Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2023/04/24 12:20 a.m.•41 views

Updated php-smarty packages fix security vulnerability

Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...

7.1CVSS6.2AI score0.01025EPSS
Exploits0References5
Mageia
Mageia
•added 2023/03/01 9:14 p.m.•41 views

Updated crmsh packages fix security vulnerability

Privilege escalation CVE-2021-3020 and other fixes...

8.8CVSS2.3AI score0.00994EPSS
Exploits0References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•41 views

Updated sdl2 packages fix security vulnerability

Potential memory leak when creating a texture for an OpenGL ES image CVE-2022-4743...

7.5CVSS2.6AI score0.01265EPSS
Exploits0References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•41 views

Updated jpegoptim packages fix security vulnerability

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. CVE-2022-32325...

6.5CVSS2.6AI score0.00896EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•41 views

Updated freerdp packages fix security vulnerability

Affected versions of FreeRDP are missing input length validation in 'drive' channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. CVE-2022-41877...

4.6CVSS5.5AI score0.00719EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•41 views

Updated enlightenment packages fix security vulnerability

Updated enlightenment package to fix the security vulnerability, CVE-2022-37706 that would allow an user to gain root privileges...

7.8CVSS3.5AI score0.05486EPSS
Exploits15References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•41 views

Updated schroot packages fix security vulnerability

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. CVE-2022-2787...

4.3CVSS4.2AI score0.00815EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•41 views

Updated thunderbird packages fix security vulnerability

Mouse Position spoofing with CSS transforms. CVE-2022-36319 Directory indexes for bundled resources reflected URL parameters. CVE-2022-36318...

7.5CVSS4AI score0.00694EPSS
Exploits0References4
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•41 views

Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.998, fixing XSS issues in the HTTP Tunnel and Read Mail modules, along with several other bugs...

1.2AI score
Exploits0References3
Mageia
Mageia
•added 2022/05/28 8:56 a.m.•41 views

Updated admesh packages fix security vulnerability

ADMesh through 0.98.4 has a heap-based buffer over-read in stlupdateconnectsremove1 called from stlremovedegenerate in connect.c in libadmesh.a. CVE-2018-25033...

8.1CVSS2.3AI score0.0102EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/28 8:56 a.m.•41 views

Updated pidgin packages fix security vulnerability

MITM vulnerability when DNSSEC wasn't used CVE-2022-26491...

5.9CVSS2.2AI score0.02419EPSS
Exploits0References5
Mageia
Mageia
•added 2022/05/19 7:56 a.m.•41 views

Updated python-oslo-utils packages fix security vulnerability

oslo.utils could be made to expose sensitive information if it received a specially crafted input CVE-2022-0718...

4.9CVSS2.6AI score0.01335EPSS
Exploits1References2
Mageia
Mageia
•added 2022/04/15 9:35 p.m.•41 views

Updated ruby packages fix security vulnerability

Double free in Regexp compilation CVE-2022-28738. A buffer overrun was found in String-to-Float conversion CVE-2022-28739...

9.8CVSS3.7AI score0.04127EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/15 9:35 p.m.•41 views

Updated crun packages fix security vulnerability

Containers were started incorrectly with non-empty inheritable Linux process capabilities. CVE-2022-27650...

7.5CVSS3.5AI score0.01124EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/02 10:22 p.m.•41 views

Updated libtiff packages fix security vulnerability

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-0907...

5.5CVSS5.2AI score0.0127EPSS
Exploits1References2
Mageia
Mageia
•added 2022/02/12 5:31 p.m.•41 views

Updated thunderbird packages fix security vulnerabilities

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...

9.6CVSS0.3AI score0.00926EPSS
Exploits1References3
Mageia
Mageia
•added 2022/01/25 12:13 p.m.•41 views

Updated libreswan packages fix security vulnerability

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. CVE-2022-23094...

7.5CVSS5.4AI score0.02699EPSS
Exploits1References4
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•41 views

Updated eclipse packages fix security vulnerability

Authenticate active help requests to the local help web server CVE-2020-27225...

7.8CVSS1.2AI score0.00336EPSS
Exploits1References2
Mageia
Mageia
•added 2021/11/20 7:31 p.m.•41 views

Updated arpwatch packages fix security vulnerability

A symbolic link Symlink following vulnerability in arpwatch allows local attackers with control of the runtime user to run arpwatch and to escalate to root upon the next restart of arpwatch. CVE-2021-25321...

7.8CVSS4.4AI score0.00441EPSS
Exploits1References3
Mageia
Mageia
•added 2021/09/29 5:22 p.m.•41 views

Updated mosquitto packages fix security vulnerability

Mosquitto is updated to 2.0.12 to fix security vulnerability: In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client...

5.3CVSS2.3AI score0.01367EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/28 8:0 p.m.•41 views

Updated aspell packages fix security vulnerability

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist CVE-2019-25051...

7.8CVSS4.5AI score0.00549EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/12 8:26 p.m.•41 views

Updated libgrss packages fix security vulnerability

libgrss does not perform any TLS certificate verification because it uses the deprecated SoupSessionAsync, which requires manually enabling certificate verification, rather than a modern SoupSession that has good defaults CVE-2016-20011...

7.5CVSS2.5AI score0.01469EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•41 views

Updated libcroco and gettext packages fix security vulnerability

libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption CVE-2020-12825...

7.1CVSS4.6AI score0.02319EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•41 views

Updated avahi packages fix a security vulnerability

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...

5.5CVSS1.7AI score0.00374EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/09 12:27 a.m.•41 views

Updated zstd packages fix a security vulnerability

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions matching the input would only be set at completion time. Output files could therefore be readable or writable to unintended parties CVE-2021-24031...

5.5CVSS1.3AI score0.00431EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•41 views

Updated dhcp packages fix a security vulnerability

A flaw was found in the Dynamic Host Configuration Protocol DHCP. There is a discrepancy between the code that handles encapsulated option information inleases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. This flaw allo...

7.4CVSS1.6AI score0.06118EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•41 views

Updated libgcrypt packages fix a security vulnerability

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately CVE-2021-33560...

7.5CVSS7AI score0.02342EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•41 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Out of bounds-read when parsing a WMCOPYDATA message. CVE-2021-29964 Memory safety bugs fixed in Thunderbird 78.11. CVE-2021-29967...

8.8CVSS4.2AI score0.01368EPSS
Exploits0References3
Mageia
Mageia
•added 2021/04/15 7:3 p.m.•41 views

Updated thunderbird packages fix security vulnerabilities

An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991. A crafted OpenPGP key with an invalid user ID could be used to confuse the user CVE-2021-23992. Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key CVE-2021-23993...

6.8CVSS1.6AI score0.01035EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/30 8:8 p.m.•41 views

Updated glib2.0 packages fix security vulnerability

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

5.3CVSS1.3AI score0.02622EPSS
Exploits1References2
Mageia
Mageia
•added 2021/03/14 9:20 p.m.•41 views

Updated mediainfo packages a fix security vulnerability

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in StreamsFillPerStream in Multiple/FileMpegPs.cpp aka an off-by-one during MpegPs parsing CVE-2020-15395...

7.8CVSS4.7AI score0.01083EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/04 4:53 p.m.•41 views

Updated bind packages fix security vulnerability

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, which could result in denial of service daemon crash, or potentially the execution of arbitrary code CVE-2020-8625. The default configuration is not vulnerable to...

8.1CVSS4.3AI score0.64161EPSS
Exploits0References3
Mageia
Mageia
•added 2021/02/04 1:40 p.m.•41 views

Updated firefox packages fix security vulnerabilities

When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing CVE-2020-26976. If a user clicked into a...

8.8CVSS0.1AI score0.01556EPSS
Exploits0References3
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•41 views

Updated synergy packages fix a security vulnerability

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS2.4AI score0.02494EPSS
Exploits0References6
Mageia
Mageia
•added 2021/01/14 3:13 p.m.•41 views

Updated bison packages fix a security vulnerability

It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash CVE-2020-14150...

5.5CVSS4.7AI score0.00401EPSS
Exploits0References1
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•41 views

Updated rawtherapee package fixes a security vulnerability

There is a floating point exception in dcrawcommon.cpp of libRAW. It will lead to remote denial of service attack. This code is embedded in rawtherapee CVE-2017-13735...

7.5CVSS3.3AI score0.02988EPSS
Exploits0References2
Mageia
Mageia
•added 2020/11/21 12:21 p.m.•41 views

Updated raptor2 packages fix a security vulnerability

A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon. CVE-2020-25713...

6.5CVSS2.9AI score0.02143EPSS
Exploits0References4
Mageia
Mageia
•added 2020/11/10 3:20 p.m.•41 views

Updated spice and spice-gtk packages fix a security vulnerability

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

6.6CVSS3.8AI score0.02656EPSS
Exploits0References4
Mageia
Mageia
•added 2020/10/29 10:25 p.m.•41 views

Updated tomcat packages fix a security vulnerability

If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...

4.3CVSS5.6AI score0.57286EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/21 1:7 p.m.•41 views

Updated geary package fixes a security vulnerability

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates e.g., self-signed certificates when the client system is not configured to use a system-provided PKCS11 store. This allows a meddler in the middle to present a...

5.9CVSS1.8AI score0.00922EPSS
Exploits1References2
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•41 views

Updated flash-player-plugin package fixes security vulnerability

NULL Pointer Dereference that leads to arbitrary code execution in the context of the current user. CVE-2020-9746...

9.3CVSS3.2AI score0.04244EPSS
Exploits0References2
Mageia
Mageia
•added 2020/09/06 8:33 p.m.•41 views

Updated python-rsa packages fix security vulnerability

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS1.8AI score0.01359EPSS
Exploits1References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•41 views

Updated nasm packages fix security vulnerability

Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file CVE-2018-10254. Netwide Assembler NAS...

7.8CVSS4AI score0.05166EPSS
Exploits13References3
Mageia
Mageia
•added 2020/07/10 3:40 p.m.•41 views

Updated ffmpeg packages fix security vulnerability

Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...

10CVSS3.7AI score0.03756EPSS
Exploits3References4
Mageia
Mageia
•added 2020/07/10 3:40 p.m.•41 views

Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

7.1CVSS2.6AI score0.0112EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/10 8:1 a.m.•41 views

Updated samba packages fix security vulnerability

Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2020-10730. Douglas Bagnall...

7.8CVSS3AI score0.03874EPSS
Exploits0References7
Mageia
Mageia
•added 2020/07/05 7:48 p.m.•41 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerabilities: libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename CVE-2019-20839. libvncserver/rfbregion.c had a NULL pointer dereference CVE-2020-14397. Byte-aligned data was accessed through uint32t pointers in...

7.5CVSS6.1AI score0.03589EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•41 views

Updated libexif packages fix security vulnerability

The updated packages fix a security vulnerability: In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

7.5CVSS5.4AI score0.04262EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•41 views

Updated vlc packages fix security vulnerability

Updated vlc packages fixes security vulnerability: A heap-based buffer overflow in the hxxxAnnexBtoxVC function in modules/packetizer/hxxxnal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted...

7.8CVSS6.7AI score0.02391EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•42 views

Updated axel packages fix security vulnerability

Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification CVE-2020-13614. The axel package has been updated to version 2.17.8, fixing this issue and other bugs...

5.9CVSS3AI score0.01928EPSS
Exploits1References3
Total number of security vulnerabilities5000