Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2014/02/08 6:46 p.m.46 views

Updated chromium-browser-stable package fixes multiple vulnerabilities

Use-after-free related to forms CVE-2013-6641. Unprompted sync with an attackers Google account CVE-2013-6643. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6644. Use-after-free related to speech input elements CVE-2013-6645. Use-after-free in web workers CVE-2013-664...

7.5CVSS5.2AI score0.02032EPSS
Exploits9References3
Mageia
Mageia
added 2013/11/30 9:17 p.m.46 views

Updated gnutls package fixes security vulnerability

A DNS server that returns more 4 DANE entries could corrupt the memory of a requesting client using the DANE library from GnuTLS before 3.1.15 and 3.2.5 CVE-2013-4466. This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs...

5CVSS4.1AI score0.01978EPSS
Exploits0References6
Mageia
Mageia
added 2013/11/22 7:14 p.m.46 views

Updated graphicsmagick packages fix CVE-2013-4589

Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service DoS. The vulnerability is caused due to an error within the "ExportAlphaQuantumType" function found in...

4.3CVSS1.8AI score0.02328EPSS
Exploits1References4
Mageia
Mageia
added 2013/07/29 2:0 p.m.46 views

Updated wireshark package fixes security vulnerabilities

The Bluetooth SDP dissector could go into a large loop CVE-2013-4927. The DIS dissector could go into a large loop CVE-2013-4929. The DVB-CI dissector could crash CVE-2013-4930. The GSM RR dissector and possibly others could go into a large loop CVE-2013-4931. The GSM A Common dissector could cra...

7.8CVSS3.3AI score0.03738EPSS
Exploits0References10
Mageia
Mageia
added 2013/06/26 6:11 p.m.46 views

Updated perl-Dancer package fixes CVE-2012-5572

A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie and cookies methods. A remote attacker could use this flaw to inject arbitrary headers into responses from Perl...

5CVSS4.3AI score0.01497EPSS
Exploits0References2
Mageia
Mageia
added 2025/01/24 7:46 p.m.45 views

Updated phpmyadmin packages fix security vulnerabilities

fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...

7.3CVSS7AI score0.8833EPSS
Exploits16References2
Mageia
Mageia
added 2024/11/22 7:25 a.m.45 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.61 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS8.2AI score0.00529EPSS
Exploits1References4
Mageia
Mageia
added 2024/03/31 3:27 a.m.45 views

Updated opensc packages fix security vulnerability

Side-channel leaks while stripping encryption PKCS1.5 padding in OpenSC. CVE-2023-5992...

5.9CVSS7.3AI score0.01156EPSS
Exploits1References3
Mageia
Mageia
added 2024/03/15 10:51 p.m.45 views

Updated ncurses packages fix security vulnerability

The updated packages fix a security vulnerability: Local users can trigger security-relevant memory corruption via malformed data. CVE-2023-29491...

7.8CVSS7.5AI score0.00923EPSS
Exploits1References5
Mageia
Mageia
added 2023/11/06 11:8 p.m.45 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

9.8CVSS10AI score0.01585EPSS
Exploits0References3
Mageia
Mageia
added 2023/07/07 5:54 a.m.45 views

Updated apache-ivy packages fix security vulnerability

Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...

9.1CVSS7AI score0.01819EPSS
Exploits0References3
Mageia
Mageia
added 2023/06/08 7:34 p.m.45 views

Updated libreoffice packages fix security vulnerability

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS7.2AI score0.02244EPSS
Exploits2References3
Mageia
Mageia
added 2023/05/16 7:17 p.m.45 views

Updated python-django packages fix security vulnerability

Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...

9.8CVSS7.1AI score0.62575EPSS
Exploits0References6
Mageia
Mageia
added 2023/05/16 7:17 p.m.45 views

Updated firefox/nss/rootcerts packages fix security vulnerability

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks CVE-2023-32205. An out-of-bounds read could have led to a crash in the RLBox Expat driver CVE-2023-32206. A missing delay in popup...

8.8CVSS8.3AI score0.00753EPSS
Exploits0References4
Mageia
Mageia
added 2022/12/18 1:25 a.m.45 views

Updated advancecomp packages fix security vulnerability

advancecomp has been updated to fix a number of bugs and security issues...

5.5CVSS2.1AI score0.00448EPSS
Exploits7References2
Mageia
Mageia
added 2022/12/17 8:37 p.m.45 views

Updated thunderbird packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

9.8CVSS1.6AI score0.00921EPSS
Exploits0References1
Mageia
Mageia
added 2022/11/17 8:45 p.m.45 views

Updated thunderbird packages fix security vulnerability

Service Workers might have learned size of cross-origin media files. CVE-2022-45403 Fullscreen notification bypass. CVE-2022-45404 Use-after-free in InputStream implementation. CVE-2022-45405 Use-after-free of a JavaScript Realm. CVE-2022-45406 Fullscreen notification bypass via windowName...

9.8CVSS3.9AI score0.01061EPSS
Exploits0References3
Mageia
Mageia
added 2022/11/13 2:25 a.m.45 views

Updated libtiff packages fix security vulnerability

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections,...

6.5CVSS6.2AI score0.01016EPSS
Exploits3References2
Mageia
Mageia
added 2022/10/18 11:14 p.m.45 views

Updated unzip packages fix security vulnerability

Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2021-4217 Conversion of a wide string to a local string that leads to a heap of out-of-bound write. Thi...

5.5CVSS3AI score0.02421EPSS
Exploits3References9
Mageia
Mageia
added 2022/09/16 7:39 p.m.45 views

Updated curl packages fix security vulnerability

Control code in cookie denial of service. CVE-2022-35252...

3.7CVSS6.2AI score0.01839EPSS
Exploits1References3
Mageia
Mageia
added 2022/08/25 9:21 p.m.45 views

Updated dovecot packages fix security vulnerability

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...

8.8CVSS2.4AI score0.01748EPSS
Exploits1References5
Mageia
Mageia
added 2022/03/31 7:55 p.m.45 views

Updated golang packages fix security vulnerability

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...

7.5CVSS1.8AI score0.03255EPSS
Exploits0References4
Mageia
Mageia
added 2022/03/14 4:51 p.m.45 views

Updated ruby packages fix security vulnerability

Command injection in ruby bundler. CVE-2021-43809...

9.3CVSS2.5AI score0.02796EPSS
Exploits1References2
Mageia
Mageia
added 2022/02/18 12:14 a.m.45 views

Updated wireshark packages fix security vulnerability

Kafka dissector infinite loop CVE-2021-4190. RTMPT dissector infinite loop wnpa-sec-2022-01. Large loops in multiple dissectors wnpa-sec-2022-02. PVFS dissector crash wnpa-sec-2022-03. CSN.1 dissector crash wnpa-sec-2022-04. CMS dissector crash wnpa-sec-2022-05...

7.5CVSS2.8AI score0.031EPSS
Exploits1References9
Mageia
Mageia
added 2022/02/03 8:29 p.m.45 views

Updated cryptsetup packages fix security vulnerability

An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...

4.3CVSS3.7AI score0.0028EPSS
Exploits0References2
Mageia
Mageia
added 2022/01/11 7:12 a.m.45 views

Updated squashfs-tools packages fix security vulnerability

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS2.7AI score0.025EPSS
Exploits2References8
Mageia
Mageia
added 2021/09/23 4:49 a.m.45 views

Updated cpio packages fix security vulnerability

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...

7.8CVSS8.4AI score0.0415EPSS
Exploits1References4
Mageia
Mageia
added 2021/07/27 8:21 p.m.45 views

Updated netty packages fix security vulnerabilities

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

5.9CVSS6.5AI score0.18891EPSS
Exploits0References2
Mageia
Mageia
added 2021/07/13 11:43 p.m.45 views

Updated libsolv packages fix a security vulnerability

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcasereadPool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVE-2021-3200...

4.3CVSS5.4AI score0.01313EPSS
Exploits1References2
Mageia
Mageia
added 2021/06/23 5:11 p.m.45 views

Updated apache-mod_auth_openidc package fixes a security vulnerability

modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of- service DoS condition via unspecified vectors CVE-2021-20718...

7.5CVSS6.9AI score0.03395EPSS
Exploits0References3
Mageia
Mageia
added 2021/06/08 2:33 p.m.45 views

Updated firefox packages fix a security vulnerability

Updated firefox packages fix a security vulnerability: Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with...

8.8CVSS2.8AI score0.01368EPSS
Exploits0References11
Mageia
Mageia
added 2021/04/12 7:59 p.m.45 views

Updated python-jinja2 packages fix a security vulnerability

ReDOS vulnerability where urlize could have been called with untrusted user data CVE-2020-28493...

5.3CVSS2AI score0.03546EPSS
Exploits1References2
Mageia
Mageia
added 2021/04/12 7:59 p.m.45 views

Updated wireshark packages fix a security vulnerability

Wireshark could open unsafe URLs CVE-2021-22191...

8.8CVSS1.9AI score0.03639EPSS
Exploits0References4
Mageia
Mageia
added 2021/03/12 1:25 a.m.45 views

Updated ansible packages fix security vulnerability

User data leak in snmpfacts module CVE-2021-20178. The bitbucketpipelinevariable module exposed secured values CVE-2021-20180. Multiple collections exposed secured values CVE-2021-20191. In basic.py, nolog with fallback option CVE-2021-20228. The ansible package has been updated to version 2.9.18...

7.5CVSS3.3AI score0.02043EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/23 7:51 p.m.45 views

Updated italc packages fix security vulnerabilities

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

9.8CVSS2.5AI score0.15089EPSS
Exploits4References3
Mageia
Mageia
added 2020/11/23 7:51 p.m.45 views

Updated python-pillow packages fix security vulnerabilities

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...

8.1CVSS2.4AI score0.02514EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/13 9:20 p.m.45 views

Updated ruby packages fix a security vulnerability

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request...

7.5CVSS6.8AI score0.03849EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/13 9:20 p.m.45 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

High memory usage during deserialization of Proxy class with many interfaces. CVE-2020-14779 Credentials sent over unencrypted LDAP connection. CVE-2020-14781 Certificate blacklist bypass via alternate certificate encodings. CVE-2020-14782 Integer overflow leading to out-of-bounds access...

5.8CVSS3.1AI score0.03713EPSS
Exploits0References8
Mageia
Mageia
added 2020/08/18 5:41 p.m.45 views

Updated golang packages fix security vulnerability

Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected CVE-2020-15586. Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of byt...

7.5CVSS7.2AI score0.0473EPSS
Exploits0References6
Mageia
Mageia
added 2020/07/05 7:48 p.m.45 views

Updated curl packages fix security vulnerability

Updated curl packages fix security vulnerabilities: libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers CVE-2020-8169. curl can be tricked by a malicious server to overwri...

7.8CVSS1.9AI score0.03427EPSS
Exploits2References4
Mageia
Mageia
added 2020/06/10 10:26 p.m.45 views

Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...

6.5CVSS0.8AI score0.01214EPSS
Exploits0References5
Mageia
Mageia
added 2020/05/08 10:57 a.m.45 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...

10CVSS0.2AI score0.05803EPSS
Exploits0References3
Mageia
Mageia
added 2020/02/21 11:6 p.m.45 views

Updated systemd packages fix security vulnerabilities

Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...

7.8CVSS7.8AI score0.0046EPSS
Exploits0References2
Mageia
Mageia
added 2020/02/09 7:13 p.m.45 views

Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...

7.8CVSS3.1AI score0.19426EPSS
Exploits13References4
Mageia
Mageia
added 2020/02/09 7:13 p.m.45 views

Updated qtbase5 packages fix security vulnerabilities

Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...

7.3CVSS4.2AI score0.00568EPSS
Exploits1References3
Mageia
Mageia
added 2020/01/05 3:37 p.m.45 views

Updated shadowsocks-libev packages fix security vulnerabilities

Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...

7.8CVSS2.6AI score0.02289EPSS
Exploits2References2
Mageia
Mageia
added 2019/12/19 1:44 p.m.45 views

Updated pacemaker packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was found in the way pacemaker's client-server authenticatio...

8.8CVSS2.8AI score0.01962EPSS
Exploits0References6
Mageia
Mageia
added 2019/11/30 1:6 p.m.45 views

Updated bzip2 packages fix security vulnerability

The updated packages fix a security vulnerability: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900...

9.8CVSS3.5AI score0.08042EPSS
Exploits0References7
Mageia
Mageia
added 2019/11/07 11:36 p.m.45 views

Updated expat packages fix security vulnerability

It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...

7.5CVSS8.3AI score0.06643EPSS
Exploits1References2
Mageia
Mageia
added 2019/10/16 10:22 p.m.45 views

Updated libpcap and tcpdump packages fix security vulnerabilities

Updated libpcap and tcpdump packages fix security vulnerabilities: The libpcap packages have been updated to versions 1.9.1 and tcpdump to 4.9.3, respectively, fixing several buffer overread and overflow issues...

9.8CVSS4.6AI score0.06816EPSS
Exploits0References4
Total number of security vulnerabilities5000