Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2014/04/03 3:18 p.m.•44 views

Updated python-imaging package fixes insecure use of temporary files

Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created via mktemp in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perfo...

4.4CVSS8.6AI score0.00492EPSS
Exploits2References4
Mageia
Mageia
•added 2014/03/24 7:37 a.m.•44 views

Updated python package fixes security vulnerabilities

Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...

7.5CVSS2.6AI score0.03913EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/21 6:20 p.m.•44 views

Updated flash-player-plugin package fixes security vulnerabilities

Adobe Flash Player 11.2.202.341 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in...

10CVSS7.5AI score0.24204EPSS
Exploits4References2
Mageia
Mageia
•added 2014/02/16 1:29 p.m.•44 views

Updated libpng12 package fixes security vulnerability

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c CVE-2013-6954...

6.5CVSS6.4AI score0.04692EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/10 8:20 p.m.•44 views

Updated icedtea-web packages fix CVE-2013-6493

Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user...

2.1CVSS2.2AI score0.00482EPSS
Exploits1References3
Mageia
Mageia
•added 2014/02/10 7:51 p.m.•44 views

Updated springframework packages fix CVE-2013-4152

Updated springframework packages fix security vulnerability: Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites CVE-2013-4152...

6.8CVSS2.1AI score0.26467EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/06 1:10 a.m.•44 views

Updated openjpeg package fixes security vulnerabilities

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

7.5CVSS3.8AI score0.05515EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/06 1:2 a.m.•44 views

Updated ruby package fixes security vulnerability

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

6.8CVSS4.3AI score0.34968EPSS
Exploits3References4
Mageia
Mageia
•added 2013/11/30 9:20 p.m.•44 views

Updated graphicsmagick packages fix CVE-2013-4589

Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service DoS. The vulnerability is caused due to an error within the "ExportAlphaQuantumType" function found in...

4.3CVSS1.8AI score0.02328EPSS
Exploits1References4
Mageia
Mageia
•added 2013/11/20 8:56 p.m.•44 views

Updated curl packages fix CVE-2013-4545

Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPTSSLVERIFYHOST check when the CURLOPTSSLVERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled...

4.3CVSS0.9AI score0.03076EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 8:1 p.m.•44 views

Updated apache-mod_fcgid packages fix CVE-2013-4365

Updated apache-modfcgid package fixes security vulnerability: Apache modfcgid before version 2.3.9 fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the...

7.5CVSS7.1AI score0.13141EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/17 6:53 p.m.•44 views

Updated chromium-browser-stable packages fix security vulnerabilities

This updates chromium-browser to the latest stable version, fixing multiple security vulnerabilities. Security fixes: CVE-2013-2906: Races in Web Audio CVE-2013-2907: Out of bounds read in Window.prototype object CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code...

7.5CVSS2.2AI score0.02531EPSS
Exploits1References2
Mageia
Mageia
•added 2013/09/24 9:41 p.m.•44 views

Updated polarssl package fixes security vulnerabilities

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in PolarSSL before 1.2.6, does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and...

4.3CVSS3.3AI score0.35584EPSS
Exploits2References7
Mageia
Mageia
•added 2013/09/20 5:36 a.m.•44 views

Updated glpi package fixes security vulnerabilities

Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 CVE-2013-2226, 0.83.91 CVE-2013-2225, and 0.84.2 CVE-2013-5696. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues...

7.5CVSS3.9AI score0.07855EPSS
Exploits15References1
Mageia
Mageia
•added 2013/07/21 8:41 a.m.•44 views

Updated libxml2 packages fix CVE-2013-2877

It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service CVE-2013-2877...

5CVSS2.2AI score0.04733EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/26 6:7 p.m.•44 views

Updated wireshark packages fix multiple security vulverabilities

The CAPWAP dissector could crash CVE-2013-4074. The HTTP dissector could overrun the stack CVE-2013-4081. The DCP ETSI dissector could crash CVE-2013-4083...

5CVSS0.7AI score0.60643EPSS
Exploits7References7
Mageia
Mageia
•added 2013/06/19 10:13 a.m.•44 views

Updated subversion packages fix security vulnerabilities

Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository CVE-2013-1968. Subversion's svnserve server process ma...

7.8CVSS3.4AI score0.03894EPSS
Exploits0References4
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•44 views

Updated libvirt packages fix security vulnerability

It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd...

5CVSS2.1AI score0.03513EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•43 views

Updated botan2 packages fix security vulnerability

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS6.2AI score0.00542EPSS
Exploits1References2
Mageia
Mageia
•added 2025/01/20 8:1 p.m.•43 views

Updated dcmtk packages fix security vulnerabilities

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...

8.4CVSS7.1AI score0.0061EPSS
Exploits2References2
Mageia
Mageia
•added 2024/10/29 4:11 p.m.•43 views

Updated chromium-browser-stable packages fix security vulnerabilities

Integer overflow in Layout. CVE-2024-7025 Insufficient data validation in Mojo. CVE-2024-9369 Inappropriate implementation in V8. CVE-2024-9370 Type Confusion in V8. CVE-2024-9602 Type Confusion in V8. CVE-2024-9603...

9.6CVSS7.2AI score0.00773EPSS
Exploits2References3
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•43 views

Nginx has been updated to the latest stable release to fix CVE

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

5.7CVSS6.7AI score0.0032EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•43 views

Updated krb5 packages fix security vulnerabilities

Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References1
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•43 views

Updated microcode packages fix security vulnerabilities

The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some IntelR Processors may allow an authenticated user to potentially enable partial information disclosure via local access. CVE-2023-45733 Sequence of processor instructions leads to unexpected behavi...

8.2CVSS6.3AI score0.00379EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•43 views

Updated python-pymongo packages fix security vulnerability

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

7.3AI score
Exploits0References2
Mageia
Mageia
•added 2024/04/13 4:56 p.m.•43 views

Updated openssl packages fix security vulnerability

Unbounded memory growth with session handling in TLSv1.3. CVE-2024-2511...

5.9CVSS7.3AI score0.54026EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/11 11:58 p.m.•43 views

Updated postgresql-jdbc packages fix security vulnerability

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.8AI score0.0481EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/19 4:11 p.m.•43 views

Updated ghostscript packages fix security vulnerability

The updated packages fix a security vulnerability: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated...

8.8CVSS7.8AI score0.0468EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•43 views

Updated qt4/qtsvg5 packages fix security vulnerability

Out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend CVE-2021-45930 QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573...

6.5CVSS7.1AI score0.01343EPSS
Exploits1References4
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•43 views

Updated mutt/neomutt packages fix security vulnerability

Out-of-bounds read in imap/util.c when an IMAP sequence set ends with a comma. CVE-2021-32055 Overflow in uudecoder in Mutt allows read past end of input line CVE-2022-1328...

9.1CVSS6.9AI score0.02551EPSS
Exploits2References7
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•43 views

Updated sofia-sip packages fix security vulnerability

The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. CVE-2023-32307...

7.5CVSS6.9AI score0.01056EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•43 views

Updated redis packages fix security vulnerability

Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. CVE-2023-28856...

6.5CVSS7AI score0.00963EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•43 views

Updated emacs packages fix security vulnerability

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. CVE-2023-28617...

7.8CVSS8.3AI score0.00469EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•43 views

Updated sofia-sip packages fix security vulnerability

The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-47516...

7.5CVSS3.9AI score0.01647EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•43 views

Updated ffmpeg packages fix security vulnerability

An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. CVE-2022-3109...

7.5CVSS3AI score0.0142EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•43 views

Updated libksba packages fix security vulnerability

Integer Overflow in LibKSBA. CVE-2022-3515...

9.8CVSS3.6AI score0.01635EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•43 views

Updated canna packages fix security vulnerability

Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. CVE-2022-21950...

5.3CVSS4.1AI score0.00142EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•43 views

Updated wavpack packages fix security vulnerability

Null pointer dereference in wvunpack CVE-2022-2476...

5.5CVSS2.9AI score0.00358EPSS
Exploits1References3
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•43 views

Updated cairo packages fix security vulnerability

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call. CVE-2017-9814...

7.5CVSS5.3AI score0.03463EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/12 3:7 a.m.•43 views

Updated gnutls packages fix security vulnerability

Null pointer dereference in MDUPDATE. CVE-2021-4209...

6.5CVSS2.5AI score0.01383EPSS
Exploits0References3
Mageia
Mageia
•added 2022/02/12 5:31 p.m.•43 views

Updated firefox packages fix security vulnerability

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...

9.6CVSS0.3AI score0.00926EPSS
Exploits1References3
Mageia
Mageia
•added 2022/02/12 5:31 p.m.•43 views

Updated php-adodb packages fix security vulnerability

Security hotfix release addressing a critical vulnerability in PostgreSQL connections CVE-2021-3850 Additional fixes: Fix usage of getmagic functions 619 657 Fix PHP warning in rs2rs function 679 pdo: Fix Fatal error in query 666 pdo: Fix undefined variable 678 pgsql: Fix Fatal error in close...

9.1CVSS1.4AI score0.0217EPSS
Exploits1References2
Mageia
Mageia
•added 2022/01/27 10:26 p.m.•43 views

Updated aom packages fix security vulnerability

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aomimage.c. CVE-2020-36129 AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1dxiface.c. CVE-2020-36130 AOM v2.0.1 was discovered to contain a stack buffer overflow via the...

8.8CVSS4.1AI score0.01648EPSS
Exploits5References3
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•43 views

Updated gegl packages fix security vulnerability

Fix shell expansion via crafted pathname in the ImageMagick convert fallback...

7.8CVSS3.5AI score0.01439EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•43 views

Updated dovecot packages fix security vulnerabilities

Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...

7.5CVSS5.1AI score0.02837EPSS
Exploits0References8
Mageia
Mageia
•added 2021/12/08 8:4 p.m.•43 views

Updated heimdal packages fix security vulnerability

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ Ticket Granting Server - Request. An authenticated user could use this flaw to crash a samba server using heimdal...

6.5CVSS1.3AI score0.02025EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/08 8:4 p.m.•43 views

Updated vim packages fix security vulnerability

heap-based buffer overflow in findhelptags in src/help.c...

7.8CVSS4AI score0.01792EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•43 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this...

9.8CVSS0.7AI score0.01923EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•43 views

Updated opendmarc packages fix security vulnerability

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field CVE-2019-20790. OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication...

9.8CVSS3.5AI score0.03684EPSS
Exploits3References2
Mageia
Mageia
•added 2021/09/04 5:1 p.m.•43 views

Updated exiv2 packages fix security vulnerabilities

The updated exiv2 packages fix security vulnerabilities: An assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a...

5.5CVSS3.3AI score0.01109EPSS
Exploits0References3
Total number of security vulnerabilities5000