI score0.04212EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•48 views

Updated openssl packages fix security vulnerability

Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...

5.3CVSS2.2AI score0.14298EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•48 views

Updated htmldoc packages fix security vulnerability

Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang CVE-2019-19630...

7.8CVSS1.3AI score0.01135EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•48 views

Updated openjpeg2 packages fix security vulnerability

The updated packages fix a security vulnerability: In OpenJPEG 2.3.1, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616...

5.5CVSS5.2AI score0.02596EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•48 views

Updated djvulibre packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...

7.5CVSS3.8AI score0.03667EPSS
Exploits5References2
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•48 views

Updated libsoup packages fix security vulnerability

Updated libsoup package fixes security vulnerability: It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service...

9.8CVSS3.9AI score0.02784EPSS
Exploits0References2
Mageia
Mageia
•added 2019/08/18 12:39 p.m.•48 views

Updated elfutils packages fix security vulnerabilities

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service CVE-2017-7607, CVE-2017-7608, CVE-2017-7609,...

9.8CVSS6.9AI score0.03691EPSS
Exploits16References4
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•48 views

Updated python3 packages fix security vulnerability

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

9.8CVSS1.4AI score0.20743EPSS
Exploits2References4
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•48 views

Updated firefox packages fix security vulnerability

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow CVE-2019-9810. Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and...

8.8CVSS2.8AI score0.29514EPSS
Exploits13References3
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•48 views

Updated file packages fix security vulnerabilities

The updated file packages fix security vulnerabilities: docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 docorenote in readelf.c in libmagic.a in file 5.35 allows remote...

8.8CVSS7.4AI score0.03465EPSS
Exploits2References6
Mageia
Mageia
•added 2019/03/07 4:34 p.m.•48 views

Updated gnutls packages fix security vulnerability

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.6CVSS2.8AI score0.00573EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/05 9:49 p.m.•48 views

Updated wget packages fix security vulnerability

Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes xattrs of the file system - by default. This includes username + password and other credentials or private data if those have been used within the URLs. Anyone with read access to those files...

7.8CVSS1.4AI score0.00659EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•48 views

Updated 389-ds-base packages fix security vulnerabilities

Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search CVE-2018-10850 ldapsearch with server side sort allows users to cause a crash CVE-2018-10935 a server crash through the modify command with large DN CVE-2018-1462...

7.5CVSS4.2AI score0.02451EPSS
Exploits1References5
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•48 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.20.5, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.02571EPSS
Exploits0References4
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•48 views

Updated dropbear packages fix security vulnerability

Dropbear is prone to a user enumeration vulnerability CVE-2018-15599. An external user without credentials can determine whether a given username exists on a server...

5.3CVSS2.6AI score0.02709EPSS
Exploits0References2
Mageia
Mageia
•added 2018/09/20 11:17 p.m.•48 views

Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix several security vulnerabilities including: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files CVE-2018-15908. In Artifex Ghostscript 9.23 before 2018-08-24, a typ...

9.3CVSS1.2AI score0.92499EPSS
Exploits5References7
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...

7.5CVSS5AI score0.08654EPSS
Exploits1References3
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•48 views

Updated file packages fix a security vulnerability

The updated packages fix a security vulnerability: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360...

6.5CVSS5.1AI score0.0341EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•48 views

Updated gifsicle package fixes security vulnerability

Updated gifsicle package fixes security vulnerability: A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled CVE-2017-18120...

7.8CVSS5.2AI score0.01795EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•48 views

Updated SDL_image packages fix security vulnerability

Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-1444...

8.8CVSS2.9AI score0.02677EPSS
Exploits3References2
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•48 views

Updated python packages fix security vulnerabilities

Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...

7.5CVSS2.9AI score0.05103EPSS
Exploits1References3
Mageia
Mageia
•added 2018/02/08 11:30 a.m.•48 views

Updated p7zip packages fix security vulnerability

Heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially...

7.8CVSS5.2AI score0.05032EPSS
Exploits1References2
Total number of security vulnerabilities5000