Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2021/07/09 12:27 a.m.•41 views

Updated zstd packages fix a security vulnerability

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions matching the input would only be set at completion time. Output files could therefore be readable or writable to unintended parties CVE-2021-24031...

5.5CVSS1.3AI score0.00431EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•41 views

Updated dhcp packages fix a security vulnerability

A flaw was found in the Dynamic Host Configuration Protocol DHCP. There is a discrepancy between the code that handles encapsulated option information inleases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. This flaw allo...

7.4CVSS1.6AI score0.06118EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•41 views

Updated libgcrypt packages fix a security vulnerability

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately CVE-2021-33560...

7.5CVSS7AI score0.02342EPSS
Exploits0References3
Mageia
Mageia
•added 2021/05/16 8:54 p.m.•41 views

Updated avahi packages fix a security vulnerability

Avoid infinite loop by handling HUP event in clientwork. CVE-2021-3468...

5.5CVSS1.7AI score0.0045EPSS
Exploits0References4
Mageia
Mageia
•added 2021/04/15 7:3 p.m.•41 views

Updated thunderbird packages fix security vulnerabilities

An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991. A crafted OpenPGP key with an invalid user ID could be used to confuse the user CVE-2021-23992. Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key CVE-2021-23993...

6.8CVSS1.6AI score0.01035EPSS
Exploits1References3
Mageia
Mageia
•added 2021/03/30 8:8 p.m.•41 views

Updated glib2.0 packages fix security vulnerability

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

5.3CVSS1.3AI score0.02622EPSS
Exploits1References2
Mageia
Mageia
•added 2021/03/04 4:53 p.m.•41 views

Updated bind packages fix security vulnerability

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, which could result in denial of service daemon crash, or potentially the execution of arbitrary code CVE-2020-8625. The default configuration is not vulnerable to...

8.1CVSS4.3AI score0.64161EPSS
Exploits0References3
Mageia
Mageia
•added 2021/02/04 1:40 p.m.•41 views

Updated firefox packages fix security vulnerabilities

When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing CVE-2020-26976. If a user clicked into a...

8.8CVSS0.1AI score0.01556EPSS
Exploits0References3
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•41 views

Updated synergy packages fix a security vulnerability

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS2.4AI score0.02494EPSS
Exploits0References6
Mageia
Mageia
•added 2021/01/14 3:13 p.m.•41 views

Updated bison packages fix a security vulnerability

It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash CVE-2020-14150...

5.5CVSS4.7AI score0.00401EPSS
Exploits0References1
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•41 views

Updated rawtherapee package fixes a security vulnerability

There is a floating point exception in dcrawcommon.cpp of libRAW. It will lead to remote denial of service attack. This code is embedded in rawtherapee CVE-2017-13735...

7.5CVSS3.3AI score0.02988EPSS
Exploits0References2
Mageia
Mageia
•added 2020/11/21 12:21 p.m.•41 views

Updated raptor2 packages fix a security vulnerability

A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon. CVE-2020-25713...

6.5CVSS2.9AI score0.02143EPSS
Exploits0References4
Mageia
Mageia
•added 2020/11/10 3:20 p.m.•41 views

Updated spice and spice-gtk packages fix a security vulnerability

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

6.6CVSS3.8AI score0.02656EPSS
Exploits0References4
Mageia
Mageia
•added 2020/10/29 10:25 p.m.•41 views

Updated tomcat packages fix a security vulnerability

If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...

4.3CVSS5.6AI score0.57286EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/21 1:7 p.m.•41 views

Updated geary package fixes a security vulnerability

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates e.g., self-signed certificates when the client system is not configured to use a system-provided PKCS11 store. This allows a meddler in the middle to present a...

5.9CVSS1.8AI score0.00922EPSS
Exploits1References2
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•41 views

Updated flash-player-plugin package fixes security vulnerability

NULL Pointer Dereference that leads to arbitrary code execution in the context of the current user. CVE-2020-9746...

9.3CVSS3.2AI score0.04244EPSS
Exploits0References2
Mageia
Mageia
•added 2020/09/06 8:33 p.m.•41 views

Updated python-rsa packages fix security vulnerability

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS1.8AI score0.01359EPSS
Exploits1References2
Mageia
Mageia
•added 2020/08/30 4:53 p.m.•41 views

Updated fossil package fixes security vulnerability

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository CVE-2020-24614. The fossil package has been updated to version 2.10.2, containing fixes for this issue, fix...

8.8CVSS5.9AI score0.03122EPSS
Exploits0References3
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•41 views

Updated postgresql-jdbc packages fix security vulnerability

XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692...

7.7CVSS2.3AI score0.04094EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•41 views

Updated nasm packages fix security vulnerability

Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file CVE-2018-10254. Netwide Assembler NAS...

7.8CVSS4AI score0.05166EPSS
Exploits13References3
Mageia
Mageia
•added 2020/07/10 3:40 p.m.•41 views

Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

7.1CVSS2.6AI score0.0112EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/10 3:40 p.m.•41 views

Updated ffmpeg packages fix security vulnerability

Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...

10CVSS3.7AI score0.03756EPSS
Exploits3References4
Mageia
Mageia
•added 2020/07/10 8:1 a.m.•41 views

Updated samba packages fix security vulnerability

Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2020-10730. Douglas Bagnall...

7.8CVSS3AI score0.03874EPSS
Exploits0References7
Mageia
Mageia
•added 2020/07/05 7:48 p.m.•41 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerabilities: libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename CVE-2019-20839. libvncserver/rfbregion.c had a NULL pointer dereference CVE-2020-14397. Byte-aligned data was accessed through uint32t pointers in...

7.5CVSS6.1AI score0.03589EPSS
Exploits0References3
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•41 views

Updated vlc packages fix security vulnerability

Updated vlc packages fixes security vulnerability: A heap-based buffer overflow in the hxxxAnnexBtoxVC function in modules/packetizer/hxxxnal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted...

7.8CVSS6.7AI score0.02391EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/04 10:47 p.m.•41 views

Updated libexif packages fix security vulnerability

The updated packages fix a security vulnerability: In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

7.5CVSS5.4AI score0.04262EPSS
Exploits0References3
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•42 views

Updated axel packages fix security vulnerability

Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification CVE-2020-13614. The axel package has been updated to version 2.17.8, fixing this issue and other bugs...

5.9CVSS3AI score0.01928EPSS
Exploits1References3
Mageia
Mageia
•added 2020/06/12 11:58 p.m.•41 views

Updated libreoffice packages fix security vulnerability

This update increase Libreoffice to version 6.4.4.2 It fixes Security issues and add kf5 support. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If...

5.3CVSS2.9AI score0.01255EPSS
Exploits0References4
Mageia
Mageia
•added 2020/05/29 9:18 p.m.•41 views

Updated jasper packages fix security vulnerability

Updated jasper packages fix security vulnerability: There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack CVE-2018-9154...

7.5CVSS3.2AI score0.03472EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•41 views

Updated libsndfile packages fix security vulnerabilities

Updated libsndfile packages fix security vulnerabilities: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulawarray in ulaw.c that will lead to a denial of service CVE-2018-19661. An issue was discovered in libsndfile 1.0.28. There is a buffer over-read...

8.1CVSS2.6AI score0.02312EPSS
Exploits2References1
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•41 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.129 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.6CVSS2.2AI score0.01365EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/02 10:48 p.m.•41 views

Updated bluez packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of...

7.1CVSS5.2AI score0.01033EPSS
Exploits1References6
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•41 views

Updated libsolv packages fix security vulnerability

Updated libsolv packages fix security vulnerability: An out-of-bounds read was discovered in libsolv when the last schema has a length that is less than the length of the input schema. A remote attacker may abuse this flaw to crash an application that uses libsolv CVE-2019-20387...

7.5CVSS7.5AI score0.02338EPSS
Exploits0References3
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•41 views

Updated transfig packages fix security vulnerability

The updated package fixes security vulnerabilities: Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calcarrow function in bound.c. CVE-2019-14275 readtextobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. CVE-2019-19555 makearrow...

5.5CVSS3.8AI score0.01241EPSS
Exploits4References3
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•41 views

Updated phpmyadmin packages fix security vulnerability

Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...

8.8CVSS2.6AI score0.38778EPSS
Exploits4References3
Mageia
Mageia
•added 2019/09/27 7:38 p.m.•41 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 77.0.3865.90 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.75: one in the UI component CVE-2019-13685, two in the media component CVE-2019-13688, CVE-2019-13687, and one in the offline pages component CVE-2019-13686...

8.8CVSS2.7AI score0.00914EPSS
Exploits0References2
Mageia
Mageia
•added 2019/09/15 12:11 p.m.•42 views

Updated expat packages fix security vulnerability

Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...

7.8CVSS1.5AI score0.07107EPSS
Exploits1References3
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•41 views

Updated gvfs packages fix security vulnerabilities

Updated gvfs package fixes security vulnerabilities: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used CVE-2019-12447. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write CVE-2019-12448...

8.1CVSS4.7AI score0.0184EPSS
Exploits0References2
Mageia
Mageia
•added 2019/06/10 7:17 p.m.•41 views

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130:...

6.5CVSS1.6AI score0.01633EPSS
Exploits0References1
Mageia
Mageia
•added 2019/05/18 12:33 p.m.•41 views

Updated freeradius packages fix security vulnerability

An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim CVE-2019-11234. An invalid curve attack allows an attacker to authenticate a...

9.8CVSS2.5AI score0.07624EPSS
Exploits0References4
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•41 views

Updated imagemagick packages fix security vulnerability

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. CVE-2019-10649 In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage o...

8.1CVSS4.7AI score0.04092EPSS
Exploits2References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•41 views

Updated live, mplayer, vlc packages fix security vulnerability

The updated live, mplayer, vlc packages fix security vulnerabilities: liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash Segmentation fault...

9.8CVSS2.1AI score0.03192EPSS
Exploits0References4
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•41 views

Updated gnupg2 packages fix security vulnerability

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...

8.8CVSS4.4AI score0.01041EPSS
Exploits1References3
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•41 views

Updated dom4j packages fix security vulnerability

dom4j version prior to version 2.1.1 contains an XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appears to be exploitable via an attacker specifying attributes or...

7.5CVSS5.1AI score0.0657EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•41 views

Updated dovecot packages fix security vulnerability

CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field sslcertusernamefield, under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing...

7.7CVSS4AI score0.02462EPSS
Exploits1References4
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•41 views

Updated ghostscript packages fix a security vulnerability

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...

7.8CVSS2.3AI score0.43901EPSS
Exploits2References4
Mageia
Mageia
•added 2019/01/17 11:51 p.m.•41 views

Updated gthumb packages fix security vulnerability

An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the addthemesfromdir method in dlg-contact-sheet.c because of two successive calls of gfree, each of which frees the same buffer. CVE-2018-18718...

7.8CVSS2.3AI score0.00411EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/11 9:7 p.m.•41 views

GNU tar has been updated to fix CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

4.7CVSS3.6AI score0.00526EPSS
Exploits1References2
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•41 views

Updated freerdp packages fix security vulnerabilities

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-8784, CVE-2018-8785. Eyal Itkin discovered FreeRDP incorrectly handled...

9.8CVSS2.5AI score0.08357EPSS
Exploits6References2
Mageia
Mageia
•added 2018/11/22 10:26 p.m.•41 views

Updated poppler packages fix security vulnerabilities

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. CVE-2018-16646 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service becau...

6.5CVSS3.4AI score0.02882EPSS
Exploits4References1
Total number of security vulnerabilities5000