Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2014/12/26 5:4 p.m.•44 views

Updated apache-poi packages fix security vulnerabilities

Updated apache-poi packages fix security vulnerabilities: It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server,...

4.3CVSS6.9AI score0.13258EPSS
Exploits0References2
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•44 views

Updated kdenetwork4 packages fix security vulnerabilities in krfb

A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter CVE-2014-6053, CVE-2014-6054. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a...

6.5CVSS8.9AI score0.0783EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/15 6:31 p.m.•44 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update provides an upgrade to the upstream 3.14 -longterm branch, currently based on 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a...

7.2CVSS7.3AI score0.03751EPSS
Exploits8References29
Mageia
Mageia
•added 2014/11/14 1:24 a.m.•44 views

Updated libreoffice packages fix security vulnerabilities

It was discovered during routine code review that LibreOffice unconditionally executed certain VBA macros on loading Microsoft Office documents, contrary to user expectations CVE-2014-0247. A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the...

10CVSS6.4AI score0.09864EPSS
Exploits0References5
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•44 views

Updated zabbix package fixes security vulnerability

It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local...

9.8CVSS8.8AI score0.05303EPSS
Exploits1References5
Mageia
Mageia
•added 2014/10/28 11:33 a.m.•44 views

Updated chromium-browser-stable packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191,...

10CVSS5.7AI score0.0595EPSS
Exploits0References4
Mageia
Mageia
•added 2014/10/07 9:22 a.m.•44 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer CVE-2014-6270. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack...

6.8CVSS7.8AI score0.76064EPSS
Exploits0References3
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•44 views

Updated squid packages fix CVE-2014-3609

Updated squid packages fix security vulnerability: Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service CVE-2014-3609...

5CVSS6.2AI score0.5622EPSS
Exploits0References4
Mageia
Mageia
•added 2014/08/08 11:23 a.m.•44 views

Updated php packages fix security vulnerabilities

Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...

5CVSS8.6AI score0.11814EPSS
Exploits1References6
Mageia
Mageia
•added 2014/08/07 5:1 p.m.•44 views

Updated drupal packages fix security vulnerabilities

An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same...

5CVSS6.3AI score0.02772EPSS
Exploits0References11
Mageia
Mageia
•added 2014/07/26 11:56 a.m.•44 views

Updated pidgin packages fix CVE-2014-3775

Updated pidgin packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or...

7.5CVSS7.5AI score0.0378EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/11 5:13 p.m.•44 views

Updated firefox & thunderbird packages fix multiple security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

10CVSS9.8AI score0.05951EPSS
Exploits0References8
Mageia
Mageia
•added 2014/05/29 6:55 a.m.•44 views

Updated qt4 and qtbase5 packages fix security vulnerability

A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...

4.3CVSS8.4AI score0.03957EPSS
Exploits0References5
Mageia
Mageia
•added 2014/03/24 7:37 a.m.•44 views

Updated python package fixes security vulnerabilities

Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...

7.5CVSS2.6AI score0.03913EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/21 6:20 p.m.•44 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.341 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in...

10CVSS7.5AI score0.24204EPSS
Exploits4References2
Mageia
Mageia
•added 2014/02/16 1:29 p.m.•44 views

Updated libpng12 package fixes security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS6.4AI score0.04692EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/10 8:20 p.m.•44 views

Updated icedtea-web packages fix CVE-2013-6493

Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user...

2.1CVSS2.2AI score0.00482EPSS
Exploits1References3
Mageia
Mageia
•added 2014/01/06 1:10 a.m.•44 views

Updated openjpeg package fixes security vulnerabilities

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

7.5CVSS3.8AI score0.05515EPSS
Exploits0References3
Mageia
Mageia
•added 2013/12/06 10:0 p.m.•44 views

Updated gimp package fixes security vulnerabilities

An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System XWD image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrar...

6.8CVSS4.6AI score0.04206EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/17 8:1 p.m.•44 views

Updated apache-mod_fcgid packages fix CVE-2013-4365

Updated apache-modfcgid package fixes security vulnerability: Apache modfcgid before version 2.3.9 fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the...

7.5CVSS7.1AI score0.13141EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 6:53 p.m.•44 views

Updated chromium-browser-stable packages fix security vulnerabilities

This updates chromium-browser to the latest stable version, fixing multiple security vulnerabilities. Security fixes: CVE-2013-2906: Races in Web Audio CVE-2013-2907: Out of bounds read in Window.prototype object CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code...

7.5CVSS2.2AI score0.02531EPSS
Exploits1References2
Mageia
Mageia
•added 2013/09/24 9:41 p.m.•44 views

Updated polarssl package fixes security vulnerabilities

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in PolarSSL before 1.2.6, does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and...

4.3CVSS3.3AI score0.35584EPSS
Exploits2References7
Mageia
Mageia
•added 2013/09/20 5:36 a.m.•44 views

Updated glpi package fixes security vulnerabilities

Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 CVE-2013-2226, 0.83.91 CVE-2013-2225, and 0.84.2 CVE-2013-5696. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues...

7.5CVSS3.9AI score0.07855EPSS
Exploits15References1
Mageia
Mageia
•added 2013/07/26 11:48 a.m.•44 views

Updated php packages fix CVE-2013-4113

Updated php packages fix security vulnerability: Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages have been upgraded to the latest version 2013.4...

6.8CVSS2.1AI score0.05186EPSS
Exploits0References4
Mageia
Mageia
•added 2013/07/21 8:41 a.m.•44 views

Updated libxml2 packages fix CVE-2013-2877

It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service CVE-2013-2877...

5CVSS2.2AI score0.04733EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/26 6:7 p.m.•44 views

Updated wireshark packages fix multiple security vulverabilities

The CAPWAP dissector could crash CVE-2013-4074. The HTTP dissector could overrun the stack CVE-2013-4081. The DCP ETSI dissector could crash CVE-2013-4083...

5CVSS0.7AI score0.60643EPSS
Exploits7References7
Mageia
Mageia
•added 2013/06/19 10:13 a.m.•44 views

Updated subversion packages fix security vulnerabilities

Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository CVE-2013-1968. Subversion's svnserve server process ma...

7.8CVSS3.4AI score0.03894EPSS
Exploits0References4
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•43 views

Updated botan2 packages fix security vulnerability

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS6.2AI score0.00542EPSS
Exploits1References2
Mageia
Mageia
•added 2024/10/29 4:11 p.m.•43 views

Updated chromium-browser-stable packages fix security vulnerabilities

Integer overflow in Layout. CVE-2024-7025 Insufficient data validation in Mojo. CVE-2024-9369 Inappropriate implementation in V8. CVE-2024-9370 Type Confusion in V8. CVE-2024-9602 Type Confusion in V8. CVE-2024-9603...

9.6CVSS7.2AI score0.00773EPSS
Exploits2References3
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•43 views

Nginx has been updated to the latest stable release to fix CVE

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

5.7CVSS6.7AI score0.0032EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•43 views

Updated krb5 packages fix security vulnerabilities

Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References1
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•43 views

Updated microcode packages fix security vulnerabilities

The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some IntelR Processors may allow an authenticated user to potentially enable partial information disclosure via local access. CVE-2023-45733 Sequence of processor instructions leads to unexpected behavi...

8.2CVSS6.3AI score0.00379EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•43 views

Updated python-pymongo packages fix security vulnerability

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

7.3AI score
Exploits0References2
Mageia
Mageia
•added 2024/04/25 4:0 p.m.•43 views

Updated mbedtls packages fix security vulnerability

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. CVE-2024-28960...

8.2CVSS7.3AI score0.0084EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/13 4:56 p.m.•43 views

Updated openssl packages fix security vulnerability

Unbounded memory growth with session handling in TLSv1.3. CVE-2024-2511...

5.9CVSS7.3AI score0.54026EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/11 11:58 p.m.•43 views

Updated postgresql-jdbc packages fix security vulnerability

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.8AI score0.0481EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/19 4:11 p.m.•43 views

Updated ghostscript packages fix security vulnerability

The updated packages fix a security vulnerability: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated...

8.8CVSS7.8AI score0.0468EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•43 views

Updated qt4/qtsvg5 packages fix security vulnerability

Out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend CVE-2021-45930 QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573...

6.5CVSS7.1AI score0.01343EPSS
Exploits1References4
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•43 views

Updated mutt/neomutt packages fix security vulnerability

Out-of-bounds read in imap/util.c when an IMAP sequence set ends with a comma. CVE-2021-32055 Overflow in uudecoder in Mutt allows read past end of input line CVE-2022-1328...

9.1CVSS6.9AI score0.02551EPSS
Exploits2References7
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•43 views

Updated sofia-sip packages fix security vulnerability

The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. CVE-2023-32307...

7.5CVSS6.9AI score0.01056EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•43 views

Updated emacs packages fix security vulnerability

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. CVE-2023-28617...

7.8CVSS8.3AI score0.00469EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•43 views

Updated redis packages fix security vulnerability

Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. CVE-2023-28856...

6.5CVSS7AI score0.00963EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•43 views

Updated sofia-sip packages fix security vulnerability

The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-47516...

7.5CVSS3.9AI score0.01647EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•43 views

Updated ffmpeg packages fix security vulnerability

An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. CVE-2022-3109...

7.5CVSS3AI score0.0142EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•43 views

Updated libksba packages fix security vulnerability

Integer Overflow in LibKSBA. CVE-2022-3515...

9.8CVSS3.6AI score0.01635EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•43 views

Updated canna packages fix security vulnerability

Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. CVE-2022-21950...

5.3CVSS4.1AI score0.00142EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•43 views

Updated wavpack packages fix security vulnerability

Null pointer dereference in wvunpack CVE-2022-2476...

5.5CVSS2.9AI score0.00358EPSS
Exploits1References3
Mageia
Mageia
•added 2022/06/04 8:25 p.m.•43 views

Updated firefox/nss/nspr packages fix security vulnerability

A malicious website could have learned the size of a cross-origin resource that supported Range requests CVE-2022-31736. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash CVE-2022-31737. When exiting fullscreen...

9.8CVSS0.7AI score0.01055EPSS
Exploits0References5
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•43 views

Updated cairo packages fix security vulnerability

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call. CVE-2017-9814...

7.5CVSS5.3AI score0.03463EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•43 views

Updated golang packages fix security vulnerability

encoding/pem: fix stack overflow in Decode. A large more than 5 MB PEM input can cause a stack overflow in Decode, leading the program to crash CVE-2022-24675 crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause P256.ScalarMult or...

7.5CVSS3.7AI score0.05335EPSS
Exploits1References2
Total number of security vulnerabilities5000