Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2014/02/21 6:13 p.m.•43 views

Updated freeradius package fixes security vulnerability

SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlmpap module if the password source uses an unusually long hashed password CVE-2014-2015...

7.5CVSS9.6AI score0.03912EPSS
Exploits1References4
Mageia
Mageia
•added 2014/02/12 5:15 p.m.•43 views

Updated qemu package fixes security vulnerability

Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service CVE-2013-4377. Additionally, qemu has been updated to 1.6.2, fixing several other bugs...

2.3CVSS1.5AI score0.0046EPSS
Exploits0References3
Mageia
Mageia
•added 2013/12/12 10:21 p.m.•43 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

7.5CVSS2.1AI score0.02142EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/25 9:0 p.m.•43 views

Updated icu packages fix CVE-2013-2924

Updated icu packages fix security vulnerability: It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program...

7.5CVSS3AI score0.02531EPSS
Exploits0References2
Mageia
Mageia
•added 2013/10/05 5:55 p.m.•43 views

Updated libvirt package fixes security vulnerabilities

It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service CVE-2013-4296. It was discovered that libvirt incorrectly handled certain bitmap operations. A remote attacker could...

5CVSS2.3AI score0.02678EPSS
Exploits1References1
Mageia
Mageia
•added 2013/10/05 5:44 p.m.•43 views

Updated openjpa packages fix CVE-2013-1768

Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to...

7.5CVSS3.9AI score0.09511EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/30 5:36 p.m.•43 views

Updated asterisk package fixes security vulnerabilities

A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present CVE-2013-5641. A remotely exploitable crash vulnerability exists in the S...

5CVSS0.2AI score0.11653EPSS
Exploits0References3
Mageia
Mageia
•added 2013/08/30 5:30 p.m.•43 views

Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once

Updated php packages fix security vulnerability: The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

4.3CVSS2.9AI score0.03588EPSS
Exploits0References5
Mageia
Mageia
•added 2013/07/26 11:52 a.m.•43 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline CVE-2013-2853. Chrome does not properly prevent pop-under windows CVE-2013-2867...

9.3CVSS0.5AI score0.02333EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/26 11:34 a.m.•43 views

Updated apache packages fix CVE-2013-1896

Updated apache packages fix security vulnerability: moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

4.3CVSS3.7AI score0.29484EPSS
Exploits3References4
Mageia
Mageia
•added 2025/04/12 4:23 a.m.•42 views

Updated gnupg2 packages fix security vulnerability

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS". CVE-2025-30258...

4.7CVSS6.1AI score0.00179EPSS
Exploits1References2
Mageia
Mageia
•added 2025/03/26 3:43 a.m.•42 views

Updated bluez packages fix security vulnerabilities

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2023-44431 BlueZ Audio Profile AVRCP avrcpparseattributelist Out-Of-Bounds Read Information Disclosure Vulnerability. CVE-2023-51580 BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read...

8CVSS7.9AI score0.01563EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/04 9:9 p.m.•42 views

Updated ruby packages fix security vulnerabilities

The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . CVE-2024-39908 The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . CVE-2024-41123 The REXML gem...

8.7CVSS7.3AI score0.02064EPSS
Exploits1References9
Mageia
Mageia
•added 2024/09/19 6:4 p.m.•42 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.50 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

8.8CVSS8AI score0.00879EPSS
Exploits8References8
Mageia
Mageia
•added 2024/07/04 4:48 p.m.•42 views

Updated openvpn packages fix security vulnerability

Control channel: refuse control channel messages with nonprintable characters in them. CVE-2024-5594...

9.1CVSS7.3AI score0.00805EPSS
Exploits0References3
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•42 views

Updated microcode fixes bugs and a security vulnerability

The updated package contains microcode updates for Intel and AMD CPUs, including a fix for a security vulnerability: Sequence of processor instructions leads to unexpected behavior for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or...

8.8CVSS7.2AI score0.01728EPSS
Exploits0References3
Mageia
Mageia
•added 2023/12/08 10:55 a.m.•42 views

Updated firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...

8.8CVSS8.1AI score0.01406EPSS
Exploits0References4
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•42 views

Updated poppler packages fix security vulnerability

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial...

6.5CVSS6.8AI score0.00927EPSS
Exploits2References2
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•42 views

Updated mysql-connector-c++ packages fix security vulnerability

The program plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407...

8.8CVSS9.3AI score0.04123EPSS
Exploits0References2
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•42 views

Updated ruby-git packages fix security vulnerability

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. CVE-2022-46648, CVE-2022-47318...

8.8CVSS6.9AI score0.0136EPSS
Exploits0References3
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•42 views

Updated ipython packages fix security vulnerability

Executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to. CVE-2022-21699...

8.8CVSS3.6AI score0.00657EPSS
Exploits1References6
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•42 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 109.0.5414.119 release, fixing 6 vulnerabilities. Some of the security fixes are: High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 High CVE-2023-0472: Use after...

8.8CVSS9.1AI score0.00736EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•44 views

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...

7.8CVSS8.1AI score0.00635EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•42 views

Updated libtasn1 packages fix security vulnerability

GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder. CVE-2021-46848...

9.1CVSS2.3AI score0.02062EPSS
Exploits1References4
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•42 views

Updated python-joblib packages fix security vulnerability

Arbitrary Code Execution in joblib CVE-2022-21797...

9.8CVSS3.2AI score0.01975EPSS
Exploits1References2
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•42 views

Updated SDL12 packages fix security vulnerability

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVE-2021-33657 SDL v1.2 was discovered to contai...

8.8CVSS5.1AI score0.01986EPSS
Exploits1References5
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•42 views

Updated dpkg packages fix security vulnerability

A malicious source package could write files outside the unpack directory. CVE-2022-1664...

9.8CVSS2.2AI score0.02871EPSS
Exploits0References3
Mageia
Mageia
•added 2022/07/13 8:44 p.m.•42 views

Updated gnupg2 packages fix security vulnerability

In unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line. CVE-2022-34903...

6.5CVSS3.8AI score0.02551EPSS
Exploits1References3
Mageia
Mageia
•added 2022/06/24 8:50 p.m.•42 views

Updated exo packages fix security vulnerability

Changed to prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...

8.8CVSS0.6AI score0.0151EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/19 7:56 a.m.•42 views

Updated htmldoc packages fix security vulnerability

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

5.5CVSS0.7AI score0.00917EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/30 5:6 p.m.•42 views

Updated openvpn packages fix security vulnerability

Potential authentication by-pass with multiple deferred authentication plug-ins. CVE-2022-0547...

9.8CVSS2.9AI score0.03519EPSS
Exploits0References4
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•42 views

Updated firefox packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free CVE-2022-26485. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape CVE-2022-26486...

9.6CVSS1.1AI score0.14261EPSS
Exploits2References3
Mageia
Mageia
•added 2022/02/15 8:50 p.m.•42 views

Updated nonfree firmware packages fix security vulnerabilities

This update provides new and updated nonfree firmwares and fixes at least the following security issues: Improper input validation in firmware for IntelR PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access CVE-2021-0066 / SA-00539...

8.4CVSS7.1AI score0.00515EPSS
Exploits0References3
Mageia
Mageia
•added 2022/01/25 12:13 p.m.•42 views

Updated libreswan packages fix security vulnerability

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. CVE-2022-23094...

7.5CVSS5.4AI score0.02699EPSS
Exploits1References4
Mageia
Mageia
•added 2022/01/15 8:9 a.m.•42 views

Updated systemd packages fix security vulnerability

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. CVE-2021-3997...

5.5CVSS3.3AI score0.01561EPSS
Exploits1References5
Mageia
Mageia
•added 2022/01/15 8:9 a.m.•42 views

Updated mbedtls packages fix security vulnerability

This update provides Mbed TLS 2.16.12, with a number of bug fixes and a security fix. Mbed TLS has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslsetsession failure. CVE-2021-44732...

9.8CVSS1.7AI score0.02569EPSS
Exploits1References3
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•42 views

Updated matio packages fix security vulnerability

Updated matio packages fix security vulnerability: A memory leak was discovered in MatVarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case CVE-2019-20052...

6.5CVSS2.1AI score0.01082EPSS
Exploits1References1
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•42 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service large delays for responses for client...

5.3CVSS6.2AI score0.08001EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/02 4:49 p.m.•42 views

Updated udisks2/libblockdev packages fix security vulnerability

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability...

6.3CVSS3AI score0.00808EPSS
Exploits1References2
Mageia
Mageia
•added 2021/11/18 9:50 p.m.•42 views

Updated python-django-filter packages fix security vulnerability

In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents...

7.5CVSS3.7AI score0.01797EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•42 views

Updated virtualbox packages fix security vulnerability

This update provides the upstream 6.1.24 maintenance release that fixes at least the following security vulnerabilities: An easily exploitable vulnerability in the Oracle VM VirtualBox component: Core prior to 6.1.24 allows high privileged attacker with logon to the infrastructure where Oracle VM...

8.2CVSS2.5AI score0.00731EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/25 2:43 p.m.•42 views

Updated matio packages fix a security vulnerability

A memory leak was discovered in MatVarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case CVE-2019-20052...

6.5CVSS2.1AI score0.01082EPSS
Exploits1References2
Mageia
Mageia
•added 2021/05/21 10:47 p.m.•42 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Thunderbird stored OpenPGP secret keys without master password protection CVE-2021-29956. Partial protection of inline OpenPGP message not indicated CVE-2021-29957...

4.3CVSS3.1AI score0.0094EPSS
Exploits2References4
Mageia
Mageia
•added 2021/04/12 7:59 p.m.•42 views

Updated tor packages fix security vulnerabilities

The dumpdesc function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage CVE-2021-28089. A bug in appending detached signatures to a pending consensus document could be used to crash a directory authority...

7.5CVSS2AI score0.02096EPSS
Exploits0References2
Mageia
Mageia
•added 2021/03/30 8:8 p.m.•42 views

Updated python-aiohttp package fixes security vulnerability

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website CVE-2021-21330...

6.1CVSS2AI score0.01905EPSS
Exploits0References3
Mageia
Mageia
•added 2021/03/14 9:20 p.m.•42 views

Updated mediainfo packages a fix security vulnerability

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in StreamsFillPerStream in Multiple/FileMpegPs.cpp aka an off-by-one during MpegPs parsing CVE-2020-15395...

7.8CVSS4.7AI score0.01083EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/12 1:25 a.m.•42 views

Updated ansible packages fix security vulnerability

User data leak in snmpfacts module CVE-2021-20178. Multiple collections exposed secured values CVE-2021-20191. In basic.py, nolog with fallback option CVE-2021-20228. The ansible package has been patched to fix these issues...

7.5CVSS2.4AI score0.02043EPSS
Exploits0References2
Mageia
Mageia
•added 2021/03/04 12:26 p.m.•42 views

Updated thunderbird packages fix security vulnerabilities

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs CVE-2021-23968. As specified in the W3C...

8.8CVSS0.8AI score0.0153EPSS
Exploits0References3
Mageia
Mageia
•added 2020/10/20 4:22 p.m.•42 views

Updated tigervnc packages fix a security vulnerability

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. CVE-2020-26117...

8.1CVSS4.2AI score0.0306EPSS
Exploits0References5
Mageia
Mageia
•added 2020/09/30 10:1 a.m.•42 views

Updated firefox packages fix security vulnerabilities

Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2020-15673. Firefox sometimes ran the onload...

8.8CVSS0.8AI score0.01961EPSS
Exploits0References11
Total number of security vulnerabilities5000