Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2018/10/26 6:47 p.m.•87 views

Updated busybox packages fix security vulnerability

Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address CVE-2015-9261...

5.5CVSS7.6AI score0.02368EPSS
Exploits6References2
Mageia
Mageia
•added 2018/08/12 8:39 p.m.•87 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.62 and fixes at least the following security issues: Security researchers from FICORA have identified a remote denial of service attack against the Linux kernel caused by inefficient implementation of TCP segment reassembly, named "SegmentSmack". A...

7.8CVSS4.3AI score0.7354EPSS
Exploits0References7
Mageia
Mageia
•added 2018/01/03 3:50 p.m.•87 views

Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

8.8CVSS4.2AI score0.05928EPSS
Exploits1References5
Mageia
Mageia
•added 2017/06/09 11:5 p.m.•87 views

Updated zoneminder packages fix security vulnerability

This update fixes the following security issues: Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a...

9.8CVSS10AI score0.06739EPSS
Exploits12References8
Mageia
Mageia
•added 2016/10/11 10:12 p.m.•87 views

Updated openssl packages fix security vulnerabilities

Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...

9.8CVSS0.9AI score0.95707EPSS
Exploits8References3
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•86 views

Updated kicad packages fix security vulnerability

Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malformed Gerber/Excellon files, as follows. A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber...

7.8CVSS5.6AI score0.01736EPSS
Exploits3References5
Mageia
Mageia
•added 2022/06/13 8:44 p.m.•86 views

Updated nats-server packages fix security vulnerability

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. CVE-2022-24450...

9CVSS4AI score0.01305EPSS
Exploits0References2
Mageia
Mageia
•added 2022/02/02 9:29 p.m.•86 views

Updated chromium-browser-stable packages fix security vulnerability

CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...

9.6CVSS8.5AI score0.85352EPSS
Exploits21References3
Mageia
Mageia
•added 2021/03/04 12:26 p.m.•86 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.19 and fixes at least the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y, CONFIGBPF=y, CONFIGCGROUPS=y, CONFIGCGROUPBPF=y,...

7.8CVSS1AI score0.00544EPSS
Exploits1References7
Mageia
Mageia
•added 2020/11/08 2:14 p.m.•86 views

Updated mariadb packages fix security vulnerabilities

The latest release of mariadb fixes some undisclosed easily exploitable vulnerabilities. CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 and CVE-2020-14812. Additionally some bugs are fixed: - Temporary tables can overwrite existing files MDEV-23569 - Crash on SELECT on a table with indexed...

6.8CVSS6.7AI score0.03012EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/14 12:37 a.m.•86 views

Updated ncurses packages fix security vulnerabilities

Updated ncurses packages fix security vulnerabilities: Heap-based buffer over-read in the ncfindentry function CVE-2019-17594. Heap-based buffer over-read in the fmtentry function CVE-2019-17595...

5.8CVSS6.9AI score0.02034EPSS
Exploits2References2
Mageia
Mageia
•added 2018/09/20 11:17 p.m.•86 views

Updated bouncycastle packages fix security vulnerabilities

Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of...

9.8CVSS1.1AI score0.24282EPSS
Exploits0References4
Mageia
Mageia
•added 2017/02/25 8:29 a.m.•86 views

Updated kernel-linus fixes security vulnerabilities

This kernel-linus update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access t...

9.8CVSS3.9AI score0.0596EPSS
Exploits13References12
Mageia
Mageia
•added 2014/08/05 9:36 p.m.•86 views

Updated kernel packages fix security vulnerabilities

This kernel update provides the upstream 3.10.50 longterm kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

7.1CVSS6.5AI score0.05794EPSS
Exploits0References7
Mageia
Mageia
•added 2013/07/16 8:8 a.m.•86 views

Updated kernel-rt package fixes security issues.

This kernel-rt update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access t...

7.9CVSS2.5AI score0.07313EPSS
Exploits5References2
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•85 views

Updated openssh packages fix security vulnerability

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems. CVE-2024-6387...

8.1CVSS7.3AI score0.99506EPSS
Exploits68References3
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•85 views

Updated mariadb packages fix security vulnerability

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 A use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc. CVE-2022-32081 An assertion failure at table-getrefcount == 0 in...

7.5CVSS4.8AI score0.51733EPSS
Exploits6References2
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•85 views

Updated kernel packages fix security vulnerability

This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in...

9.8CVSS7.2AI score0.02503EPSS
Exploits1References33
Mageia
Mageia
•added 2020/02/04 11:7 a.m.•85 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.17 and fixes at least the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running lin...

10CVSS8.9AI score0.08667EPSS
Exploits0References7
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•85 views

Updated xmlrpc packages fix security vulnerabilities

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD CVE-2016-5002. A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that...

9.8CVSS4.2AI score0.14876EPSS
Exploits1References2
Mageia
Mageia
•added 2018/02/05 7:12 p.m.•85 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.16 and fixes several security issues. The most important fixes in this update is for the security issue named "Spectre, variant 2 CVE-2017-5715" that is partly mitigated by enabling retpoline support. For full retpoline mitigation, kernel needs to ...

7.8CVSS7.2AI score0.93838EPSS
Exploits17References4
Mageia
Mageia
•added 2018/01/01 10:38 a.m.•85 views

Updated apache packages fix security vulnerability

modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...

9.8CVSS0.4AI score0.94999EPSS
Exploits17References5
Mageia
Mageia
•added 2017/12/22 10:31 a.m.•85 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.105 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

8.8CVSS0.9AI score0.02285EPSS
Exploits8References14
Mageia
Mageia
•added 2014/05/08 9:29 p.m.•85 views

Updated postgresql packages fix multiple security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

6.5CVSS9.5AI score0.06666EPSS
Exploits6References5
Mageia
Mageia
•added 2024/07/14 5:23 a.m.•84 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.37 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.8CVSS7.9AI score0.01483EPSS
Exploits6References10
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•84 views

Updated minetest packages fix security vulnerability

This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...

10CVSS0.7AI score0.02195EPSS
Exploits0References6
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•84 views

Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...

7.8CVSS2.8AI score0.22791EPSS
Exploits2References5
Mageia
Mageia
•added 2022/08/06 3:43 p.m.•84 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.58 and fixes at least the following security issues: Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled CVE-2022-21505. Aliases in the branch predictor may cause some AMD processors to predict the...

7.8CVSS7.7AI score0.04947EPSS
Exploits1References6
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•84 views

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.5.14 and fixes at least the following security vulnerabilities: In the Linux kernel 5.3.10, there is a use-after-free read in the perftracelockacquire function related to include/trace/events/lock.h CVE-2019-19769. Manfred Paul discovered that the bpf verifier i...

7.8CVSS0.8AI score0.0606EPSS
Exploits9References6
Mageia
Mageia
•added 2019/05/07 9:38 p.m.•84 views

Updated java-1.8.0-openjdk packages fix security vulnerability

The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID. CVE-2019-2698 Slow conversion of BigDecimal to long. CVE-2019-2602 Incorrect skeleton selection in RMI registry server-side dispatch handling. CVE-2019-2684...

8.1CVSS7.6AI score0.37618EPSS
Exploits1References3
Mageia
Mageia
•added 2018/02/23 5:14 p.m.•84 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.20 and adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. Arm platorm has now also addedmitigations for Meltdown CVE-2017-5754 and Spectre, variant 2 CVE-2017-5715. For other fixes in this update, read the referenced changelogs...

5.6CVSS7AI score0.84172EPSS
Exploits10References3
Mageia
Mageia
•added 2017/02/20 1:0 p.m.•84 views

Updated gnutls packages fix security vulnerability

Remote denial of service in SSL alert handling. CVE-2016-8610 In gnutlsx509extimportproxy: if the language was set but the policy wasn't, that could lead to a double free. CVE-2017-5334 Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows. CVE-2017-5335,...

9.8CVSS2.3AI score0.39657EPSS
Exploits1References4
Mageia
Mageia
•added 2016/02/17 7:6 p.m.•84 views

Updated nginx packages fix security vulnerabilities

Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...

9.8CVSS3.2AI score0.81958EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/09 6:33 p.m.•84 views

Updated php-radius packages fix CVE-2013-2220

Updated php-radius package fixes security vulnerability: Fix a security issue in radiusgetvendorattr by enforcing checks of the VSA length field against the buffer size CVE-2013-2220...

7.5CVSS1.8AI score0.03684EPSS
Exploits1References3
Mageia
Mageia
•added 2026/05/13 7:0 a.m.•83 views

Updated perl-Gazelle packages fix security vulnerability

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40562...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
Mageia
Mageia
•added 2023/09/27 4:31 p.m.•83 views

Updated glibc packages fix security and other bugs

getaddrinfo: Fix use after free in getcanonname CVE-2023-4806 Stack read overflow with large TCP responses in no-aaaa mode CVE-2023-4527 elf: Introduce to dlcallfini elf: Do not run constructors for proxy objects elf: Always call destructors in reverse constructor order BZ 30785 elf: Remove unuse...

6.5CVSS7.4AI score0.01508EPSS
Exploits1References3
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•83 views

Updated docker-containerd packages fix security vulnerability

Memory leak. CVE-2022-23471 Denial of service with maliciously crafted image with a large file CVE-2023-25153 Security bypass due to improper supplementary group handling. CVE-2023-25173...

7.8CVSS7AI score0.01022EPSS
Exploits1References6
Mageia
Mageia
•added 2022/01/25 12:13 p.m.•83 views

Updated mysql-connector-c++ packages fix security vulnerability

Buffer overflow due to inccorect calculation in EVPPKEYdecrypt. CVE-2021-3711 Denial of Service attack due to possible non-zero terminated strings. CVE-2021-3712...

9.8CVSS8.3AI score0.87816EPSS
Exploits1References2
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•83 views

Updated postgresql packages fix security vulnerability

Memory disclosure in certain queries. CVE-2021-3677...

6.5CVSS2AI score0.0142EPSS
Exploits0References3
Mageia
Mageia
•added 2021/08/23 5:28 a.m.•83 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.60 and fixes at least the following security issues: A missing validation of the "intctl" VMCB field allows a malicious L1 guest to enable AVIC support Advanced Virtual Interrupt Controller for the L2 guest. The L2 guest is able to write to a...

8.8CVSS6.8AI score0.00658EPSS
Exploits1References5
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•83 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

5.5CVSS6.1AI score0.00922EPSS
Exploits4References2
Mageia
Mageia
•added 2021/03/07 9:35 p.m.•83 views

Updated kernel packages fix security issues and possible filesystem corruption

This kernel update is based on upstream 5.10.20 and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC. This flaw...

6.5CVSS1AI score0.00708EPSS
Exploits1References5
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•83 views

Updated mysql-connector-python packages fix security vulnerability

Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion o...

8.1CVSS5AI score0.02518EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/25 8:24 a.m.•83 views

Updated nonfree firmware packages fixes security vulnerabilities

This firmware update fixes the following security issues: bcm4356, bcm4354, bcm43362, bcm43340, bcm43430: - dropping replayed M3 for offloaded 4-way handshake CVE-2017-13077, CVE-2017-13078, CVE-2017-13079 - dropping replayed G1 for offloaded GTK rekey CVE-2017-13080, CVE-2017-13081 Also in this...

6.8CVSS1.7AI score0.02388EPSS
Exploits0References1
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•83 views

Updated kernel-tmb packages fix security vulnerabilities

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS4AI score0.15073EPSS
Exploits16References4
Mageia
Mageia
•added 2015/01/27 9:8 p.m.•83 views

Updated php packages fix security vulnerabilities

Updated php and libgd packages fix security vulnerabilities: Double free vulnerability in the zendtshashgracefuldestroy function in zendtshash.c in the Zend Engine in PHP before 5.5.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vecto...

7.5CVSS9.8AI score0.42593EPSS
Exploits7References2
Mageia
Mageia
•added 2014/07/08 10:30 p.m.•83 views

Updated php packages fix multiple vulnerabilities

Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

7.5CVSS8.5AI score0.30128EPSS
Exploits6References3
Mageia
Mageia
•added 2025/03/15 1:40 a.m.•82 views

Updated ghostscript packages fix security vulnerabilities

This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834 The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator...

9.8CVSS7.1AI score0.00806EPSS
Exploits0References1
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•82 views

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

7.5CVSS7AI score0.03397EPSS
Exploits0References3
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•82 views

Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

9.8CVSS3.5AI score0.05378EPSS
Exploits1References3
Total number of security vulnerabilities5000