Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2024/03/24 4:57 a.m.81 views

Updated libreswan packages fix security vulnerabilities

The updated package fixes security vulnerabilities: pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via unauthenticated IKEv1 Aggressive Mode packets. CVE-2023-30570 An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY...

7.5CVSS7.3AI score0.01175EPSS
Exploits0References7
Mageia
Mageia
added 2024/01/19 10:43 p.m.81 views

Updated erlang packages fix a security vulnerability (Terrapin Attack)

The updated packages fix a security vulnerability: Prefix Truncation Attacks in SSH Specification Terrapin Attack: erlang-ssh. CVE-2023-48795...

5.9CVSS7.2AI score0.9378EPSS
Exploits4References4
Mageia
Mageia
added 2023/03/11 7:0 p.m.81 views

Updated chromium-browser-stable packages fix security vulnerability

High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-30 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17 High...

8.8CVSS8.3AI score0.01163EPSS
Exploits7References3
Mageia
Mageia
added 2022/09/16 7:39 p.m.81 views

Updated libtiff packages fix security vulnerability

libtiff's tiffcrop utility has a uint32t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parameters could cause a crash or in some cases, further exploitation. CVE-2022-2867...

5.5CVSS2.7AI score0.003EPSS
Exploits0References2
Mageia
Mageia
added 2022/07/16 7:58 p.m.81 views

Updated golang packages fix security vulnerability

net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to...

7.5CVSS0.7AI score0.01875EPSS
Exploits3References11
Mageia
Mageia
added 2022/03/28 4:23 p.m.81 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to 99.0.4844.84 that fixes one security vulnerability and many bugs together with 99.0.4844.82. Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware that an exploit for CVE-2022-1096 exists in the wild. CVE-2022-1096...

8.8CVSS1.9AI score0.24237EPSS
Exploits1References3
Mageia
Mageia
added 2021/08/23 5:28 a.m.81 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.60 and fixes at least the following security issues: A missing validation of the "intctl" VMCB field allows a malicious L1 guest to enable AVIC support Advanced Virtual Interrupt Controller for the L2 guest. The L2 guest is able to write to a...

8.8CVSS6.8AI score0.00658EPSS
Exploits1References5
Mageia
Mageia
added 2019/12/25 10:57 p.m.81 views

Updated microcode packages fix security vulnerabilities

NOTE! This is a refresh of the 20191112 security update we released as MGASA-2019-0334. This update provides the Intel 20191115 microcode release that adds more microcode side fixes and mitigations for the Core Gen 6 to Core gen 10, some Xeon E series, adressing at least the following security...

6.5CVSS1.9AI score0.03133EPSS
Exploits0References8
Mageia
Mageia
added 2019/02/13 11:8 a.m.81 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

6.5CVSS7AI score0.05074EPSS
Exploits1References2
Mageia
Mageia
added 2018/10/27 9:45 a.m.81 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.78 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets...

8.3CVSS0.7AI score0.24575EPSS
Exploits8References10
Mageia
Mageia
added 2018/10/26 6:47 p.m.81 views

Updated ruby packages fix security vulnerability

Ruby before 2.2.10 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick CVE-2017-17742. Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10 might allow...

9.8CVSS0.4AI score0.10715EPSS
Exploits0References10
Mageia
Mageia
added 2018/01/06 12:53 a.m.82 views

kernel-linus update provides 4.14 series and fixes security vulnerabilities

This kernel-linus update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function i...

8.8CVSS4AI score0.30052EPSS
Exploits32References16
Mageia
Mageia
added 2018/01/06 12:53 a.m.81 views

kernel-tmb update provides 4.14 series and fixes security vulnerabilities

This kernel-tmb update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in...

8.8CVSS4.1AI score0.30052EPSS
Exploits32References17
Mageia
Mageia
added 2017/09/16 8:24 a.m.81 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References7
Mageia
Mageia
added 2016/06/13 3:55 p.m.81 views

Updated kernel packages fix security vulnerabilities

This kernel update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by...

10CVSS7.9AI score0.06438EPSS
Exploits16References17
Mageia
Mageia
added 2014/05/08 9:55 p.m.81 views

Updated kernel-rt packages fixes multiple bugs and vulneraabilities

Updated kernel-rt provides upstream 3.12.18 kernel and fixes the following security issues: Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that trigge...

7.4CVSS8.7AI score0.00959EPSS
Exploits10References9
Mageia
Mageia
added 2025/03/15 1:40 a.m.80 views

Updated ghostscript packages fix security vulnerabilities

This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834 The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator...

9.8CVSS7.1AI score0.00806EPSS
Exploits0References1
Mageia
Mageia
added 2024/12/18 6:2 p.m.80 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.65 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7.3AI score0.00254EPSS
Exploits1References5
Mageia
Mageia
added 2024/03/16 4:28 p.m.80 views

Updated jackson-databind packages fix security vulnerabilities

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value...

7.5CVSS7.1AI score0.0486EPSS
Exploits4References9
Mageia
Mageia
added 2023/09/24 10:16 p.m.80 views

Updated ghostpcl packages fix security vulnerability

An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. CVE-2023-38560...

5.5CVSS6.7AI score0.00343EPSS
Exploits0References1
Mageia
Mageia
added 2022/04/28 10:46 p.m.80 views

Updated firefox/nss/rootcerts packages fix security vulnerability

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash CVE-2022-1097. After a VR Process is destroyed, a reference to it may have been retained and used, leading to a...

9.8CVSS1.6AI score0.34174EPSS
Exploits8References3
Mageia
Mageia
added 2022/04/15 9:35 p.m.80 views

Updated docker-containerd packages fix security vulnerability

Containers were incorrectly started with non-empty inheritable Linux process capabilities CVE-2022-24769...

5.9CVSS3.3AI score0.00492EPSS
Exploits0References2
Mageia
Mageia
added 2021/12/10 10:19 p.m.80 views

Updated chromium-browser-stable packages fix security vulnerability

CVE-2021-4052: Use after free in web apps. CVE-2021-4053: Use after free in UI. CVE-2021-4079: Out of bounds write in WebRTC. CVE-2021-4054: Incorrect security UI in autofill. CVE-2021-4078: Type confusion in V8. CVE-2021-4055: Heap buffer overflow in extensions. CVE-2021-4056: Type Confusion in...

8.8CVSS0.7AI score0.02073EPSS
Exploits0References2
Mageia
Mageia
added 2021/10/06 2:38 p.m.80 views

Updated apache packages fix security vulnerabilities

The updated packages fix a security vulnerabilities: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in...

9.8CVSS0.6AI score0.99992EPSS
Exploits148References4
Mageia
Mageia
added 2021/03/22 5:17 p.m.80 views

Updated kernel packages fix security issues

This kernel update is based on upstream 5.10.25 and fixes at least the following security issues: Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract...

7.8CVSS2.1AI score0.02079EPSS
Exploits3References7
Mageia
Mageia
added 2020/03/06 4:13 p.m.80 views

Updated binutils packages fix security vulnerabilities

This update provides the binutils 2.33.1 and fixes at least the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simpleobjectelfmatch in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and...

6.5CVSS2AI score0.02752EPSS
Exploits3References4
Mageia
Mageia
added 2019/12/06 2:15 p.m.80 views

Updated SDL_image packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted imag...

8.8CVSS2.3AI score0.04515EPSS
Exploits11References2
Mageia
Mageia
added 2019/03/29 3:51 p.m.80 views

Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 4.14.106 and fixes at least the following security issue: In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on...

5.5CVSS1.3AI score0.05667EPSS
Exploits6References3
Mageia
Mageia
added 2018/08/19 11:24 a.m.80 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX may...

7.3CVSS7.1AI score0.08101EPSS
Exploits0References7
Mageia
Mageia
added 2017/10/19 6:14 p.m.80 views

Updated wpa_supplicant and hostapd packages fix security vulnerabilities

Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,...

8.1CVSS1.7AI score0.04575EPSS
Exploits1References2
Mageia
Mageia
added 2016/06/22 7:8 p.m.80 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption ...

10CVSS7.7AI score0.06438EPSS
Exploits16References17
Mageia
Mageia
added 2016/05/07 9:22 p.m.80 views

Updated openssl packages fix security vulnerability

An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...

7.8CVSS2.2AI score0.89058EPSS
Exploits6References2
Mageia
Mageia
added 2016/01/11 10:44 a.m.80 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The rdsconncreate function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...

8.2CVSS8.1AI score0.22374EPSS
Exploits14References3
Mageia
Mageia
added 2015/05/18 7:8 p.m.80 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Memory Corruption in pharparsetarfile when entry filename starts with null CVE-2015-4021. Integer overflow in ftpgenlist resulting in heap overflow, potentially exploitable by a hostile FTP server CVE-2015-4022. PHP Multipart/form-data parsing...

7.5CVSS8.7AI score0.50129EPSS
Exploits4References3
Mageia
Mageia
added 2014/07/08 10:29 p.m.80 views

Updated php packages fix multiple vulnerabilities

Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

7.5CVSS9.5AI score0.30128EPSS
Exploits9References3
Mageia
Mageia
added 2014/05/17 11:41 p.m.80 views

Updated kernel packages fix multiple vulnerabilities

Updated kernel provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service ho...

7.2CVSS6.6AI score0.22475EPSS
Exploits9References3
Mageia
Mageia
added 2023/01/13 5:37 p.m.79 views

Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

9.8CVSS3.5AI score0.05378EPSS
Exploits1References3
Mageia
Mageia
added 2022/09/21 6:15 p.m.79 views

Updated google-gson packages fix security vulnerability

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. CVE-2022-25647...

7.7CVSS2.9AI score0.1158EPSS
Exploits0References4
Mageia
Mageia
added 2022/06/18 9:30 p.m.79 views

Updated halibut packages fix security vulnerability

Use-after-free in cleanupindex in index.c CVE-2021-42612 Double free in cleanupindex in index.c CVE-2021-42613 Use-after-free in infowidthinternal in bkinfo.c CVE-2021-42614...

7.8CVSS1.3AI score0.00826EPSS
Exploits3References2
Mageia
Mageia
added 2022/06/03 5:15 p.m.79 views

Updated webmin packages fix security vulnerability

Less privileged Webmin users excluding those created by Virtualmin and Cloudmin can modify arbitrary files with root privileges, and so run commands as root CVE-2022-30708...

8.8CVSS5AI score0.03266EPSS
Exploits1References3
Mageia
Mageia
added 2022/01/21 9:41 p.m.79 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on upstream 5.15.16 and fixes at least the following security issue: William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A loc...

8.4CVSS4.2AI score0.25151EPSS
Exploits11References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.79 views

Updated python3 packages fix security vulnerability

bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS. bpo-43124...

7.5CVSS1.7AI score0.11586EPSS
Exploits2References3
Mageia
Mageia
added 2018/01/13 2:28 p.m.79 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KPTI. Note that according to AMD, this issue does not...

6.5CVSS7.4AI score0.93838EPSS
Exploits13References6
Mageia
Mageia
added 2018/01/03 2:22 p.m.79 views

Updated gdb packages fix security vulnerability

Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly...

9.8CVSS8.1AI score0.07267EPSS
Exploits2References2
Mageia
Mageia
added 2016/12/11 10:44 p.m.79 views

Updated tomcat package fixes security vulnerabilities

The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could...

9.8CVSS1.6AI score0.90338EPSS
Exploits7References4
Mageia
Mageia
added 2016/03/31 8:22 p.m.79 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 49.0.2623.108 fixes security issues: Multiple security issues were found in upstream chromium 49.0.2623.87: an out-of-bounds read problem in V8 CVE-2016-1646, use-after-free bugs in Navigation CVE-2016-1647 and Extensions CVE-2016-1648; a buffer overflow in libANGLE...

10CVSS4.5AI score0.4811EPSS
Exploits5References7
Mageia
Mageia
added 2014/06/22 9:13 p.m.79 views

Updated kernel packages fixes security vulnerabilities

The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to...

7.8CVSS7AI score0.37233EPSS
Exploits22References5
Mageia
Mageia
added 2013/09/19 9:33 a.m.79 views

Updated moodle package fixes multiple security vulnerabilities

Updated moodle package fixes security vulnerabilities: Null characters were allowed in query strings in Moodle before 2.4.6, which caused sql statements to terminate and fail, potentially allowing sql injection in Moodle's SQL Server driver CVE-2013-4313. Links to external blogs were not being...

7.5CVSS4.5AI score0.21862EPSS
Exploits4References5
Mageia
Mageia
added 2022/10/13 8:5 p.m.78 views

Updated python packages fix security vulnerability

The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...

8CVSS7.3AI score0.08325EPSS
Exploits2References7
Mageia
Mageia
added 2022/07/25 9:41 p.m.78 views

Updated libtiff packages fix security vulnerability

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-2056, CVE-2022-2057, CVE-2022-2058...

6.5CVSS5.3AI score0.01255EPSS
Exploits3References2
Total number of security vulnerabilities5000