Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2022/12/06 11:32 p.m.•92 views

Updated imagemagick packages fix security vulnerability

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. CVE-2021-3574 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows a...

7.8CVSS1.3AI score0.0238EPSS
Exploits4References16
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•92 views

Updated samba packages fix security vulnerability

When Samba is used as a domain controller, an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw CVE-2020-1472. Note that Samba installations are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel...

10CVSS2.2AI score0.99512EPSS
Exploits75References4
Mageia
Mageia
•added 2018/09/22 7:23 p.m.•92 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.70 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets targeti...

7.8CVSS1.1AI score0.24575EPSS
Exploits5References2
Mageia
Mageia
•added 2018/01/06 12:53 a.m.•92 views

kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

8.8CVSS4.1AI score0.30052EPSS
Exploits32References17
Mageia
Mageia
•added 2014/09/24 6:42 p.m.•92 views

Updated bash packages fix CVE-2014-6271

Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

10CVSS9.7AI score0.99999EPSS
Exploits131References5
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•91 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

6.5CVSS7AI score0.04459EPSS
Exploits0References5
Mageia
Mageia
•added 2021/01/15 12:31 p.m.•91 views

Updated kernel packages fix security vulnerabilities

This update provides an upgrade to the new upstream 5.10 longterm branch, currently based on 5.10.6, adding new features and new and improved hardware support. This update also fixes at least the following security issues: In binderreleasework of binder.c, there is a possible use-after-free due t...

7.8CVSS7.9AI score0.06692EPSS
Exploits18References10
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•91 views

Updated apache packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window close...

9.1CVSS0.81466EPSS
Exploits6References5
Mageia
Mageia
•added 2018/08/15 3:45 p.m.•91 views

Updated libtomcrypt packages fix security vulnerability

libtomcrypt has been updated to secure it against two security vulnerabilities. A problem in the ASN.1 parser could cause a stack overflow and a resulting denial of service when parsing deeply recursive ASN.1 types CVE-2018-0739. An attacker capable of triggering signatures and mounting a side...

6.5CVSS4.5AI score0.19295EPSS
Exploits1References1
Mageia
Mageia
•added 2014/06/06 10:31 a.m.•91 views

Updated openssl packages fix multiple vulnerabilties

Updated openssl packages fix security vulnerabilities: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a...

7.4CVSS8.6AI score0.99977EPSS
Exploits13References4
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•90 views

Updated libxml2 packages fix security vulnerability

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...

7.5CVSS7.1AI score0.02462EPSS
Exploits2References4
Mageia
Mageia
•added 2023/03/11 7:0 p.m.•90 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.98 and fixes atleast the following security issues: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines o...

8.8CVSS8.3AI score0.01944EPSS
Exploits6References11
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•90 views

Updated freerdp packages fix security vulnerability

In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. CVE-2022-39316 Affected versions of FreeRDP are missing a range check for input...

5.7CVSS5.8AI score0.00967EPSS
Exploits0References8
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•90 views

Updated curl packages fix security vulnerability

CERTINFO never-ending busy-loop. CVE-2022-27781 TLS and SSH connection too eager reuse. CVE-2022-27782...

7.5CVSS1.5AI score0.02596EPSS
Exploits2References4
Mageia
Mageia
•added 2022/03/07 11:10 p.m.•90 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.25 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is ORDONLY, immutable or on a...

7.8CVSS1.8AI score0.88106EPSS
Exploits107References3
Mageia
Mageia
•added 2022/02/15 8:50 p.m.•90 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.23 and fixes at least the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than th...

9CVSS1AI score0.67994EPSS
Exploits16References7
Mageia
Mageia
•added 2022/01/11 7:12 a.m.•90 views

Updated osgi-core/apache-commons-compress packages fix security vulnerability

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. CVE-2021-35515 When reading a specially crafted 7...

7.5CVSS2.9AI score0.13292EPSS
Exploits0References7
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•90 views

Updated golang packages fix security vulnerabilities

Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently...

9.8CVSS1.6AI score0.83433EPSS
Exploits2References2
Mageia
Mageia
•added 2024/03/18 4:12 p.m.•89 views

Updated apache-mod_security-crs packages fix security vulnerabilities

A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function name such as "if" and b is the SQL statement to be executed. CVE-2018-16384 Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 h...

9.8CVSS8.6AI score0.02542EPSS
Exploits3References6
Mageia
Mageia
•added 2023/11/20 10:4 a.m.•89 views

Updated chromium-browser-stable packages fix bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105; some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonse...

8.8CVSS7.9AI score0.30339EPSS
Exploits0References5
Mageia
Mageia
•added 2022/04/24 10:43 a.m.•89 views

Updated libdxfrw packages fix security vulnerability

A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. CVE-2021-21898 A code...

8.8CVSS2.1AI score0.02686EPSS
Exploits4References5
Mageia
Mageia
•added 2022/03/09 5:3 p.m.•89 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.26 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is ORDONLY, immutable or on...

7.8CVSS1.7AI score0.88106EPSS
Exploits107References4
Mageia
Mageia
•added 2021/03/12 1:25 a.m.•89 views

Updated python-httplib2 packages fix a security vulnerability

A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server CVE-2021-21240...

7.5CVSS3.3AI score0.03876EPSS
Exploits1References2
Mageia
Mageia
•added 2021/01/15 12:31 p.m.•89 views

Updated kernel-linus packages fix security vulnerabilities

This update provides an upgrade to the new upstream 5.10 longterm branch, currently based on 5.10.6, adding new features and new and improved hardware support. This update also fixes at least the following security issues: In binderreleasework of binder.c, there is a possible use-after-free due t...

7.8CVSS7.7AI score0.06692EPSS
Exploits18References10
Mageia
Mageia
•added 2015/07/05 5:22 p.m.•89 views

Updated php package fixes security vulnerability

Incorrect handling of paths with NULs CVE-2015-4598. OS command injection vulnerability in escapeshellarg CVE-2015-4642. Integer overflow in ftpgenlist resulting in heap overflow CVE-2015-4643. Segfault in phppgsqlmetadata CVE-2015-4644. PHP has been updated to version 5.5.26, which fixes multipl...

10CVSS9.3AI score0.16948EPSS
Exploits3References4
Mageia
Mageia
•added 2024/05/16 5:29 p.m.•88 views

Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities

Long Exception message leading to crash. CVE-2024-21011 HTTP/2 client improper reverse DNS lookup. CVE-2024-21012 Integer overflow in C1 compiler address generation. CVE-2024-21068 Pack200 excessive memory allocation. CVE-2024-21085 C2 compilation fails with "Exceeded noderegs array". CVE-2024-21...

3.7CVSS7.5AI score0.01361EPSS
Exploits0References5
Mageia
Mageia
•added 2024/01/08 10:12 a.m.•88 views

Updated putty package fixes a security vulnerability (Terrapin attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and many other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a...

5.9CVSS6.1AI score0.9378EPSS
Exploits4References1
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•88 views

Updated libde265 packages fix security vulnerability

libde265 has been updated to version 1.0.11 to fix many security issues...

9.8CVSS6.9AI score0.0202EPSS
Exploits46References5
Mageia
Mageia
•added 2022/06/29 4:18 p.m.•88 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access CVE-2022-21123. Incomplete...

5.5CVSS4AI score0.06451EPSS
Exploits0References6
Mageia
Mageia
•added 2020/04/24 5:3 p.m.•88 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...

8.3CVSS1.3AI score0.0623EPSS
Exploits0References3
Mageia
Mageia
•added 2019/09/21 4:4 p.m.•88 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 5.2.16 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...

8.8CVSS3.9AI score0.02701EPSS
Exploits3References4
Mageia
Mageia
•added 2019/08/12 9:8 p.m.•88 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre lik...

8.8CVSS0.8AI score0.05649EPSS
Exploits6References7
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•88 views

Updated docker packages fix security vulnerabilities

Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing CVE-2017-14992. The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi...

6.5CVSS3AI score0.0247EPSS
Exploits0References4
Mageia
Mageia
•added 2017/10/27 7:16 a.m.•88 views

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.1.30 maintenance release, fixing security and other issues: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a...

7.5CVSS2.4AI score0.57595EPSS
Exploits1References2
Mageia
Mageia
•added 2015/05/11 8:10 p.m.•88 views

Updated async-http-client packages fix security vulnerabilities

Updated async-http-client packages fix security vulnerabilities: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also uses client certificates. This can be exploited by a Man-in-the-middle MITM attack...

4.3CVSS0.9AI score0.00993EPSS
Exploits0References2
Mageia
Mageia
•added 2024/02/14 11:2 p.m.•87 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

6.5CVSS7.4AI score0.04459EPSS
Exploits0References6
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•87 views

Updated ghostpcl packages fix security vulnerability

An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. CVE-2023-38560...

5.5CVSS6.7AI score0.00343EPSS
Exploits0References1
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•87 views

Updated python-pillow packages fix security vulnerability

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVE-2022-30595 Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198...

9.8CVSS7.5AI score0.01923EPSS
Exploits1References2
Mageia
Mageia
•added 2022/07/05 7:11 p.m.•87 views

Updated curl packages fix security vulnerability

Set-Cookie denial of service. CVE-2022-32205 HTTP compression denial of service. CVE-2022-32206 Unpreserved file permissions. CVE-2022-32207 FTP-KRB bad message verification. CVE-2022-32208...

9.8CVSS1.2AI score0.3197EPSS
Exploits4References6
Mageia
Mageia
•added 2022/05/06 8:16 p.m.•87 views

Updated dcraw packages fix security vulnerability

A buffer over-read in cropmaskedpixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. CVE-2018-19565 A heap buffer over-read in parsetiffifd in dcraw through 9.28 could be used by...

9.3CVSS1.9AI score0.01984EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/04 12:26 p.m.•87 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.19 and fixes at least the following security issues: An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An...

7.8CVSS1.1AI score0.00544EPSS
Exploits1References9
Mageia
Mageia
•added 2021/02/19 10:27 a.m.•87 views

Updated mediawiki packages fix security vulnerability

In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colu...

7.5CVSS6.6AI score0.01573EPSS
Exploits2References4
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•87 views

Updated Thunderbird packages fix security vulnerabilities

AppCache manifest poisoning due to url encoded character processing CVE-2020-12415. Use-after-free in WebRTC VideoBroadcaster CVE-2020-12416. Integer overflow in nsJPEGEncoder::emptyOutputBuffer CVE-2020-12422. WebRTC permission prompt could have been bypassed by a compromised content process...

9.3CVSS1.9AI score0.01961EPSS
Exploits2References13
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•87 views

Updated oniguruma packages fix security vulnerabilities

Updated oniguruma packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a...

9.8CVSS4.8AI score0.10539EPSS
Exploits6References6
Mageia
Mageia
•added 2019/11/19 9:16 p.m.•87 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...

8.8CVSS3.3AI score0.04521EPSS
Exploits8References15
Mageia
Mageia
•added 2018/10/27 9:45 a.m.•87 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets...

8.3CVSS0.5AI score0.24575EPSS
Exploits8References10
Mageia
Mageia
•added 2018/10/26 6:47 p.m.•87 views

Updated busybox packages fix security vulnerability

Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address CVE-2015-9261...

5.5CVSS7.6AI score0.02368EPSS
Exploits6References2
Mageia
Mageia
•added 2018/08/12 8:39 p.m.•87 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.62 and fixes at least the following security issues: Security researchers from FICORA have identified a remote denial of service attack against the Linux kernel caused by inefficient implementation of TCP segment reassembly, named "SegmentSmack". A...

7.8CVSS4.3AI score0.7354EPSS
Exploits0References7
Mageia
Mageia
•added 2017/06/09 11:5 p.m.•87 views

Updated zoneminder packages fix security vulnerability

This update fixes the following security issues: Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a...

9.8CVSS10AI score0.06739EPSS
Exploits12References8
Mageia
Mageia
•added 2016/10/11 10:12 p.m.•87 views

Updated openssl packages fix security vulnerabilities

Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...

9.8CVSS0.9AI score0.95707EPSS
Exploits8References3
Total number of security vulnerabilities5000