Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2021/07/09 12:27 a.m.•38 views

Updated zstd packages fix a security vulnerability

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...

4.7CVSS2.6AI score0.00346EPSS
Exploits0References2
Mageia
Mageia
•added 2021/05/07 5:35 a.m.•38 views

Updated ceph packages fix a security vulnerability

An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...

7.2CVSS1.9AI score0.0211EPSS
Exploits0References2
Mageia
Mageia
•added 2021/03/07 9:35 p.m.•38 views

Updated cups packages fix a security vulnerability

The updated cups packages fix security vulnerability: Out-of-bounds read in the ippReadIO function CVE-2020-10001...

5.5CVSS2.1AI score0.01037EPSS
Exploits0References2
Mageia
Mageia
•added 2021/02/28 11:16 p.m.•38 views

Updated subversion packages fix security dos vulnerability

Subversion has been updated to fix a remote unauthenticated denial-of-service in Subversion modauthzsvn...

7.5CVSS3.7AI score0.37516EPSS
Exploits1References2
Mageia
Mageia
•added 2021/02/06 6:20 p.m.•38 views

Updated gdisk package fixes security vulnerabilities

A bug that could cause segfault if GPT header claimed partition entries are oversized CVE-2020-0256. A bug that could cause a crash if a badly-formatted MBR disk was read CVE-2021-0308. The gdisk package has been updated to version 1.0.6, fixing these issues and several other bugs. See the upstre...

7.2CVSS2.2AI score0.00436EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/17 4:7 p.m.•38 views

Updated sudo packages fix security vulnerabilities

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239. selinuxeditcopytfiles in sudoedit in...

7.8CVSS3AI score0.01066EPSS
Exploits2References3
Mageia
Mageia
•added 2021/01/10 7:46 p.m.•38 views

Updated openexr packages fix security vulnerabilities

An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference CVE-2020-15304. An issue was discovered in OpenEXR before 2.5.2. Invalid...

5.5CVSS2.3AI score0.01239EPSS
Exploits3References4
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•38 views

Updated graphicsmagick packages fix security vulnerability

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c CVE-2020-12672...

7.5CVSS3.4AI score0.02853EPSS
Exploits1References3
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•38 views

Updated x11-server packages fix security vulnerabilities

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability CVE-2020-14360. A flaw was found in...

7.8CVSS2AI score0.00393EPSS
Exploits0References5
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•38 views

Updated php-pear packages fix security vulnerabilities

Filename manipulation vulnerabilities CVE-2020-28948 / CVE-2020-28949 Updated also ArchiveTar to 1.4.11...

7.8CVSS1.7AI score0.84554EPSS
Exploits5References4
Mageia
Mageia
•added 2020/11/08 2:14 p.m.•38 views

Updated libproxy packages fix a security vulnerability

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. CVE-2020-26154...

9.8CVSS3.3AI score0.03569EPSS
Exploits0References3
Mageia
Mageia
•added 2020/10/16 3:44 p.m.•38 views

Updated wireshark packages fix security vulnerabilities

The TCP dissector could crash CVE-2020-25862. The MIME Multipart dissector could crash CVE-2020-25863. The BLIP dissector could crash CVE-2020-25866...

7.5CVSS1.3AI score0.04918EPSS
Exploits3References6
Mageia
Mageia
•added 2020/09/02 9:48 p.m.•38 views

Updated cairo packages fix security vulnerability

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash. CVE-2017-7475...

5.5CVSS3.2AI score0.01839EPSS
Exploits0References5
Mageia
Mageia
•added 2020/08/25 8:13 a.m.•38 views

Updated ghostscript packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A buffer overflow vulnerability in lprnisblack in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. CVE-2020-16287 A buffer overflow vulnerability in...

7.8CVSS4.2AI score0.02258EPSS
Exploits25References2
Mageia
Mageia
•added 2020/08/18 6:47 p.m.•38 views

Updated python-rstlib packages fix security vulnerability

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used and thus permissions are not preserved upon editing. An adversary with prior access to /etc/target/saveconfig.json could access a later version, resultin...

7.8CVSS3.7AI score0.00339EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/27 9:52 a.m.•38 views

Updated dojo packages fix security vulnerability

Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other valu...

8.6CVSS2.1AI score0.0399EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•38 views

Updated libvncserver packages fix security vulnerability

Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value CVE-2019-20788...

9.8CVSS4AI score0.02436EPSS
Exploits1References1
Mageia
Mageia
•added 2020/04/16 11:1 p.m.•38 views

Updated git packages fix security vulnerability

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol CVE-2020-5260...

9.3CVSS7.7AI score0.10047EPSS
Exploits2References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•38 views

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as...

7.8CVSS7.7AI score0.02582EPSS
Exploits0References2
Mageia
Mageia
•added 2020/04/05 5:7 p.m.•38 views

Updated librsvg packages fix security vulnerability

The updated packages fix a security vulnerability: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows...

6.5CVSS4.3AI score0.02125EPSS
Exploits0References3
Mageia
Mageia
•added 2020/04/01 1:56 a.m.•38 views

Updated phpmyadmin packages fix security vulnerability

Some SQL injections via table names and parameters were fixed...

8CVSS5AI score0.02694EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/18 3:27 p.m.•38 views

Updated okular packages fix security vulnerability

Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries CVE-2020-9359...

6.8CVSS4.9AI score0.01452EPSS
Exploits0References2
Mageia
Mageia
•added 2020/03/08 10:37 p.m.•38 views

Updated pdfresurrect packages fix security vulnerability

The updated package fixes a security vulnerability: In PDFResurrect 0.12 through 0.19, gettype in pdf.c has an out-of-bounds write via a crafted PDF document. CVE-2020-9549...

7.8CVSS3.2AI score0.01337EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•38 views

Updated weechat packages fix security vulnerability

Updated weechat packages fix security vulnerability: ircmodechannelupdate in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a malformed IRC message 324 channel...

9.8CVSS6.4AI score0.03684EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/13 10:49 a.m.•38 views

Updated python-waitress packages fix security vulnerabilities

Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...

8.2CVSS0.9AI score0.02714EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/04 11:7 a.m.•38 views

Updated openjpeg2 packages fix security vulnerability

opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-8112...

8.8CVSS3.5AI score0.03624EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•38 views

Updated ansible package fixes security vulnerabilities

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

7.3CVSS2.7AI score0.00736EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•38 views

Updated gthumb packages fix security vulnerability

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...

7.8CVSS6.9AI score0.02149EPSS
Exploits2References2
Mageia
Mageia
•added 2019/12/25 7:8 p.m.•38 views

Updated libofx packages fix security vulnerability

Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump CVE-2019-9656...

8.8CVSS2.2AI score0.02141EPSS
Exploits1References2
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•38 views

Updated openexr packages fix security vulnerability

The updated packages fix a security vulnerability: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp...

5.5CVSS5.8AI score0.00963EPSS
Exploits0References2
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•38 views

Updated graphicsmagick packages fix security vulnerability

The updated packages fix a security vulnerability: ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. CVE-2019-16709...

6.5CVSS2.2AI score0.02815EPSS
Exploits1References2
Mageia
Mageia
•added 2019/10/03 8:23 p.m.•38 views

Updated thunderbird packages fix security vulnerability

Updated thunderbird packages fix security vulnerability: Spoofing a message author via a crafted S/MIME message CVE-2019-11755 It also fixes various other bugs, as listed in the releasenotes...

7.5CVSS3.4AI score0.01075EPSS
Exploits0References3
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•38 views

Updated icedtea-web packages fix security vulnerabilities

Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The cod...

8.6CVSS2.3AI score0.04022EPSS
Exploits0References3
Mageia
Mageia
•added 2019/07/10 10:44 a.m.•38 views

Updated irssi package fixes security vulnerability

Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server CVE-2019-13045...

8.1CVSS3.3AI score0.03333EPSS
Exploits0References2
Mageia
Mageia
•added 2019/05/19 11:27 a.m.•38 views

Updated libsndfile packages fix security vulnerability

A heap-based buffer over-read at wav.c in wavwriteheader that could be used for a denial of service attack CVE-2018-19758...

6.5CVSS3.1AI score0.01689EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•38 views

Updated flash-player-plugin packages fix security vulnerability

An out-of-bounds read that leads to information disclosure. CVE-2019-7108 A use after free that leads to arbitrary code execution. CVE-2019-7096...

10CVSS2.6AI score0.06376EPSS
Exploits0References2
Mageia
Mageia
•added 2019/04/10 9:25 p.m.•38 views

Updated squirrelmail packages fix security vulnerability

Updated squirellmail packages to fix a XSS-security issue...

6.1CVSS2AI score0.01426EPSS
Exploits1References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•38 views

Updated python-yaml packages fix security vulnerability

It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...

9.8CVSS3.5AI score0.06031EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•38 views

Updated thunderbird packages fix security vulnerability

Use-after-free parsing HTML5 stream. CVE-2018-18500 Privilege escalation through IPC channel messages. CVE-2018-18505 Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. CVE-2018-18501...

10CVSS3.8AI score0.12658EPSS
Exploits1References3
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•38 views

Updated php-pear-HTML_QuickForm package fixes security vulnerability

A vulnerability in the HTMLQuickForm package has been found which potentially allows remote code execution...

9.8CVSS4.2AI score0.02209EPSS
Exploits0References1
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•38 views

Updated pache-commons-compress packages fix security vulnerabilities

A flaw was found in Apache Commons Compress versions 1.11 to 1.15. A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount ...

5.5CVSS4.6AI score0.05253EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/05 6:30 p.m.•38 views

Updated php-phpmailer package fixes security vulnerability

Potential object injection vulnerability CVE-2018-19296...

8.8CVSS3.2AI score0.02211EPSS
Exploits0References2
Mageia
Mageia
•added 2018/12/31 10:42 p.m.•38 views

Updated poppler packages fix security vulnerability

Poppler before 0.70.0 has a NULL pointer dereference in popplerattachmentnew when called from popplerannotfileattachmentgetattachment. CVE-2018-19149...

6.5CVSS2.4AI score0.0274EPSS
Exploits1References2
Mageia
Mageia
•added 2018/11/03 11:55 a.m.•38 views

Updated python-cryptography packages fix security vulnerability

The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker...

7.5CVSS3AI score0.02605EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/26 6:47 p.m.•38 views

Updated exempi packages fix security vulnerability

It was found that the WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBPSupport.hpp in Exempi 2.4.5 has a NULL pointer dereference CVE-2018-12648...

7.5CVSS2AI score0.02271EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•38 views

Updated mgetty packages fix security vulnerabilities

Updated mgetty packages fix security vulnerabilities: The function doactivate did not properly sanitize shell metacharacters to prevent command injection CVE-2018-16741. Stack-based buffer overflow that could have been triggered via a command-line parameter CVE-2018-16742. The command-line...

7.8CVSS3.5AI score0.01323EPSS
Exploits6References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•38 views

Updated php-smarty packages fix security vulnerability

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...

7.5CVSS5.9AI score0.03463EPSS
Exploits1References2
Mageia
Mageia
•added 2018/10/14 12:58 a.m.•38 views

Updated nextcloud packages fix security vulnerability

Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...

5.4CVSS2.5AI score0.00769EPSS
Exploits0References4
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•38 views

Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: Fix potential double-free in Interactive Service could lead to denial of service CVE-2018-9336...

7.8CVSS2.8AI score0.00608EPSS
Exploits1References2
Mageia
Mageia
•added 2018/06/14 6:14 p.m.•38 views

Updated firefox packages fix security vulnerability

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash CVE-2018-6126...

8.8CVSS2AI score0.07666EPSS
Exploits1References3
Total number of security vulnerabilities5000