Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2023/04/11 7:2 p.m.•35 views

Updated thunderbird packages fix security vulnerability

Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...

8.2CVSS8.1AI score0.01185EPSS
Exploits0References3
Mageia
Mageia
•added 2023/03/24 5:55 a.m.•35 views

Updated python-owslib packages fix security vulnerability

XML External Entity XXE Injection CVE-2023-27476...

8.2CVSS7.9AI score0.00985EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•35 views

Updated libtar packages fix security vulnerability

After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free. CVE-2021-33640...

9.8CVSS2.3AI score0.00646EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•35 views

Updated libconfuse packages fix security vulnerability

cfgtildeexpand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. CVE-2022-40320...

8.8CVSS2.3AI score0.01079EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•35 views

Updated perl-HTTP-Daemon packages fix security vulnerability

Request smuggling in HTTP::Daemon CVE-2022-31081...

7.3CVSS0.5AI score0.02108EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•35 views

Updated fish packages fix security vulnerability

Arbitrary Code Execution. CVE-2022-20001...

7.8CVSS2.8AI score0.01417EPSS
Exploits0References3
Mageia
Mageia
•added 2022/04/22 5:7 p.m.•35 views

Updated openscad packages fix security vulnerability

Out-of-bounds memory access in DXF loader. CVE-2022-0496 Out-of-bounds memory access in comment parser. CVE-2022-0497...

7.1CVSS4.3AI score0.00441EPSS
Exploits2References2
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•35 views

Updated fribidi packages fix security vulnerability

Stack based buffer overflow. CVE-2022-25308 Heap-buffer-overflow in fribidicaprtltounicode. CVE-2022-25309 SEGV in fribidiremovebidimarks. CVE-2022-25310...

7.8CVSS4.1AI score0.00508EPSS
Exploits3References2
Mageia
Mageia
•added 2022/01/26 7:51 p.m.•35 views

Updated virtualbox packages fix security vulnerability

Updated virtualbox packages fix security vulnerability: Vulnerability in the Oracle VM VirtualBoxp rior to 6.1.32 contains an easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox...

3.8CVSS3AI score0.00369EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•35 views

Updated aom packages fix security vulnerability

aomdsp/graintable.c in libaom in AOMedia before 2021-03-30 has a use-after-free. CVE-2021-30474...

9.8CVSS3.1AI score0.01885EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•35 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...

8.8CVSS2.6AI score0.01735EPSS
Exploits1References4
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•35 views

Updated weechat packages fix security vulnerability

A crafted WebSocket frame could result in a crash in the weechat Relay plugin...

7.5CVSS1.5AI score0.01594EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/02 6:57 p.m.•35 views

Updated c-ares packages fix security vulnerability

Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...

6.8CVSS6.5AI score0.02617EPSS
Exploits1References6
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•35 views

Updated firefox packages fix security vulnerability

Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The firefox...

8.8CVSS1.7AI score0.01205EPSS
Exploits0References7
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•35 views

Updated transfig package fixes a security vulnerability

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in readobjects could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as...

7.1CVSS4.1AI score0.01178EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/21 12:18 p.m.•35 views

Updated wireshark packages fix a security vulnerability

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVE-2021-22235...

7.5CVSS3.4AI score0.03296EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•35 views

Updated tpm2-tools package fixes security vulnerability

A flaw was found in tpm2-tools. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality CVE-2021-3565...

5.9CVSS2.5AI score0.01327EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/08 10:43 p.m.•35 views

Updated gupnp packages fix a security vulnerability

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected...

8.1CVSS2.8AI score0.01084EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/18 7:24 p.m.•35 views

Updated python-eventlet packages fix security vulnerability

Updated python-eventlet packages fix a security vulnerability: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data...

5.3CVSS1.2AI score0.01807EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/08 9:45 p.m.•35 views

Updated curl packages fix a security vulnerability

TELNET stack contents disclosure CVE-2021-22898...

3.1CVSS1.8AI score0.04385EPSS
Exploits1References3
Mageia
Mageia
•added 2021/05/23 1:30 a.m.•35 views

Updated libx11 packages fix a security vulnerability

XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...

9.8CVSS4.4AI score0.10634EPSS
Exploits2References4
Mageia
Mageia
•added 2021/04/30 8:16 p.m.•35 views

Updated sdl2 packages fix security vulnerabilities

This update fixes two security vulnerabilities which could result in heap corruption or over-read with crafted .BMP files CVE-2020-14409, CVE-2020-14410...

7.8CVSS1.2AI score0.01666EPSS
Exploits0References4
Mageia
Mageia
•added 2021/03/27 2:27 p.m.•35 views

Updated redis packages fix security vulnerability

It was discovered that there were a number of integer overflow issues in Redis. It is currently believed that the issues only affect 32-bit based systems CVE-2021-21309...

8.8CVSS3.1AI score0.047EPSS
Exploits0References2
Mageia
Mageia
•added 2021/03/17 11:1 a.m.•35 views

Updated ksh packages fix security vulnerability

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/05 7:46 p.m.•35 views

Updated mutt packages fix a security vulnerability

Mutt before 2.0.2 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted...

5.3CVSS2.7AI score0.02323EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•35 views

Updated poppler packages fix a security vulnerability

buffer overflow in pdftohtml could result in a DoS CVE-2020-27778...

7.5CVSS2.5AI score0.02174EPSS
Exploits1References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•35 views

Updated dovecot packages fix security vulnerability

CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674:...

7.5CVSS2.5AI score0.06187EPSS
Exploits4References4
Mageia
Mageia
•added 2020/05/15 3:48 p.m.•35 views

Updated netkit-telnet packages fix security vulnerability

Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could...

10CVSS1.6AI score0.74513EPSS
Exploits2References2
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•35 views

Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting XSS via malicious HTML content CVE-2020-12625 - CSRF attack can cause an authenticated user to be logged out CEV-2020-12626 - Remote code execution via crafted config options - Path traversal vulnerability...

6.5CVSS2.5AI score0.02782EPSS
Exploits2References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•35 views

Updated gnuchess packages fix security vulnerability

Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file CVE-2019-15767...

7.8CVSS3.5AI score0.01468EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•35 views

Updated apache-mod_auth_openidc packages fix security vulnerability

The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. CVE-2019-20479...

6.1CVSS3.7AI score0.01846EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•35 views

Updated hiredis packages fix security vulnerability

Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked CVE-2020-7105...

7.5CVSS7.4AI score0.0277EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•35 views

Updated ming packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7866 There is a heap-based buffer overflow ...

8.8CVSS4.3AI score0.0204EPSS
Exploits5References2
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•35 views

Updated lz4 packages fix security vulnerability

Updated lz4 packages fix security vulnerability: Heap-based buffer overflow in LZ4write32 CVE-2019-17543...

8.1CVSS3.4AI score0.09116EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/14 4:58 p.m.•35 views

Updated zeromq packages fix security vulnerability

A security vulnerability has been reported in libzmq/zeromq. a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer...

9.8CVSS3.7AI score0.42464EPSS
Exploits1References4
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•35 views

Updated aspell packages fix security vulnerability

Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character CVE-2019-17544...

9.1CVSS3.6AI score0.03259EPSS
Exploits0References2
Mageia
Mageia
•added 2019/10/29 2:54 p.m.•35 views

Updated graphviz packages fix security vulnerability

The updated packages fix a security vulnerability: The agroot function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. CVE-2019-11023...

8.8CVSS2.5AI score0.05037EPSS
Exploits1References3
Mageia
Mageia
•added 2019/10/16 10:22 p.m.•35 views

Updated e2fsprogs packages fix security vulnerability

Updated e2fsprogs packages fix security vulnerability: Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code CVE-2019-5094. The...

7.5CVSS3.1AI score0.01105EPSS
Exploits1References3
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•35 views

Updated znc packages fix security vulnerabilities

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service CVE-2018-14055, CVE-2018-14056. Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution CVE-2019-12816 or denial of servi...

8.8CVSS3.9AI score0.04127EPSS
Exploits0References3
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•35 views

Updated sdl2 packages fix security vulnerabilities

Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7572 a buffer overread in IMAADPCMnibble rhbz1676754 - Fix CVE-2019-7572 a buffer overwrite in IMAADPCMnibble...

8.8CVSS2.8AI score0.03299EPSS
Exploits11References4
Mageia
Mageia
•added 2019/06/21 1:7 a.m.•35 views

Updated thunderbird packages fix security vulnerabilities

The updated thunderbird packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. CVE-2019-11703 Heap buffer overflow in icalvalue.c. CVE-2019-11704 Stack buffer overflow in icalrecur.c. CVE-2019-11705 Type confusion in icalproperty.c. CVE-2019-11706...

9.8CVSS2.5AI score0.10527EPSS
Exploits14References7
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•35 views

Updated clamav packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

7.5CVSS2.5AI score0.01839EPSS
Exploits2References2
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•35 views

Updated openjpeg2 packages fix security vulnerability

Updated openjpeg2 packages fix security vulnerability: Division-by-zero vulnerabilities in the functions pinextpcrl, pinextcprl, and pinextrpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service CVE-2018-14423...

7.5CVSS5.4AI score0.03218EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/17 12:31 a.m.•35 views

Updated lxc packages fix security vulnerability

LXC allows attackers to overwrite the host LXC binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker...

9.3CVSS4.5AI score0.9857EPSS
Exploits33References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•35 views

Updated avahi packages fix security vulnerability

It was found that avahi responds to unicast queries coming from outside of local network which may cause an information leak, such as disclosing the device type/model that responds to the request or the operating system. The mDNS response may also be used to amplify denial of service attacks...

9.1CVSS2.4AI score0.03082EPSS
Exploits1References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•35 views

Updated libtiff packages fix security vulnerability

The TIFFFdOpen function in tifunix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. CVE-2019-6128...

8.8CVSS3.1AI score0.03869EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/03 7:36 p.m.•35 views

Updated netatalk packages fix security vulnerability

Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, allowing an unauthenticated user to execute arbitrary code with root privileges CVE-2018-1160...

10CVSS3.3AI score0.86539EPSS
Exploits10References3
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•35 views

Updated opensc packages fix security vulnerabilities

Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.8CVSS3.2AI score0.00692EPSS
Exploits12References2
Mageia
Mageia
•added 2018/11/17 10:23 p.m.•35 views

Updated hylafax+ packages fix security vulnerability

Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message CVE-2018-17141...

9.8CVSS2.9AI score0.05588EPSS
Exploits2References2
Mageia
Mageia
•added 2018/10/27 9:45 a.m.•35 views

Updated x11-server packages fix security vulnerability

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

7.2CVSS5.1AI score0.2704EPSS
Exploits39References2
Total number of security vulnerabilities5000