Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2021/03/02 10:33 p.m.•40 views

Updated xterm package fixes security vulnerability

xterm through Patch 365 allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted UTF-8 character sequence. CVE-2021-27135...

9.8CVSS7.3AI score0.07541EPSS
Exploits1References4
Mageia
Mageia
•added 2021/01/31 9:34 p.m.•40 views

Updated php-pear packages fix a security vulnerability

The updated php-pear packages fix a security vulnerability in component Archivetar, a symlink out-of-path write vulnerability. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193...

7.5CVSS3.3AI score0.70595EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•40 views

Updated synergy packages fix a security vulnerability

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS2.4AI score0.02494EPSS
Exploits0References6
Mageia
Mageia
•added 2021/01/14 3:13 p.m.•40 views

Updated bison packages fix a security vulnerability

It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash CVE-2020-14150...

5.5CVSS4.7AI score0.00401EPSS
Exploits0References1
Mageia
Mageia
•added 2021/01/14 3:13 p.m.•40 views

Updated php packages fix security vulnerability

FILTERVALIDATEURL accepts URLs with invalid userinfo CVE-2020-7071. streamgetcontents fails with maxlength=-1 or default. See upstream releasenotes for other changes...

5.3CVSS1.8AI score0.02983EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/28 7:9 p.m.•40 views

Updated libmaxminddb packages fix security vulnerability

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dumpentrydatalist in maxminddb.c CVE-2020-28241...

6.5CVSS2.3AI score0.02133EPSS
Exploits1References4
Mageia
Mageia
•added 2020/11/23 7:51 p.m.•40 views

Updated python-cryptography packages fix security vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information CVE-2020-25659...

5.9CVSS1.3AI score0.02454EPSS
Exploits0References2
Mageia
Mageia
•added 2020/10/29 10:25 p.m.•40 views

Updated tomcat packages fix a security vulnerability

If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...

4.3CVSS5.6AI score0.57286EPSS
Exploits0References2
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•40 views

Updated mbedtls packages fix security vulnerabilities

mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...

5.5CVSS3.7AI score0.00368EPSS
Exploits0References4
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•40 views

Updated postgresql-jdbc packages fix security vulnerability

XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692...

7.7CVSS2.3AI score0.04094EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/16 11:9 a.m.•40 views

Updated glib-networking packages fix security vulnerability

The updated packages fix a security vulnerability: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended...

6.5CVSS1AI score0.01933EPSS
Exploits1References4
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•40 views

Updated xerces-c packages fix security vulnerability

A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...

8.1CVSS3.7AI score0.09503EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/10 8:1 a.m.•40 views

Updated samba packages fix security vulnerability

Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2020-10730. Douglas Bagnall...

7.8CVSS3AI score0.03874EPSS
Exploits0References7
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•40 views

Updated sudo packages fix security vulnerability

Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...

7.5CVSS3.5AI score0.03295EPSS
Exploits0References5
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•40 views

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 81.0.4044.129 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...

9.6CVSS2.2AI score0.01365EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•40 views

Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters hav...

4.3CVSS2.9AI score0.01609EPSS
Exploits1References3
Mageia
Mageia
•added 2020/04/20 2:2 p.m.•40 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs...

8.8CVSS3.7AI score0.02827EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/05 5:7 p.m.•40 views

Updated python-nltk packages fix security vulnerability

Updated python-ntlk package fixes security vulnerability: A vulnerability was found in NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ in an NLTK package ZIP archive that is mishandled during extraction CVE-2019-14751...

7.5CVSS5.8AI score0.05831EPSS
Exploits2References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•40 views

Updated ilmbase packages fix security vulnerability

The updated packages fix a security vulnerability: OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/ IlmThreadPool.cpp, as demonstrated by exrmultiview. CVE-2018-18443...

4.3CVSS2.1AI score0.02107EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•40 views

Updated graphicsmagick packages fix security vulnerabilities

Updated graphicsmagick packages fix security vulnerabilities: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c CVE-2019-19950. Fixed a heap-based buffer overflow in ImportRLEPixels CVE-2019-19951. Fixed a heap-based buffer overflow in EncodeImage CVE-2019-19953...

9.8CVSS3AI score0.02783EPSS
Exploits3References3
Mageia
Mageia
•added 2020/02/26 10:21 a.m.•40 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory CVE-2019-12528. Regis Leroy discovered that Squid...

7.5CVSS2AI score0.7179EPSS
Exploits0References5
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•40 views

Updated cyrus-sasl packages fix security vulnerability

Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the sasladdstring function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause...

7.5CVSS7.7AI score0.08036EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•40 views

Updated apache-mod_auth_openidc packages fix security vulnerability

The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon. CVE-2019-14857...

6.1CVSS2.9AI score0.01535EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•40 views

Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition CVE-2019-14889...

9.3CVSS3.2AI score0.0316EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•40 views

Updated phpmyadmin packages fix security vulnerability

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...

9.8CVSS2.5AI score0.02579EPSS
Exploits0References1
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•40 views

Updated mosquitto packages fix security vulnerability

Updated mosquitto packages fix security vulnerability: A vulnerability was discovered in mosquitto, allowing a malicious MQTT client to cause a denial of service stack overflow and daemon crash, by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy...

6.5CVSS2.2AI score0.02742EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•40 views

Updated gvfs packages fix security vulnerabilities

Updated gvfs package fixes security vulnerabilities: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used CVE-2019-12447. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write CVE-2019-12448...

8.1CVSS4.7AI score0.0184EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•40 views

Updated mxml packages fix security vulnerabilities

Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml CVE-2018-2000...

8.8CVSS5AI score0.02025EPSS
Exploits4References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•40 views

Updated ntp packages fix security vulnerability

A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. CVE-2019-8936...

7.5CVSS3.1AI score0.05726EPSS
Exploits2References2
Mageia
Mageia
•added 2019/03/14 9:39 p.m.•40 views

Updated gnupg2 packages fix security vulnerability

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...

8.8CVSS4.4AI score0.01041EPSS
Exploits1References3
Mageia
Mageia
•added 2019/01/30 7:39 p.m.•40 views

Updated ghostscript packages fix a security vulnerability

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...

7.8CVSS2.3AI score0.43901EPSS
Exploits2References4
Mageia
Mageia
•added 2019/01/17 11:51 p.m.•40 views

Updated gthumb packages fix security vulnerability

An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the addthemesfromdir method in dlg-contact-sheet.c because of two successive calls of gfree, each of which frees the same buffer. CVE-2018-18718...

7.8CVSS2.3AI score0.00411EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•40 views

Updated nettle packages fix security vulnerability

A leaky data conversion exposing a manager oracle CVE-2018-16869...

5.7CVSS4.1AI score0.01495EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/22 10:26 p.m.•40 views

Updated poppler packages fix security vulnerabilities

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. CVE-2018-16646 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service becau...

6.5CVSS3.4AI score0.02882EPSS
Exploits4References1
Mageia
Mageia
•added 2018/11/17 10:23 p.m.•40 views

Updated sdl2/mingw-SDL2 packages fix security vulnerabilities

This update fixes various security vulnerabilities affecting the SDL2image library, listed below. The fixes are provided in SDL2image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2mixer libraries are also updated to their current stable releases, providing various bug fix...

8.8CVSS2.7AI score0.03479EPSS
Exploits4References15
Mageia
Mageia
•added 2018/11/15 10:4 p.m.•40 views

Updated patch packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches CVE-2018-6951. A double-free flaw was found in the way the patch utility processed patch files. An attacker...

7.5CVSS2AI score0.08585EPSS
Exploits0References2
Mageia
Mageia
•added 2018/11/11 9:39 p.m.•40 views

Updated python-dulwich packages fix security vulnerability

Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname CVE-2017-16228...

9.8CVSS6.8AI score0.03394EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/14 12:58 a.m.•40 views

Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

9.8CVSS3.3AI score0.97356EPSS
Exploits12References1
Mageia
Mageia
•added 2018/09/02 7:7 p.m.•40 views

Updated libgd packages fix security vulnerabilities

The updated packages fix security vulnerabilities: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated...

8.8CVSS7.8AI score0.13204EPSS
Exploits1References2
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•40 views

Updated libarchive packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader CVE-2017-14501. libarchive 3.3.2 suffe...

6.5CVSS4.5AI score0.02147EPSS
Exploits0References2
Mageia
Mageia
•added 2018/06/19 11:42 p.m.•40 views

Updated poppler packages fix security vulnerability

The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 There is a NULL pointer...

6.5CVSS4.5AI score0.02435EPSS
Exploits2References3
Mageia
Mageia
•added 2018/06/06 6:15 p.m.•40 views

Updated gimp packages fix security vulnerabilities

Updated gimp packages fix security vulnerabilities: Several vulnerabilities were discovered in GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787...

7.8CVSS2.4AI score0.01952EPSS
Exploits1References3
Mageia
Mageia
•added 2018/05/12 8:41 a.m.•40 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 29.0.0.171 addresses a critical type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4944...

10CVSS3.1AI score0.08991EPSS
Exploits0References2
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•40 views

Updated sox packages fix security vulnerabilities

This update for sox fixes the following security issues: CVE-2017-11332: Fixed the startread function in wav.c, which allowed remote attackers to cause a DoS divide-by-zero via a crafted wav file. CVE-2017-11358: Fixed the readsamples function in hcom.c, which allowed remote attackers to cause a...

7.5CVSS4AI score0.07401EPSS
Exploits8References1
Mageia
Mageia
•added 2018/03/06 7:55 a.m.•40 views

Updated xerces-c packages fix CVE-2017-12627

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processi...

9.8CVSS3.9AI score0.08751EPSS
Exploits3References2
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•40 views

Updated tomcat-native package fixes security vulnerability

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected if the OCSP check...

5.9CVSS1.9AI score0.03594EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•40 views

Updated apache-commons-email packages fix security vulnerability

Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly validate bounce addresses. If a user of Commons-Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients,...

7.5CVSS2.4AI score0.02863EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/24 11:25 p.m.•40 views

Updated freetype2 packages fix security vulnerability

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the InsGETVARIATION function within ttinterp.c could lead to DoS via a crafted font file CVE-2018-6942...

6.5CVSS2.4AI score0.02124EPSS
Exploits0References2
Mageia
Mageia
•added 2018/01/27 9:19 a.m.•40 views

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.18.6, fixing several security issues and other bugs...

8.8CVSS3.4AI score0.06468EPSS
Exploits3References4
Mageia
Mageia
•added 2018/01/03 2:22 p.m.•40 views

Updated awstats packages fix security vulnerability

The cPanel Security Team discovered two path traversal flaws in awstats in the "config" and "migrate" parameters that could be leveraged for unauthenticated remote code execution CVE-2017-1000501...

9.8CVSS4.1AI score0.04352EPSS
Exploits0References2
Total number of security vulnerabilities5000