Lucene search
K
MageiaMost viewed

6013 matches found

Mageia
Mageia
added 2025/01/24 7:46 p.m.45 views

Updated phpmyadmin packages fix security vulnerabilities

fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...

7.3CVSS7AI score0.8833EPSS
Exploits16References2
Mageia
Mageia
added 2024/11/22 7:25 a.m.45 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.61 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS8.2AI score0.00529EPSS
Exploits1References4
Mageia
Mageia
added 2024/10/29 4:11 p.m.45 views

Updated chromium-browser-stable packages fix security vulnerabilities

Integer overflow in Layout. CVE-2024-7025 Insufficient data validation in Mojo. CVE-2024-9369 Inappropriate implementation in V8. CVE-2024-9370 Type Confusion in V8. CVE-2024-9602 Type Confusion in V8. CVE-2024-9603...

9.6CVSS7.2AI score0.00773EPSS
Exploits2References3
Mageia
Mageia
added 2024/04/30 10:25 p.m.45 views

Updated krb5 packages fix security vulnerabilities

Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461...

7.5CVSS6.8AI score0.01128EPSS
Exploits2References1
Mageia
Mageia
added 2024/04/25 4:0 p.m.45 views

Updated mbedtls packages fix security vulnerability

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. CVE-2024-28960...

8.2CVSS7.3AI score0.0084EPSS
Exploits0References2
Mageia
Mageia
added 2024/03/20 3:35 a.m.45 views

Updated qpdf packages fix security vulnerability

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h. CVE-2024-24246...

5.5CVSS6.9AI score0.00436EPSS
Exploits1References2
Mageia
Mageia
added 2023/12/22 11:4 a.m.45 views

Updated gstreamer packages fix many security vulnerabilities

Updated gstreamer packages fix many security issues see the references below. Apart from the listed CVEs, ZDI-CAN-22300 is also fixed...

8.8CVSS7AI score0.02189EPSS
Exploits6References2
Mageia
Mageia
added 2023/11/06 11:8 p.m.45 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

9.8CVSS10AI score0.01585EPSS
Exploits0References3
Mageia
Mageia
added 2023/10/03 10:53 a.m.45 views

Updated glibc packages fix a security vulnerability

The updated packages fix a security vulnerability: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVE-2023-5156...

7.5CVSS6.5AI score0.01338EPSS
Exploits0References2
Mageia
Mageia
added 2023/07/07 5:54 a.m.45 views

Updated apache-ivy packages fix security vulnerability

Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...

9.1CVSS7AI score0.01819EPSS
Exploits0References3
Mageia
Mageia
added 2023/06/08 7:34 p.m.45 views

Updated libreoffice packages fix security vulnerability

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS7.2AI score0.02244EPSS
Exploits2References3
Mageia
Mageia
added 2023/05/16 7:17 p.m.45 views

Updated firefox/nss/rootcerts packages fix security vulnerability

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks CVE-2023-32205. An out-of-bounds read could have led to a crash in the RLBox Expat driver CVE-2023-32206. A missing delay in popup...

8.8CVSS8.3AI score0.00753EPSS
Exploits0References4
Mageia
Mageia
added 2023/05/16 7:17 p.m.45 views

Updated python-django packages fix security vulnerability

Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...

9.8CVSS7.1AI score0.62575EPSS
Exploits0References6
Mageia
Mageia
added 2022/10/23 10:48 p.m.45 views

Updated e2fsprogs packages fix security vulnerability

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304...

7.8CVSS4.9AI score0.01382EPSS
Exploits0References4
Mageia
Mageia
added 2022/09/16 7:39 p.m.45 views

Updated sdl2 packages fix security vulnerability

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, for denial of service, or for Code execution. CVE-2021-33657...

8.8CVSS5AI score0.01986EPSS
Exploits0References4
Mageia
Mageia
added 2022/08/20 10:4 a.m.45 views

Updated wavpack packages fix security vulnerability

Null pointer dereference in wvunpack CVE-2022-2476...

5.5CVSS2.9AI score0.00358EPSS
Exploits1References3
Mageia
Mageia
added 2022/08/13 2:32 a.m.45 views

Updated libtiff packages fix security vulnerability

A stack overflow was discovered in the TIFFVGetField function of Tiffsplit CVE-2022-34526...

6.5CVSS3.9AI score0.01385EPSS
Exploits1References2
Mageia
Mageia
added 2022/05/12 10:24 a.m.45 views

Updated python-ujson packages fix security vulnerability

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation. CVE-2021-45958...

5.5CVSS3.8AI score0.0155EPSS
Exploits1References3
Mageia
Mageia
added 2022/05/06 8:16 p.m.45 views

Updated thunderbird packages fix security vulnerability

Incorrect security status shown after viewing an attached email. CVE-2022-1520 Fullscreen notification bypass using popups. CVE-2022-29914 Bypassing permission prompt in nested browsing contexts. CVE-2022-29909 Leaking browser history with CSS variables. CVE-2022-29916 iframe sandbox bypass...

9.8CVSS1.1AI score0.01005EPSS
Exploits3References3
Mageia
Mageia
added 2022/03/31 7:55 p.m.45 views

Updated golang packages fix security vulnerability

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...

7.5CVSS1.8AI score0.03255EPSS
Exploits0References4
Mageia
Mageia
added 2022/03/14 4:51 p.m.45 views

Updated ruby packages fix security vulnerability

Command injection in ruby bundler. CVE-2021-43809...

9.3CVSS2.5AI score0.02796EPSS
Exploits1References2
Mageia
Mageia
added 2022/02/05 8:23 p.m.45 views

Updated xterm packages fix security vulnerability

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in setsixel in graphicssixel.c via crafted text. CVE-2022-24130...

5.5CVSS6AI score0.01694EPSS
Exploits1References2
Mageia
Mageia
added 2022/02/03 8:29 p.m.45 views

Updated cryptsetup packages fix security vulnerability

An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...

4.3CVSS3.7AI score0.0028EPSS
Exploits0References2
Mageia
Mageia
added 2022/01/16 8:39 p.m.45 views

Updated openexr packages fix security vulnerability

OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. CVE-2021-45942...

5.5CVSS3.6AI score0.01772EPSS
Exploits1References3
Mageia
Mageia
added 2021/11/18 9:50 p.m.45 views

Updated tinyxml packages fix security vulnerability

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXMLUTFLEAD0 case. It can be triggered by a crafted XML message and leads to a denial of service. CVE-2021-42260...

7.5CVSS4.1AI score0.03055EPSS
Exploits1References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.45 views

Updated cpio packages fix security vulnerability

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...

7.8CVSS8.4AI score0.0415EPSS
Exploits1References4
Mageia
Mageia
added 2021/07/13 11:43 p.m.45 views

Updated libsolv packages fix a security vulnerability

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcasereadPool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVE-2021-3200...

4.3CVSS5.4AI score0.01313EPSS
Exploits1References2
Mageia
Mageia
added 2021/07/10 12:56 p.m.45 views

Updated php packages fix security vulnerabilities

Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities: - PDOFirebird: Fix Stack buffer overflow in firebirdinfocb CVE-2021-21704. Fix SIGSEGV in firebirdhandledoer CVE-2021-21704. Fix SIGSEGV in firebirdstmtexecute CVE-2021-21704. Fix Crash while parsing...

5.9CVSS4AI score0.01945EPSS
Exploits2References2
Mageia
Mageia
added 2021/06/23 5:11 p.m.45 views

Updated wireshark packages fix a security vulnerability

The DVB-S2-BB dissector could go into an infinite loop...

7.5CVSS1.8AI score0.01789EPSS
Exploits0References5
Mageia
Mageia
added 2021/06/13 9:32 p.m.45 views

Updated python-lxml packages fix a security vulnerability

An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS3.5AI score0.04002EPSS
Exploits1References4
Mageia
Mageia
added 2021/05/27 1:43 p.m.45 views

Updated ceph packages fix a security vulnerability

Updated ceph packages fix security vulnerability on rgw CVE-2021-3524 as well as CVE-2021-3509 and CVE-2021-3531 from which Mageia was not affected...

6.5CVSS2.5AI score0.01612EPSS
Exploits0References4
Mageia
Mageia
added 2021/03/30 8:8 p.m.45 views

Updated glib2.0 packages fix security vulnerability

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

5.3CVSS1.3AI score0.02622EPSS
Exploits1References2
Mageia
Mageia
added 2021/03/12 1:25 a.m.45 views

Updated ansible packages fix security vulnerability

User data leak in snmpfacts module CVE-2021-20178. The bitbucketpipelinevariable module exposed secured values CVE-2021-20180. Multiple collections exposed secured values CVE-2021-20191. In basic.py, nolog with fallback option CVE-2021-20228. The ansible package has been updated to version 2.9.18...

7.5CVSS3.3AI score0.02043EPSS
Exploits0References3
Mageia
Mageia
added 2020/11/23 7:51 p.m.45 views

Updated python-pillow packages fix security vulnerabilities

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...

8.1CVSS2.4AI score0.02514EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/13 9:20 p.m.45 views

Updated ruby packages fix a security vulnerability

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request...

7.5CVSS6.8AI score0.03849EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/13 9:20 p.m.45 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

High memory usage during deserialization of Proxy class with many interfaces. CVE-2020-14779 Credentials sent over unencrypted LDAP connection. CVE-2020-14781 Certificate blacklist bypass via alternate certificate encodings. CVE-2020-14782 Integer overflow leading to out-of-bounds access...

5.8CVSS3.1AI score0.03713EPSS
Exploits0References8
Mageia
Mageia
added 2020/08/27 3:52 p.m.45 views

Updated firefox packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

8.8CVSS1.4AI score0.01378EPSS
Exploits0References3
Mageia
Mageia
added 2020/08/22 7:27 p.m.45 views

Updated chrony package fixes security vulnerability

Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...

6CVSS2.9AI score0.00485EPSS
Exploits0References2
Mageia
Mageia
added 2020/07/30 1:6 p.m.45 views

Updated podofo packages fix security vulnerability

The updated packages fix security vulnerabilities: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. CVE-2018-12983 An issue was...

9.8CVSS3.2AI score0.02552EPSS
Exploits4References6
Mageia
Mageia
added 2020/07/05 8:46 a.m.45 views

Updated mailman packages fix security vulnerability

Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension or an unknown file extension then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type based on the file extensio...

6.5CVSS1.2AI score0.02698EPSS
Exploits1References3
Mageia
Mageia
added 2020/06/10 10:26 p.m.45 views

Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...

6.5CVSS0.8AI score0.01214EPSS
Exploits0References5
Mageia
Mageia
added 2020/05/08 10:57 a.m.45 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...

10CVSS0.2AI score0.05803EPSS
Exploits0References3
Mageia
Mageia
added 2020/02/21 11:6 p.m.45 views

Updated systemd packages fix security vulnerabilities

Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...

7.8CVSS7.8AI score0.0046EPSS
Exploits0References2
Mageia
Mageia
added 2020/02/09 7:13 p.m.45 views

Updated qtbase5 packages fix security vulnerabilities

Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...

7.3CVSS4.2AI score0.00568EPSS
Exploits1References3
Mageia
Mageia
added 2020/02/09 7:13 p.m.45 views

Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...

7.8CVSS3.1AI score0.19426EPSS
Exploits13References4
Mageia
Mageia
added 2020/01/30 6:28 p.m.45 views

Updated mariadb packages fix security vulnerability

Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequentl...

5.9CVSS6.6AI score0.03485EPSS
Exploits0References3
Mageia
Mageia
added 2020/01/05 3:37 p.m.45 views

Updated freeradius packages fix security vulnerabilities

Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...

7.5CVSS1.7AI score0.02168EPSS
Exploits4References4
Mageia
Mageia
added 2019/11/07 11:36 p.m.45 views

Updated expat packages fix security vulnerability

It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...

7.5CVSS8.3AI score0.06643EPSS
Exploits1References2
Mageia
Mageia
added 2019/10/29 2:54 p.m.45 views

Updated file packages fix security vulnerability

Updated file packages fix security vulnerability: A buffer overflow was found in file which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF Composite Document File file is processed CVE-2019-18218...

7.8CVSS4.1AI score0.0185EPSS
Exploits1References2
Mageia
Mageia
added 2019/10/16 10:22 p.m.45 views

Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. CVE-2019-14287...

9CVSS2.9AI score0.63917EPSS
Exploits10References3
Total number of security vulnerabilities5000