Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2023/05/31 6:41 a.m.•38 views

Updated qtbase5 packages fix security vulnerability

Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVE-2023-32762 QTextLayout buffer overflow in SVG file...

7.5CVSS7.4AI score0.01287EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•38 views

Updated dmidecode packages fix security vulnerability

Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630...

7.1CVSS6.8AI score0.00523EPSS
Exploits1References3
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•38 views

Updated zstd packages fix security vulnerability

Buffer overrun in util.c CVE-2022-4899...

7.5CVSS7.5AI score0.01588EPSS
Exploits0References3
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•38 views

Updated tpm2-tss packages fix security vulnerability

Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array only has TPM2ERRORTSS2RCLAYERCOUNT entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer...

6.4CVSS6.6AI score0.00519EPSS
Exploits1References3
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•38 views

Updated libtiff packages fix security vulnerability

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. CVE-2022-3970...

8.8CVSS8.6AI score0.01237EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•38 views

Updated pixman packages fix security vulnerability

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an integer overflow in pixmansamplefloory. CVE-2022-44638...

8.8CVSS3.8AI score0.0144EPSS
Exploits1References4
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•38 views

Updated nbd packages fix security vulnerability

It was discovered that nbd prior to 3.24 contained an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name resulting in a write to a dangling pointer CVE-2022-26495. Stack-based...

9.8CVSS2.7AI score0.0347EPSS
Exploits3References6
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•38 views

Updated virglrenderer packages fix security vulnerability

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer virglrenderer. This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPUEXECBUFFER ioctl, leading to a denial of service or possible code execution. CVE-2022-0135 A flaw was...

7.8CVSS1.5AI score0.0038EPSS
Exploits0References6
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•38 views

Updated gdal packages fix security vulnerability

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment. CVE-2021-45943...

5.5CVSS3.1AI score0.01491EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/24 9:3 a.m.•38 views

Updated abcm2ps packages fix security vulnerability

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculatebeam at draw.c. CVE-2021-32434 Stack-based buffer overflow in the function getkey in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2021-324...

6.5CVSS6AI score0.01642EPSS
Exploits3References2
Mageia
Mageia
•added 2022/01/11 7:12 a.m.•38 views

Updated ghostscript packages fix security vulnerability

Use-after-free in sampleddatasample called from sampleddatacontinue and interp. CVE-2021-45944 Heap-based buffer overflow in sampleddatafinish called from sampleddatacontinue and interp. CVE-2021-45949...

5.5CVSS2.5AI score0.01401EPSS
Exploits2References2
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•38 views

Updated dovecot packages fix security vulnerabilities

Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...

7.5CVSS5.1AI score0.02837EPSS
Exploits0References8
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•38 views

Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the...

5.9CVSS2AI score0.01532EPSS
Exploits1References1
Mageia
Mageia
•added 2021/12/10 10:19 p.m.•38 views

Updated python-django packages fix security vulnerability

Potential bypass of an upstream access control based on URL paths. CVE-2021-44420 HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths...

7.5CVSS1.3AI score0.02295EPSS
Exploits0References3
Mageia
Mageia
•added 2021/11/25 1:6 p.m.•38 views

Updated openexr packages fix security vulnerability

Integer-overflow in Imf31::bytesPerDeepLineTable. CVE-2021-3933 Divide-by-zero in Imf31::RGBtoXYZ. CVE-2021-3941...

6.5CVSS2AI score0.00849EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/23 10:5 a.m.•38 views

Updated flatpak packages fix security vulnerability

Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related...

8.8CVSS0.6AI score0.00406EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•38 views

Updated filezilla packages fix security vulnerability

filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by...

5.9CVSS3.3AI score0.03146EPSS
Exploits0References6
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•38 views

Updated qt4 and qtsvg5 packages fix a security vulnerability

An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue CVE-2021-3481...

7.1CVSS1.7AI score0.00511EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•38 views

Updated python-lxml packages fix a security vulnerability

An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS3.5AI score0.04002EPSS
Exploits1References4
Mageia
Mageia
•added 2021/05/07 5:35 a.m.•38 views

Updated ceph packages fix a security vulnerability

An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...

7.2CVSS1.9AI score0.0211EPSS
Exploits0References2
Mageia
Mageia
•added 2021/05/07 5:35 a.m.•38 views

Updated pagure packages fix a security vulnerability

Pagure before 5.6 allows XSS via the templates/blame.html blame view...

6.1CVSS3.2AI score0.00974EPSS
Exploits0References3
Mageia
Mageia
•added 2021/03/21 10:43 a.m.•38 views

Updated htmlunit packages fix security vulnerability

It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code CVE-2020-5529...

8.1CVSS2.9AI score0.04719EPSS
Exploits0References2
Mageia
Mageia
•added 2021/02/28 11:16 p.m.•38 views

Updated subversion packages fix security dos vulnerability

Subversion has been updated to fix a remote unauthenticated denial-of-service in Subversion modauthzsvn...

7.5CVSS3.7AI score0.37516EPSS
Exploits1References2
Mageia
Mageia
•added 2021/02/06 6:20 p.m.•38 views

Updated gdisk package fixes security vulnerabilities

A bug that could cause segfault if GPT header claimed partition entries are oversized CVE-2020-0256. A bug that could cause a crash if a badly-formatted MBR disk was read CVE-2021-0308. The gdisk package has been updated to version 1.0.6, fixing these issues and several other bugs. See the upstre...

7.2CVSS2.2AI score0.00436EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•38 views

Updated sudo packages fix security vulnerabilities

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239. selinuxeditcopytfiles in sudoedit in...

7.8CVSS3AI score0.01066EPSS
Exploits2References3
Mageia
Mageia
•added 2021/01/10 7:46 p.m.•38 views

Updated openexr packages fix security vulnerabilities

An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference CVE-2020-15304. An issue was discovered in OpenEXR before 2.5.2. Invalid...

5.5CVSS2.3AI score0.01239EPSS
Exploits3References4
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•38 views

Updated graphicsmagick packages fix security vulnerability

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c CVE-2020-12672...

7.5CVSS3.4AI score0.02853EPSS
Exploits1References3
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•38 views

Updated roundcubemail package fixes security vulnerability

Fixes stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. CVE-2020-35730...

6.1CVSS0.6AI score0.32823EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•38 views

Updated x11-server packages fix security vulnerabilities

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability CVE-2020-14360. A flaw was found in...

7.8CVSS2AI score0.00393EPSS
Exploits0References5
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•38 views

Updated php-pear packages fix security vulnerabilities

Filename manipulation vulnerabilities CVE-2020-28948 / CVE-2020-28949 Updated also ArchiveTar to 1.4.11...

7.8CVSS1.7AI score0.84554EPSS
Exploits5References4
Mageia
Mageia
•added 2020/11/08 2:14 p.m.•38 views

Updated libproxy packages fix a security vulnerability

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. CVE-2020-26154...

9.8CVSS3.3AI score0.03569EPSS
Exploits0References3
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•38 views

Updated wireshark packages fix security vulnerabilities

The TCP dissector could crash CVE-2020-25862. The MIME Multipart dissector could crash CVE-2020-25863. The BLIP dissector could crash CVE-2020-25866...

7.5CVSS1.3AI score0.04918EPSS
Exploits3References6
Mageia
Mageia
•added 2020/09/02 9:48 p.m.•38 views

Updated cairo packages fix security vulnerability

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash. CVE-2017-7475...

5.5CVSS3.2AI score0.01839EPSS
Exploits0References5
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•38 views

Updated ghostscript packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A buffer overflow vulnerability in lprnisblack in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. CVE-2020-16287 A buffer overflow vulnerability in...

7.8CVSS4.2AI score0.02258EPSS
Exploits25References2
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•38 views

Updated python-rstlib packages fix security vulnerability

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used and thus permissions are not preserved upon editing. An adversary with prior access to /etc/target/saveconfig.json could access a later version, resultin...

7.8CVSS3.7AI score0.00339EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/19 10:25 a.m.•38 views

Updated libjpeg packages fix security vulnerability

Updated libjpeg packages fix security vulnerability: libjpeg-turbo 2.0.4 has a heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file CVE-2020-13790...

8.1CVSS3.6AI score0.03178EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•38 views

Updated dojo packages fix security vulnerability

Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other valu...

8.6CVSS2.1AI score0.04023EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•38 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value CVE-2019-20788...

9.8CVSS4AI score0.02436EPSS
Exploits1References1
Mageia
Mageia
•added 2020/04/16 11:1 p.m.•38 views

Updated git packages fix security vulnerability

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol CVE-2020-5260...

9.3CVSS7.7AI score0.10047EPSS
Exploits2References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•38 views

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as...

7.8CVSS7.7AI score0.02582EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/05 5:7 p.m.•38 views

Updated librsvg packages fix security vulnerability

The updated packages fix a security vulnerability: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows...

6.5CVSS4.3AI score0.02125EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•38 views

Updated phpmyadmin packages fix security vulnerability

Some SQL injections via table names and parameters were fixed...

8CVSS5AI score0.02694EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/18 3:27 p.m.•38 views

Updated okular packages fix security vulnerability

Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries CVE-2020-9359...

6.8CVSS4.9AI score0.01452EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•38 views

Updated pdfresurrect packages fix security vulnerability

The updated package fixes a security vulnerability: In PDFResurrect 0.12 through 0.19, gettype in pdf.c has an out-of-bounds write via a crafted PDF document. CVE-2020-9549...

7.8CVSS3.2AI score0.01337EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•38 views

Updated weechat packages fix security vulnerability

Updated weechat packages fix security vulnerability: ircmodechannelupdate in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a malformed IRC message 324 channel...

9.8CVSS6.4AI score0.03684EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/04 11:7 a.m.•38 views

Updated openjpeg2 packages fix security vulnerability

opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-8112...

8.8CVSS3.5AI score0.03624EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•38 views

Updated gthumb packages fix security vulnerability

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...

7.8CVSS6.9AI score0.02149EPSS
Exploits2References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•38 views

Updated ansible package fixes security vulnerabilities

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

7.3CVSS2.7AI score0.00736EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•38 views

Updated jhead packages fix security vulnerabilities

Updated jhead package fixes security vulnerabilities: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and processSOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file CVE-2019-19035. A vulnerability...

5.5CVSS4.2AI score0.01211EPSS
Exploits3References3
Mageia
Mageia
•added 2019/12/19 1:44 p.m.•38 views

Updated flightcrew packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not...

7.8CVSS2AI score0.0163EPSS
Exploits1References2
Total number of security vulnerabilities5000