Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2014/01/24 9:4 p.m.•36 views

Updated python-jinja2 package fixes two security vulnerabilities

Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...

4.4CVSS7.2AI score0.00373EPSS
Exploits0References5
Mageia
Mageia
•added 2014/01/06 12:52 a.m.•36 views

Updated xml-security package fixes security vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures CVE-2013-2172...

4.3CVSS3.2AI score0.0593EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/06 12:49 a.m.•37 views

Updated cxf, wss4j, and jacorb packages fix security vulnerability

Multiple denial of service flaws were found in the way StAX parser implementation of Apache CXF, an open-source web services framework, performed processing of certain XML files. If a web service application utilized the services of the StAX parser, a remote attacker could provide a...

5CVSS3.5AI score0.32259EPSS
Exploits6References5
Mageia
Mageia
•added 2013/12/19 9:6 p.m.•36 views

Updated munin packages fixes two security vulnerabilities

Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master CVE-2013-6048. A...

5CVSS1.2AI score0.02502EPSS
Exploits0References2
Mageia
Mageia
•added 2013/11/30 9:31 p.m.•36 views

Updated 389-ds-base package fixes CVE-2013-4485

Updated 389-ds-base packages fix security vulnerability: It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights GER search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able ...

4CVSS1.4AI score0.01992EPSS
Exploits0References3
Mageia
Mageia
•added 2013/11/20 8:28 p.m.•36 views

Updated poppler packages fix multiple vulnerabilities

Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application...

7.5CVSS3.9AI score0.10483EPSS
Exploits1References2
Mageia
Mageia
•added 2013/08/30 5:40 p.m.•36 views

Updated libtiff packages fix CVE-2013-4244

Updated libtiff packages fix security vulnerability: Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code CVE-2013-4244...

6.8CVSS1.9AI score0.02699EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/09 5:30 p.m.•36 views

Updated lcms2 packages fixes security vulnerability

It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash CVE-2013-4160...

5CVSS3AI score0.02809EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/26 6:0 p.m.•36 views

apache-mod_security new security issue CVE-2013-2765

Updated apache-modsecurity packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on...

5CVSS2.2AI score0.13719EPSS
Exploits4References2
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•36 views

Updated socat package fixes security vulnerability

Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode CVE-2013-3571...

2.6CVSS4.4AI score0.02061EPSS
Exploits0References1
Mageia
Mageia
•added 2026/05/07 5:6 a.m.•35 views

Updated libexif packages fix security vulnerabilities

CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon...

7.8CVSS5.8AI score0.00193EPSS
Exploits1References2
Mageia
Mageia
•added 2025/04/17 11:34 p.m.•35 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Site Isolation. CVE-2025-3066 Inappropriate implementation in Custom Tabs. CVE-2025-3067 Inappropriate implementation in Intents. CVE-2025-3068 Inappropriate implementation in Extensions. CVE-2025-3069 Insufficient validation of untrusted input in Extensions. CVE-2025-3070...

8.8CVSS7.5AI score0.00552EPSS
Exploits0References3
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•35 views

Updated python-waitress packages fix security vulnerabilities

Waitress has a request processing race condition in HTTP pipelining with an invalid first request. CVE-2024-49768 Waitress has a denial of service leading to high CPU usage/resource exhaustion. CVE-2024-49769...

9.1CVSS8.2AI score0.01386EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/20 8:1 p.m.•35 views

Updated dcmtk packages fix security vulnerabilities

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...

8.4CVSS7.1AI score0.0061EPSS
Exploits2References2
Mageia
Mageia
•added 2025/01/16 7:14 a.m.•35 views

Updated openjpeg2 packages fix security vulnerabilities

Heap buffer overflow in bin/common/color.c. CVE-2024-56826 Heap buffer overflow in lib/openjp2/j2k.c. CVE-2024-56827...

5.6CVSS7.8AI score0.00309EPSS
Exploits0References3
Mageia
Mageia
•added 2024/12/04 4:58 p.m.•35 views

Updated qemu packages fix security vulnerabilities

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...

8.8CVSS7.9AI score0.01891EPSS
Exploits3References6
Mageia
Mageia
•added 2024/10/24 4:43 p.m.•35 views

Updated firefox packages fix security vulnerabilities

The updated package provides Firefox 128 for all mandatory arches of Mageia x8664, i586 and aarch64, fixing several bugs, including security vulnerabilities, for i586 and aarch64: Fullscreen notification dialog can be obscured by document content. CVE-2024-7518 Out of bounds memory access in...

9.8CVSS8.3AI score0.32568EPSS
Exploits2References1
Mageia
Mageia
•added 2024/10/11 12:59 a.m.•35 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities...

9.1CVSS7.4AI score0.05582EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/14 5:30 p.m.•35 views

Updated libvpx packages fix security vulnerabilities

There exists integer overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...

9.1CVSS7.3AI score0.00814EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/08 4:34 p.m.•35 views

Updated 0-plugins-base packages fix security vulnerability

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS8AI score0.01565EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/16 5:29 p.m.•35 views

Updated ghostscript packages fix security vulnerability

An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722...

5.5CVSS7.3AI score0.0033EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/15 5:32 a.m.•35 views

Updated tcpdump packages fix security vulnerability

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. CVE-2024-2397...

6.2CVSS7.1AI score0.00289EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/13 2:23 p.m.•35 views

Updated mutt packages fix security vulnerabilities

Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 1.5.2 2.2.12. CVE-2023-4875...

6.5CVSS7.2AI score0.00719EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/25 4:0 p.m.•35 views

Updated jasper packages fix security vulnerability

CVE-2024-31744: Fixed denial of service through assertion failure in jpcstreamlistremove...

7.5CVSS7.3AI score0.00737EPSS
Exploits0References1
Mageia
Mageia
•added 2024/04/01 7:50 p.m.•35 views

Updated unixODBC packages fix security vulnerability

It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash...

7.8CVSS8AI score0.00284EPSS
Exploits0References2
Mageia
Mageia
•added 2024/03/15 4:49 p.m.•35 views

Updated irssi packages fix security vulnerabilities

The updated packages fix a security vulnerability: Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. CVE-2023-29132...

5.3CVSS7.5AI score0.00808EPSS
Exploits0References3
Mageia
Mageia
•added 2023/12/04 8:28 a.m.•35 views

Updated libvpx packages fix a security vulnerability

The updated packages fix a security vulnerability VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488...

7.5CVSS6.9AI score0.01936EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/24 5:25 p.m.•35 views

Updated redis package fixes a security vulnerability

Redis upstream published a fix for CVE-2023-45145. CVE-2023-45145: The wrong order of listen2 and chmod2 calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup...

3.6CVSS7AI score0.00444EPSS
Exploits0References2
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•35 views

Updated texlive packages fix security vulnerability

Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...

8.8CVSS7.7AI score0.00804EPSS
Exploits0References3
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•35 views

Updated thunderbird packages fix security vulnerability

Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Memory safety bugs fixed in Thunderbird 102.12 CVE-2023-34416...

9.8CVSS7.6AI score0.0093EPSS
Exploits0References4
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•35 views

Updated cups-filters packages fix security vulnerability

Possible command injection in the Backend Error Handler CVE-2023-24805...

8.8CVSS7.6AI score0.03697EPSS
Exploits1References5
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•35 views

Updated vim packages fix security vulnerability

Use of Out-of-range Pointer Offset in GitHub repository vim/vim. CVE-2023-2426...

6.8CVSS7.2AI score0.00409EPSS
Exploits1References2
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•35 views

Updated libheif packages fix security vulnerability

Vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996...

7.8CVSS7.7AI score0.00307EPSS
Exploits0References3
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•35 views

Updated thunderbird packages fix security vulnerability

Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...

8.2CVSS8.1AI score0.01185EPSS
Exploits0References3
Mageia
Mageia
•added 2023/03/24 5:55 a.m.•35 views

Updated python-owslib packages fix security vulnerability

XML External Entity XXE Injection CVE-2023-27476...

8.2CVSS7.9AI score0.00985EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•35 views

Updated libtar packages fix security vulnerability

After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free. CVE-2021-33640...

9.8CVSS2.3AI score0.00646EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•35 views

Updated libconfuse packages fix security vulnerability

cfgtildeexpand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. CVE-2022-40320...

8.8CVSS2.3AI score0.01079EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•35 views

Updated perl-HTTP-Daemon packages fix security vulnerability

Request smuggling in HTTP::Daemon CVE-2022-31081...

7.3CVSS0.5AI score0.02108EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•35 views

Updated fish packages fix security vulnerability

Arbitrary Code Execution. CVE-2022-20001...

7.8CVSS2.8AI score0.01417EPSS
Exploits0References3
Mageia
Mageia
•added 2022/04/22 5:7 p.m.•35 views

Updated openscad packages fix security vulnerability

Out-of-bounds memory access in DXF loader. CVE-2022-0496 Out-of-bounds memory access in comment parser. CVE-2022-0497...

7.1CVSS4.3AI score0.00441EPSS
Exploits2References2
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•35 views

Updated fribidi packages fix security vulnerability

Stack based buffer overflow. CVE-2022-25308 Heap-buffer-overflow in fribidicaprtltounicode. CVE-2022-25309 SEGV in fribidiremovebidimarks. CVE-2022-25310...

7.8CVSS4.1AI score0.00508EPSS
Exploits3References2
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•35 views

Updated aom packages fix security vulnerability

aomdsp/graintable.c in libaom in AOMedia before 2021-03-30 has a use-after-free. CVE-2021-30474...

9.8CVSS3.1AI score0.01885EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•35 views

Updated plib packages fix security vulnerability

Integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA function in src/ssg/ssgLoadTGA.cxx file...

9.3CVSS4.2AI score0.02921EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•35 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...

8.8CVSS2.6AI score0.01735EPSS
Exploits1References4
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•35 views

Updated weechat packages fix security vulnerability

A crafted WebSocket frame could result in a crash in the weechat Relay plugin...

7.5CVSS1.5AI score0.01594EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/02 6:57 p.m.•35 views

Updated c-ares packages fix security vulnerability

Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...

6.8CVSS6.5AI score0.02617EPSS
Exploits1References6
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•35 views

Updated transfig package fixes a security vulnerability

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in readobjects could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as...

7.1CVSS4.1AI score0.01178EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/21 12:18 p.m.•35 views

Updated wireshark packages fix a security vulnerability

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVE-2021-22235...

7.5CVSS3.4AI score0.03296EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•35 views

Updated tpm2-tools package fixes security vulnerability

A flaw was found in tpm2-tools. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality CVE-2021-3565...

5.9CVSS2.5AI score0.01327EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•35 views

Updated gupnp packages fix a security vulnerability

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected...

8.1CVSS2.8AI score0.01084EPSS
Exploits0References3
Total number of security vulnerabilities5000