Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2016/03/31 8:22 p.m.•79 views

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 49.0.2623.108 fixes security issues: Multiple security issues were found in upstream chromium 49.0.2623.87: an out-of-bounds read problem in V8 CVE-2016-1646, use-after-free bugs in Navigation CVE-2016-1647 and Extensions CVE-2016-1648; a buffer overflow in libANGLE...

10CVSS4.5AI score0.4811EPSS
Exploits5References7
Mageia
Mageia
•added 2014/06/22 9:13 p.m.•79 views

Updated kernel packages fixes security vulnerabilities

The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to...

7.8CVSS7AI score0.37233EPSS
Exploits22References5
Mageia
Mageia
•added 2013/09/19 9:33 a.m.•79 views

Updated moodle package fixes multiple security vulnerabilities

Updated moodle package fixes security vulnerabilities: Null characters were allowed in query strings in Moodle before 2.4.6, which caused sql statements to terminate and fail, potentially allowing sql injection in Moodle's SQL Server driver CVE-2013-4313. Links to external blogs were not being...

7.5CVSS4.5AI score0.21862EPSS
Exploits4References5
Mageia
Mageia
•added 2022/10/13 8:5 p.m.•78 views

Updated python packages fix security vulnerability

The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...

8CVSS7.3AI score0.08325EPSS
Exploits2References7
Mageia
Mageia
•added 2022/07/25 9:41 p.m.•78 views

Updated libtiff packages fix security vulnerability

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-2056, CVE-2022-2057, CVE-2022-2058...

6.5CVSS5.3AI score0.01255EPSS
Exploits3References2
Mageia
Mageia
•added 2022/05/28 8:56 a.m.•78 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...

7CVSS2.2AI score0.00612EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/22 11:26 a.m.•78 views

Updated netatalk packages fix security vulnerability

Remote arbitrary code execution related to dsistreamreceive. CVE-2021-31439 Remote arbitrary code execution related to parseentries. CVE-2022-23121 Remote arbitrary code execution related to copyapplfile. CVE-2022-23125...

9.8CVSS3.5AI score0.08525EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/28 3:51 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service DOS issue was found in the Linux kernel smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser...

7.8CVSS1.5AI score0.00773EPSS
Exploits8References4
Mageia
Mageia
•added 2021/12/20 8:32 p.m.•78 views

Updated log4j packages fix security vulnerability

Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is...

5.9CVSS5.4AI score0.99999EPSS
Exploits20References1
Mageia
Mageia
•added 2021/12/05 7:6 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.6 and fixes at least the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off,...

4.7CVSS0.7AI score0.00515EPSS
Exploits1References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•78 views

Updated golang packages fix security vulnerability

The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

9.8CVSS8AI score0.10299EPSS
Exploits0References6
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•78 views

Updated apache packages fix security vulnerability

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...

9.8CVSS9.3AI score0.99999EPSS
Exploits6References4
Mageia
Mageia
•added 2021/04/05 3:54 p.m.•78 views

Updated openssl packages fix security vulnerability

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

7.4CVSS1.7AI score0.62906EPSS
Exploits4References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•78 views

Updated php packages fix bugs and security vulnerabilities

Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...

9.1CVSS8.3AI score0.03976EPSS
Exploits3References2
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•78 views

Updated python-urllib3 packages fix security vulnerability

It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts CVE-2018-20060. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacke...

9.8CVSS8.8AI score0.04488EPSS
Exploits1References2
Mageia
Mageia
•added 2018/08/31 9:11 p.m.•78 views

Updated virtualbox packages fix security vulnerabilities

This update provides the virtualbox 5.1.18 maintenance release that fixes at least the following security issues: Fixed an easily exploitable vulnerability that allowed unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...

8.6CVSS2.2AI score0.00584EPSS
Exploits1References4
Mageia
Mageia
•added 2018/05/18 3:27 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a DB instruction was caused by the undocumented ICEBP...

8CVSS3.5AI score0.18404EPSS
Exploits13References11
Mageia
Mageia
•added 2018/02/15 9:17 p.m.•78 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has been...

7.8CVSS7.2AI score0.93838EPSS
Exploits17References7
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•78 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

6.5CVSS7.4AI score0.93838EPSS
Exploits13References6
Mageia
Mageia
•added 2017/01/03 10:5 p.m.•78 views

Updated kernel-tmb packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...

7.8CVSS3.6AI score0.11127EPSS
Exploits23References10
Mageia
Mageia
•added 2014/11/21 12:44 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.24 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...

5.5CVSS5.8AI score0.00595EPSS
Exploits1References2
Mageia
Mageia
•added 2024/10/04 5:27 a.m.•77 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Downloads. CVE-2024-6988 Use after free in Loader. CVE-2024-6989 Use after free in Dawn. CVE-2024-6991 Heap buffer overflow in Layout. CVE-2024-6994 Inappropriate implementation in Fullscreen. CVE-2024-6995 Race in Frames. CVE-2024-6996 Use after free in Tabs. CVE-2024-6997 Use...

9.6CVSS7.2AI score0.19272EPSS
Exploits15References11
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•77 views

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

7.5CVSS7AI score0.03397EPSS
Exploits0References3
Mageia
Mageia
•added 2024/03/26 10:2 p.m.•77 views

Updated tomcat packages fix security vulnerabilities

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. CVE-2024-23672 Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apach...

7.5CVSS7.3AI score0.23072EPSS
Exploits1References3
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•77 views

Updated sofia-sip packages fix security vulnerability

An attacker can send a message with evil sdp to FreeSWITCH, which may a cause a crash due to an out-of-bounds access. CVE-2022-31001 An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. CVE-2022-31002 An out-of-bounds write. CVE-2022-31003...

9.8CVSS2.2AI score0.0366EPSS
Exploits3References5
Mageia
Mageia
•added 2022/02/09 8:46 p.m.•77 views

Updated samba packages fix security vulnerability

For CVE-2021-20316 and CVE-2021-44141, there is only a workaround and mitigation: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share...

9CVSS1.2AI score0.74042EPSS
Exploits1References9
Mageia
Mageia
•added 2022/02/01 3:26 p.m.•77 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.18 and fixes at least the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the...

7.8CVSS2.4AI score0.02579EPSS
Exploits3References3
Mageia
Mageia
•added 2022/01/25 12:13 p.m.•77 views

Updated expat packages fix security vulnerability

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2021-45960 In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow...

9.8CVSS2.5AI score0.04829EPSS
Exploits2References3
Mageia
Mageia
•added 2021/03/04 12:26 p.m.•77 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.19 and fixes at least the following security issues: An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel. A userland application can read the contents of the sigpage, which can leak kernel memory...

7.8CVSS1AI score0.00544EPSS
Exploits1References5
Mageia
Mageia
•added 2020/04/25 8:55 p.m.•77 views

Updated kernel packages fix security vulnerabilities

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...

7.8CVSS6.5AI score0.034EPSS
Exploits1References8
Mageia
Mageia
•added 2019/11/30 1:6 p.m.•77 views

Updated glibc packages fix security vulnerability

Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible...

3.3CVSS1.4AI score0.00409EPSS
Exploits0References1
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•77 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on the upstream 4.14.127 and fixes at least the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map...

7.8CVSS7.2AI score0.98745EPSS
Exploits4References11
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•77 views

Updated openssh packages fix security vulnerabilities

Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred CVE-2019-6109. Due to scp client insufficient...

6.8CVSS0.7AI score0.58204EPSS
Exploits9References2
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•77 views

Updated nvidia-current packages mitigates security issues

This update provides version 384.111 from the R384 branch, in order to help mitigate Spectre and Meltdown CPU security issues and keeps the driver working with security hardened kernels. Note that so far, nVidia does believe that their GPUs are immune to the referenced security issues. It also ad...

5.6CVSS2.9AI score0.93838EPSS
Exploits13References3
Mageia
Mageia
•added 2016/07/05 3:47 p.m.•77 views

Updated libgd packages fix security vulnerability

Stack overflow with imagefilltoborder CVE-2015-8874. Integer Overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766. Integer Overflow in gdImagePaletteToTrueColor resulting in heap overflow CVE-2016-5767. Improperly handling invalid color index in gdImageCropThreshold could result in...

8.8CVSS7.9AI score0.08276EPSS
Exploits2References4
Mageia
Mageia
•added 2016/03/07 11:20 a.m.•77 views

Updated xen packages fix security vulnerabilities

This xen update is based on upstream 4.5.2 maintenance release, and fixes the following security issues: The vgicv2tosgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller GIC version 2, allows local guest users to cause a denial of service...

10CVSS9.1AI score0.15275EPSS
Exploits4References51
Mageia
Mageia
•added 2016/02/09 1:5 p.m.•77 views

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerability: OpenSSL before 1.0.2f would allow for a process to re-use the same private Diffie-Hellman exponent repeatedly during its entire lifetime, which, given that it also allows to use custom DH parameters which may be based on unsafe primes, could...

5.9CVSS6.8AI score0.83645EPSS
Exploits2References2
Mageia
Mageia
•added 2014/12/13 8:16 p.m.•77 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: During migration, the values read from migration stream during ram load are not validated. Especially offset in hostfromstreamoffset and also the length of the writes in the callers of the said function. A user able to alter the savevm data eith...

7.5CVSS9.2AI score0.04115EPSS
Exploits0References4
Mageia
Mageia
•added 2014/07/04 6:14 p.m.•77 views

Updated ffmpeg packages fix security vulnerabilities

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

8.8CVSS9.3AI score0.04468EPSS
Exploits3References5
Mageia
Mageia
•added 2024/07/13 7:54 a.m.•76 views

Updated kernel kmod-xtables-addons kmod-virtualbox dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.37 fix bugs and vulnerabilities. The dwarves, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

9.8CVSS7.9AI score0.01483EPSS
Exploits6References10
Mageia
Mageia
•added 2024/03/27 7:24 p.m.•76 views

Updated nss firefox, nss packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS8.5AI score0.047EPSS
Exploits4References6
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•76 views

Updated microcode packages fix security vulnerability

Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information CVE-2023-20593, also know...

5.5CVSS7.3AI score0.05794EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•76 views

Updated firefox packages fix security vulnerability

A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...

8.8CVSS1AI score0.00892EPSS
Exploits0References6
Mageia
Mageia
•added 2022/11/18 10:50 p.m.•77 views

Updated vim packages fix security vulnerability

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2000, CVE-2022-2129, CVE-2022-2210 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-2042 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2124, CVE-2022-2175 Heap-based Buffer Overflow in...

8CVSS1.3AI score0.01554EPSS
Exploits55References16
Mageia
Mageia
•added 2022/05/17 9:19 a.m.•76 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 101.0.4951.64 version, fixing many bugs and 13 CVE. Some of them are listed below: 1316990 High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 1314908 High CVE-2022-1634: Use after free in Browser UI...

8.8CVSS0.1AI score0.00776EPSS
Exploits1References2
Mageia
Mageia
•added 2022/02/01 3:26 p.m.•76 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.18 and fixes at least the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system ...

7.8CVSS2AI score0.02579EPSS
Exploits5References6
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•76 views

Updated python packages fix security vulnerabilities

Updated python and python3 packages fix security vulnerabilities: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to...

9.8CVSS1.2AI score0.11844EPSS
Exploits4References5
Mageia
Mageia
•added 2019/09/15 1:24 p.m.•76 views

Updated nodejs packages fix security vulnerabilities

This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...

8.8CVSS1.9AI score0.41288EPSS
Exploits0References21
Mageia
Mageia
•added 2018/12/21 9:28 p.m.•76 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...

7.8CVSS0.4AI score0.01902EPSS
Exploits5References12
Mageia
Mageia
•added 2018/10/30 6:1 p.m.•76 views

Updated unzip packages fix security vulnerabilities

Updated unzip packages fix security vulnerabilities Heap-based out-of-bounds write CVE-2018-1000031. Heap/BSS-based buffer overflow Bypass of CVE-2015-1315 CVE-2018-1000032. Heap out-of-bounds access in efscanforstream CVE-2018-1000033. Multiple vulnerabilities in the LZMA compression algorithm...

9.1CVSS8.6AI score0.30469EPSS
Exploits2References2
Total number of security vulnerabilities5000