Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2021/08/23 5:28 a.m.•46 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.60 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the a...

8.8CVSS6.8AI score0.00658EPSS
Exploits1References5
Mageia
Mageia
•added 2021/05/31 8:31 p.m.•46 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.41 and fixes at least the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash...

7.8CVSS7.2AI score0.00485EPSS
Exploits1References5
Mageia
Mageia
•added 2021/04/18 6:34 p.m.•46 views

Updated python3 packages fix security vulnerability

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...

5.7CVSS2AI score0.01863EPSS
Exploits0References3
Mageia
Mageia
•added 2021/03/21 10:43 a.m.•46 views

Updated python-cairosvg packages fix security vulnerability

When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service REDoS. If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time CVE-2021-21236...

5.7CVSS3.6AI score0.01466EPSS
Exploits1References2
Mageia
Mageia
•added 2021/03/12 1:25 a.m.•46 views

Updated roundcubemail package fixes security vulnerability

This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...

5.4CVSS0.5AI score0.01006EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/08 3:34 p.m.•46 views

Updated firefox packages fix security vulnerability

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. CVE-2020-16044...

8.8CVSS2.6AI score0.01304EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/20 2:43 p.m.•46 views

Updated openjpeg2 packages fix security vulnerabilities

A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution CVE-2020-27814. A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker ...

7.8CVSS3.6AI score0.02008EPSS
Exploits1References3
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•46 views

Updated openjpeg2 packages fix security vulnerability

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice CVE-2020-15389...

6.5CVSS2.3AI score0.02595EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•46 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution CVE-2020-3899. The webkit2 package has been updated to version 2.28.2, fixing this issue and other bugs...

9.3CVSS5.4AI score0.04017EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•46 views

Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...

10CVSS9.8AI score0.05299EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•46 views

Updated pure-ftpd packages fix security vulnerabilities

Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect...

9.8CVSS2.8AI score0.04365EPSS
Exploits0References1
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•46 views

Updated python-pillow packages fix security vulnerabilities

Updated python-pillow packages fix security vulnerabilities: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service CVE-2019-16865, CVE-2019-19911. It was discovered that Pillow incorrectly handled certain TIFF...

9.8CVSS2.8AI score0.04212EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/17 10:16 a.m.•46 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.12 and fixes at least the following security vulnerabilities: Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between contexts CVE-2019-14615. A heap-based buffer overflow was discovered...

9.8CVSS2.6AI score0.0776EPSS
Exploits0References3
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•46 views

Updated libtiff packages fix security vulnerability

The updated packages fix a security vulnerability: tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition...

8.8CVSS4.6AI score0.03356EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•46 views

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...

4.4CVSS2.9AI score0.00511EPSS
Exploits1References3
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•46 views

Updated rsyslog packages fix security vulnerability

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash CVE-2018-16881...

7.5CVSS4.2AI score0.02238EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•46 views

Updated libwmf packages fix security vulnerability

The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected. CVE-2019-6978...

9.8CVSS2AI score0.04416EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/20 8:17 p.m.•46 views

Updated phpmyadmin packages fix security vulnerabilities

- XSS vulnerability in navigation tree was discovered - Local file inclusion through transformation feature...

6.5CVSS1.5AI score0.03254EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/15 9:29 p.m.•46 views

Updated firefox packages fix security vulnerabilities

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash CVE-2018-17466. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to...

9.8CVSS0.9AI score0.09646EPSS
Exploits0References3
Mageia
Mageia
•added 2018/11/27 3:26 p.m.•46 views

Updated libpng(12) packages fix security vulnerability

In libpng until version 1.6.35, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVE-2018-13785 This update fixes it, also providing the...

6.5CVSS5.6AI score0.0447EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/22 10:26 p.m.•46 views

Updated flash-player-plugin packages fix security vulnerability

A critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE-2018-15981...

10CVSS5.2AI score0.11702EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/21 5:51 p.m.•46 views

Updated gettext packages fix security vulnerability

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt. CVE-2018-18751...

9.8CVSS1.7AI score0.04293EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/30 6:1 p.m.•46 views

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-0500. Zhaoyang Wu discovered tha...

10CVSS10.5AI score0.12058EPSS
Exploits1References12
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•46 views

Updated glib2.0 packages fix security vulnerabilities

The updated glib2.0 packages fix security vulnerabilities: In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference CVE-2018-16428. GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...

9.8CVSS2.4AI score0.04693EPSS
Exploits2References2
Mageia
Mageia
•added 2018/09/07 10:15 a.m.•46 views

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: Bluetooth Attribute Protocol dissector crash CVE-2018-16056. Radiotap dissector crash CVE-2018-16057. Bluetooth AVDTP dissector crash CVE-2018-16058...

7.5CVSS1.8AI score0.03459EPSS
Exploits0References6
Mageia
Mageia
•added 2018/09/02 7:7 p.m.•46 views

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...

7.5CVSS2.4AI score0.49268EPSS
Exploits0References5
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•46 views

Updated iceaepe packages fix security vulnerability

Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...

9.8CVSS2.3AI score0.21288EPSS
Exploits7References7
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•46 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.69016EPSS
Exploits28References3
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•46 views

Updated perl-DBD-mysql packages fix security vulnerabilities

Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...

9.8CVSS4.7AI score0.04629EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•46 views

Updated python packages fix security vulnerabilities

Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...

7.5CVSS2.9AI score0.05103EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/16 8:58 a.m.•46 views

Updated perl packages fix security vulnerability

GwanYeong Kim reported that 'pack' could cause a heap buffer write overflow with a large item count CVE-2018-6913...

9.8CVSS1.6AI score0.10866EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/08 9:37 p.m.•46 views

Updated libvncserver packages fix security vulnerability

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

9.8CVSS5.1AI score0.06222EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/26 11:40 p.m.•46 views

Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...

7.5CVSS0.9AI score0.02979EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/06 6:25 a.m.•46 views

Updated pure-ftpd packages fix security vulnerability

Fixes loading the configuration file...

6.1CVSS2AI score0.01077EPSS
Exploits0References3
Mageia
Mageia
•added 2017/12/01 11:13 p.m.•46 views

Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...

7.5CVSS6.2AI score0.02434EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/19 9:58 a.m.•46 views

Updated libmspack packages fix security vulnerabilities

It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2017-6419. It was discovered that libmspack incorrectly handled certain...

7.8CVSS3.2AI score0.02067EPSS
Exploits0References2
Mageia
Mageia
•added 2017/07/30 3:58 p.m.•46 views

Updated postgresql9.4 packages fix security vulnerabilities

Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7484. Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection CVE-2017-7485. Andrew Wheelwright...

7.5CVSS2.4AI score0.06331EPSS
Exploits0References4
Mageia
Mageia
•added 2017/05/21 8:28 p.m.•46 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 25.0.0.171 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves a use-after-free vulnerability that could lead to code execution CVE-2017-3071. This...

9.3CVSS4.1AI score0.20353EPSS
Exploits2References2
Mageia
Mageia
•added 2017/05/02 6:37 a.m.•46 views

Updated libxslt packages fix security vulnerability

Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service application crash or possible execute arbitrary code CVE-2017-5029...

8.8CVSS3.4AI score0.02131EPSS
Exploits0References2
Mageia
Mageia
•added 2017/04/27 10:21 p.m.•46 views

Updated tomcat packages fix security vulnerability

A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests...

9.1CVSS0.6AI score0.1684EPSS
Exploits0References2
Mageia
Mageia
•added 2017/03/27 1:55 p.m.•46 views

Updated glibc packages fix security vulnerability

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service CVE-2015-5180. Tim Ruehsen discovered that the getaddrinfo implementation in the GNU C Library did not properly track memory allocations. An...

7.5CVSS7.8AI score0.0627EPSS
Exploits0References1
Mageia
Mageia
•added 2017/02/20 1:24 p.m.•46 views

Updated iceape packages fix security vulnerability

Updated Iceape packages derived from Seamonkey include security fixes from Mozilla Firefox: Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Seamonkey before 2.46 allows remote attackers to cause a denial of service boolean out-of-bounds write or possib...

9.8CVSS6.2AI score0.05037EPSS
Exploits0References2
Mageia
Mageia
•added 2016/12/30 3:0 p.m.•46 views

Updated samba packages fix security vulnerability

Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" TGT, which can be used to fully impersonate the...

6.5CVSS3.2AI score0.09199EPSS
Exploits0References2
Mageia
Mageia
•added 2016/11/17 4:37 p.m.•46 views

Updated python-pillow packages fix security vulnerabilities

It was discovered that there were a number of memory overflow issues in python-pillow, a Python image manipulation library. CVE-2016-9189 and CVE-2016-9190...

7.8CVSS2.5AI score0.02026EPSS
Exploits0References2
Mageia
Mageia
•added 2016/10/08 8:18 p.m.•46 views

The updated packages fix a security vulnerability

Unsigned underflow leading to heap overflow when parsing 8BIM chunk CVE-2016-7800. Two issues in the WPG reader CVE-2016-7996, CVE-2016-7997...

9.8CVSS2.6AI score0.03905EPSS
Exploits0References3
Mageia
Mageia
•added 2016/09/21 8:38 p.m.•46 views

Updated icu packages fix security vulnerability

Buffer overflow ICU in the ulocacceptLanguageFromHTTP function CVE-2016-6293...

9.8CVSS3.8AI score0.04957EPSS
Exploits1References2
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•46 views

Updated curl packages fix security vulnerability

libcurl before 7.50.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous...

8.1CVSS1.2AI score0.15063EPSS
Exploits0References4
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•46 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610. Multiple denial of service flaws were found i...

9.6CVSS2.1AI score0.0669EPSS
Exploits0References3
Mageia
Mageia
•added 2016/08/03 10:57 a.m.•46 views

Updated chromium-browser-stable packages fix security vulnerability

Multiple unspecified vulnerabilities in chromium before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1705 The PPAPI implementation in Chromium before 52.0.2743.82 does not validate the origin of IPC messages to the plugin...

9.6CVSS3.4AI score0.0246EPSS
Exploits1References2
Mageia
Mageia
•added 2016/07/26 9:59 p.m.•46 views

Updated mariadb packages fix security vulnerability

The mariadb package has been updated to version 10.0.26. It fixes several security issues CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440 and other bugs. See the upstream release notes for details...

8.1CVSS4.1AI score0.05826EPSS
Exploits0References3
Total number of security vulnerabilities5000