Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2014/05/17 12:20 a.m.•38 views

Updated postgresql packages fix multiple vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

6.5CVSS9.5AI score0.06666EPSS
Exploits6References4
Mageia
Mageia
•added 2014/05/14 10:10 p.m.•38 views

Updated python-lxml package fix CVE-2014-3146

Updated python-lxml packages fix security vulnerability: The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...

6.1CVSS6.5AI score0.06333EPSS
Exploits1References2
Mageia
Mageia
•added 2014/05/10 7:38 p.m.•38 views

Updated ldns package fixes CVE-2014-3209

Updated ldns packages fix security vulnerability: ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable CVE-2014-3209...

2.1CVSS9AI score0.00376EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/27 9:58 p.m.•38 views

Updated subversion packages fix CVE-2014-0032

Updated subversion packages fix security vulnerability: The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via an OPTIONS request CVE-2014-0032. The package has been patched to correct this issue...

4.3CVSS8.3AI score0.11052EPSS
Exploits0References4
Mageia
Mageia
•added 2014/02/12 5:8 p.m.•38 views

Updated ejabberd package fixes security vulnerabilities

The TLS driver in ejabberd before 2.1.12 supports 1 SSLv2 and 2 weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack CVE-2013-6169...

4.3CVSS5.2AI score0.01595EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/05 3:31 p.m.•38 views

Updated pidgin package fixes security vulnerabilities

Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8 CVE-2012-6152. A remote XMPP user can trigger a crash on some systems by sending a message with a...

10CVSS6.9AI score0.14809EPSS
Exploits0References17
Mageia
Mageia
•added 2014/01/21 4:20 p.m.•38 views

Updated spice packages fix a security vulnerability

Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the redshandleticket function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting...

5CVSS2.3AI score0.0273EPSS
Exploits2References2
Mageia
Mageia
•added 2014/01/17 12:39 a.m.•38 views

Updated bind package fixes security vulnerability

Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with t...

2.6CVSS7.4AI score0.31671EPSS
Exploits1References3
Mageia
Mageia
•added 2013/12/23 5:15 p.m.•38 views

Updated asterisk packages fix CVE-2013-7100

Updated asterisk packages fix security vulnerability: Buffer overflow in the unpacksms16 function in apps/appsms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified...

5CVSS5.5AI score0.14715EPSS
Exploits1References4
Mageia
Mageia
•added 2013/12/20 5:27 p.m.•38 views

Updated apache-mod_nss package fixes CVE-2013-4566

Updated apache-modnss package fixes security vulnerability: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss...

4CVSS2.3AI score0.02003EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/30 9:37 p.m.•38 views

Updated subversion package fixes security vulnerabilities

moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured b...

3.5CVSS0.4AI score0.07858EPSS
Exploits0References4
Mageia
Mageia
•added 2013/11/22 7:10 p.m.•38 views

Updated samba packages fix CVE-2013-4475

Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream CVE-2013-4475. Samba is not configured by default to support alternate data streams, so only servers that have enabled the...

4CVSS3.2AI score0.09017EPSS
Exploits0References2
Mageia
Mageia
•added 2013/09/13 8:15 p.m.•38 views

Updated mediawiki package fixes security vulnerabilities

Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader CVE-2013-4301. Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP CVE-2013-4302. An issue with the MediaWiki API in MediaWiki before 1.20.7 where ...

6.1CVSS4.2AI score0.02084EPSS
Exploits2References3
Mageia
Mageia
•added 2013/08/22 6:5 p.m.•38 views

Updated perl-Proc-ProcessTable packages fix CVE-2011-4363

Updated perl-Proc-ProcessTable package fixes security vulnerability: ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS CVE-2011-4363...

2.6CVSS5.4AI score0.00303EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/09 5:38 p.m.•38 views

Updated putty and filezilla packages fixes security vulnerability

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds checking of the length parameter received from the SSH serve...

6.8CVSS3.2AI score0.03447EPSS
Exploits4References6
Mageia
Mageia
•added 2013/06/26 6:44 p.m.•38 views

Updated curl packages fix CVE-2013-2174

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

6.8CVSS1.3AI score0.11118EPSS
Exploits2References2
Mageia
Mageia
•added 2026/05/07 5:6 a.m.•37 views

Updated perl-Starman packages fix security vulnerability

Starman versions before 0.4018 for Perl allow HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References4
Mageia
Mageia
•added 2025/06/02 5:55 p.m.•37 views

Updated golang packages fix security vulnerabilities

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied - CVE-2025-22870. The net/http package...

9.1CVSS7.1AI score0.00724EPSS
Exploits2References4
Mageia
Mageia
•added 2025/03/26 3:43 a.m.•37 views

Updated bluez packages fix security vulnerabilities

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2023-44431 BlueZ Audio Profile AVRCP avrcpparseattributelist Out-Of-Bounds Read Information Disclosure Vulnerability. CVE-2023-51580 BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read...

8CVSS7.9AI score0.01563EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/19 11:44 p.m.•37 views

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2025-1920: Type Confusion in V8. High CVE-2025-2135: Type Confusion in V8. Medium CVE-2025-2136: Use after free in Inspector. Medium CVE-2025-2137: Out of bounds read in V8...

8.8CVSS7.3AI score0.06387EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/14 8:36 p.m.•37 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation. CVE-2025-1094...

8.1CVSS7AI score0.89472EPSS
Exploits10References2
Mageia
Mageia
•added 2025/02/03 11:13 p.m.•37 views

Updated libxml2 packages fix security vulnerability

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043...

8.1CVSS7.3AI score0.00257EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/31 8:54 p.m.•37 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.74 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7.4AI score0.00737EPSS
Exploits3References10
Mageia
Mageia
•added 2024/09/17 2:41 a.m.•37 views

Updated suricata packages fix security vulnerabilities

CVE-2024-37151 Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535, CVE-2024-38536 Suricata can...

7.5CVSS7.2AI score0.01172EPSS
Exploits1References2
Mageia
Mageia
•added 2024/04/30 10:25 p.m.•37 views

Updated freerdp packages fix security vulnerabilities

This release is a security release and addresses multiple issues: Low OutOfBound Read in zgfxdecompresssegment. Moderate Integer overflow & OutOfBound Write in cleardecompressresidualdata. Low integer underflow in nscrledecode. Low OutOfBound Read in planarskipplanerle. Low OutOfBound Read in...

9.8CVSS7.2AI score0.0375EPSS
Exploits1References2
Mageia
Mageia
•added 2024/04/05 10:26 p.m.•37 views

Updated dav1d packages fix security vulnerability

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. CVE-2024-1580...

8.8CVSS7.7AI score0.01835EPSS
Exploits0References2
Mageia
Mageia
•added 2024/03/25 9:37 p.m.•37 views

Updated curaengine & blender packages fix security vulnerability

stbimage.h v2.27 was discovered to contain an integer overflow via the function stbijpegdecodeblockprogdc. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2022-28041...

6.5CVSS7.7AI score0.02069EPSS
Exploits1References4
Mageia
Mageia
•added 2024/02/19 5:35 p.m.•37 views

Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

8CVSS7.5AI score0.01465EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/10 5:21 p.m.•37 views

Updated Firefox and Thunderbird packages fix security vulnerabilities

Updated Firefox and Thunderbird packages fix security vulnerabilities: Out-of-bounds write in PathOps. CVE-2023-5169 Use-after-free in Ion Compiler. CVE-2023-5171 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. CVE-2023-5176 Heap buffer overflow in libvpx...

9.8CVSS9.7AI score0.49013EPSS
Exploits3References11
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•37 views

Updated iperf packages fix security vulnerability

It was discovered that iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field CVE-2023-38403...

7.5CVSS7.4AI score0.01703EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•37 views

Updated cri-o packages fix security vulnerability

Denial of service due to memory or disk exhaustion. CVE-2022-1708...

7.8CVSS7AI score0.02827EPSS
Exploits1References4
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•37 views

Updated php packages fix security vulnerability

Fixed SOAP bug GHSA-76gg-c692-v2mw Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. CVE-2023-3247...

4.3CVSS7.3AI score0.00709EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•37 views

Updated keepass packages fix security vulnerability

Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...

7.5CVSS7.1AI score0.04655EPSS
Exploits7References2
Mageia
Mageia
•added 2023/05/22 3:30 p.m.•37 views

Updated mariadb packages fix security vulnerability

It is possible for function spiderdbmbase::printwarnings to dereference a null pointer. CVE-2022-47015...

6.5CVSS7AI score0.01486EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•37 views

Updated sniproxy packages fix security vulnerability

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. CVE-2023-25076...

9.8CVSS7.9AI score0.65515EPSS
Exploits1References2
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•37 views

Updated sudo packages fix security vulnerability

Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487...

5.3CVSS5.9AI score0.00961EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•37 views

Updated libapreq2 packages fix security vulnerability

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. CVE-2022-22728...

7.5CVSS7.6AI score0.04712EPSS
Exploits0References5
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•37 views

Updated jpegoptim packages fix security vulnerability

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. CVE-2022-32325...

6.5CVSS2.6AI score0.00896EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•37 views

Updated xrdp packages fix security vulnerability

xrdp less than v0.9.21 contain a buffer over flow in xrdploginwndcreate function. CVE-2022-23468 xrdp less than v0.9.21 contain a buffer over flow in audinsendopen function. CVE-2022-23477 xrdp less than v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function...

9.8CVSS2.5AI score0.00892EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•37 views

Updated shadowutils packages fix security vulnerability

shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees. CVE-2013-4235...

4.7CVSS2.8AI score0.00308EPSS
Exploits0References2
Mageia
Mageia
•added 2022/11/17 3:45 p.m.•37 views

Updated sudo packages fix security vulnerability

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

7.1CVSS3.6AI score0.00271EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•37 views

Updated nbd packages fix security vulnerability

It was discovered that nbd prior to 3.24 contained an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name resulting in a write to a dangling pointer CVE-2022-26495. Stack-based...

9.8CVSS2.7AI score0.0347EPSS
Exploits3References6
Mageia
Mageia
•added 2022/07/13 8:44 p.m.•37 views

Updated python-coookiecutter packages fix security vulnerability

Command Injection via hg argument CVE-2022-24065...

9.8CVSS2.9AI score0.0422EPSS
Exploits1References2
Mageia
Mageia
•added 2022/07/05 7:11 p.m.•37 views

Updated squid packages fix security vulnerability

Denial of Service in Gopher Processing. CVE-2021-46784...

6.5CVSS2.9AI score0.0362EPSS
Exploits0References3
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•37 views

Updated zsh packages fix security vulnerability

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion. CVE-2021-45444...

7.8CVSS5.4AI score0.0198EPSS
Exploits0References3
Mageia
Mageia
•added 2022/01/11 7:12 a.m.•37 views

Updated suricata packages fix security vulnerability

Critical evasion in suricata CVE-2021-35063...

7.5CVSS2.2AI score0.01973EPSS
Exploits0References6
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•37 views

Updated thunderbird packages fix security vulnerability

OpenPGP signature status doesn't consider additional message content. CVE-2021-4126 Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. CVE-2021-44538...

9.8CVSS3.2AI score0.01921EPSS
Exploits0References3
Mageia
Mageia
•added 2021/11/25 1:6 p.m.•37 views

Updated openexr packages fix security vulnerability

Integer-overflow in Imf31::bytesPerDeepLineTable. CVE-2021-3933 Divide-by-zero in Imf31::RGBtoXYZ. CVE-2021-3941...

6.5CVSS2AI score0.00849EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•37 views

Updated cloud-init packages fix security vulnerability

cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....

5.5CVSS5.6AI score0.00219EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/02 6:57 p.m.•37 views

Updated icu packages fix security vulnerability

Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30535...

8.8CVSS2.1AI score0.01128EPSS
Exploits1References2
Total number of security vulnerabilities5000