Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2021/10/20 9:28 p.m.•35 views

Updated aom packages fix security vulnerability

aomdsp/graintable.c in libaom in AOMedia before 2021-03-30 has a use-after-free. CVE-2021-30474...

9.8CVSS3.1AI score0.01885EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•35 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...

8.8CVSS2.6AI score0.01735EPSS
Exploits1References4
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•35 views

Updated weechat packages fix security vulnerability

A crafted WebSocket frame could result in a crash in the weechat Relay plugin...

7.5CVSS1.5AI score0.01594EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/02 6:57 p.m.•35 views

Updated c-ares packages fix security vulnerability

Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...

6.8CVSS6.5AI score0.02617EPSS
Exploits1References6
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•35 views

Updated transfig package fixes a security vulnerability

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in readobjects could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as...

7.1CVSS4.1AI score0.01178EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/21 12:18 p.m.•35 views

Updated wireshark packages fix a security vulnerability

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVE-2021-22235...

7.5CVSS3.4AI score0.03296EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/16 8:25 a.m.•35 views

Updated tpm2-tools package fixes security vulnerability

A flaw was found in tpm2-tools. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality CVE-2021-3565...

5.9CVSS2.5AI score0.01327EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•35 views

Updated qtwebsockets5 packages fix a security vulnerability

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption CVE-2018-21035...

8.6CVSS5AI score0.02281EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/18 7:24 p.m.•35 views

Updated python-eventlet packages fix security vulnerability

Updated python-eventlet packages fix a security vulnerability: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data...

5.3CVSS1.2AI score0.01807EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/08 9:45 p.m.•35 views

Updated curl packages fix a security vulnerability

TELNET stack contents disclosure CVE-2021-22898...

3.1CVSS1.8AI score0.04385EPSS
Exploits1References3
Mageia
Mageia
•added 2021/04/30 8:16 p.m.•35 views

Updated sdl2 packages fix security vulnerabilities

This update fixes two security vulnerabilities which could result in heap corruption or over-read with crafted .BMP files CVE-2020-14409, CVE-2020-14410...

7.8CVSS1.2AI score0.01666EPSS
Exploits0References4
Mageia
Mageia
•added 2021/03/27 2:27 p.m.•35 views

Updated redis packages fix security vulnerability

It was discovered that there were a number of integer overflow issues in Redis. It is currently believed that the issues only affect 32-bit based systems CVE-2021-21309...

8.8CVSS3.1AI score0.047EPSS
Exploits0References2
Mageia
Mageia
•added 2021/03/17 11:1 a.m.•35 views

Updated ksh packages fix security vulnerability

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/05 7:46 p.m.•35 views

Updated mutt packages fix a security vulnerability

Mutt before 2.0.2 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted...

5.3CVSS2.7AI score0.02323EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•35 views

Updated poppler packages fix a security vulnerability

buffer overflow in pdftohtml could result in a DoS CVE-2020-27778...

7.5CVSS2.5AI score0.02174EPSS
Exploits1References2
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•35 views

Updated dovecot packages fix security vulnerability

CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674:...

7.5CVSS2.5AI score0.06187EPSS
Exploits4References4
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•35 views

Updated networkmanager packages fix security vulnerability

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely...

4.3CVSS2.6AI score0.00983EPSS
Exploits0References5
Mageia
Mageia
•added 2020/05/08 10:57 a.m.•35 views

Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting XSS via malicious HTML content CVE-2020-12625 - CSRF attack can cause an authenticated user to be logged out CEV-2020-12626 - Remote code execution via crafted config options - Path traversal vulnerability...

6.5CVSS2.5AI score0.02782EPSS
Exploits2References3
Mageia
Mageia
•added 2020/05/05 12:20 p.m.•35 views

Updated gnuchess packages fix security vulnerability

Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file CVE-2019-15767...

7.8CVSS3.5AI score0.01468EPSS
Exploits1References2
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•35 views

Updated apache-mod_auth_openidc packages fix security vulnerability

The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. CVE-2019-20479...

6.1CVSS3.7AI score0.01893EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•35 views

Updated hiredis packages fix security vulnerability

Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked CVE-2020-7105...

7.5CVSS7.4AI score0.0277EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•35 views

Updated spamassassin packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Nefarious rule configuration .cf files can be configured to run system commands with sa-compile. CVE-2020-1930 Nefarious rule configuration .cf files can be configured to run system commands with warnings. CVE-2020-1931...

9.3CVSS2.6AI score0.07053EPSS
Exploits0References5
Mageia
Mageia
•added 2020/01/11 11:52 p.m.•35 views

Updated ming packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7866 There is a heap-based buffer overflow ...

8.8CVSS4.3AI score0.0204EPSS
Exploits5References2
Mageia
Mageia
•added 2019/12/08 6:12 p.m.•35 views

Updated lz4 packages fix security vulnerability

Updated lz4 packages fix security vulnerability: Heap-based buffer overflow in LZ4write32 CVE-2019-17543...

8.1CVSS3.4AI score0.09116EPSS
Exploits0References2
Mageia
Mageia
•added 2019/11/02 4:54 p.m.•35 views

Updated aspell packages fix security vulnerability

Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character CVE-2019-17544...

9.1CVSS3.6AI score0.03259EPSS
Exploits0References2
Mageia
Mageia
•added 2019/10/29 2:54 p.m.•35 views

Updated graphviz packages fix security vulnerability

The updated packages fix a security vulnerability: The agroot function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. CVE-2019-11023...

8.8CVSS2.5AI score0.05037EPSS
Exploits1References3
Mageia
Mageia
•added 2019/09/12 7:9 p.m.•35 views

Updated znc packages fix security vulnerabilities

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service CVE-2018-14055, CVE-2018-14056. Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution CVE-2019-12816 or denial of servi...

8.8CVSS3.9AI score0.04127EPSS
Exploits0References3
Mageia
Mageia
•added 2019/09/06 9:9 p.m.•35 views

Updated sdl2 packages fix security vulnerabilities

Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7572 a buffer overread in IMAADPCMnibble rhbz1676754 - Fix CVE-2019-7572 a buffer overwrite in IMAADPCMnibble...

8.8CVSS2.8AI score0.03299EPSS
Exploits11References4
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•35 views

Updated clamav packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability in the Portable Document Format PDF scanning functionality of Clam AntiVirus ClamAV Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

7.5CVSS2.5AI score0.01839EPSS
Exploits2References2
Mageia
Mageia
•added 2019/04/10 10:7 p.m.•35 views

Updated mumble packages fix security vulnerability

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service CVE-2018-20743...

7.5CVSS1.9AI score0.03625EPSS
Exploits0References3
Mageia
Mageia
•added 2019/03/29 3:51 p.m.•35 views

Updated openjpeg2 packages fix security vulnerability

Updated openjpeg2 packages fix security vulnerability: Division-by-zero vulnerabilities in the functions pinextpcrl, pinextcprl, and pinextrpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service CVE-2018-14423...

7.5CVSS5.4AI score0.03218EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/17 12:31 a.m.•35 views

Updated lxc packages fix security vulnerability

LXC allows attackers to overwrite the host LXC binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker...

9.3CVSS4.5AI score0.9857EPSS
Exploits33References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•35 views

Updated avahi packages fix security vulnerability

It was found that avahi responds to unicast queries coming from outside of local network which may cause an information leak, such as disclosing the device type/model that responds to the request or the operating system. The mDNS response may also be used to amplify denial of service attacks...

9.1CVSS2.4AI score0.03082EPSS
Exploits1References3
Mageia
Mageia
•added 2019/02/13 11:8 a.m.•35 views

Updated libtiff packages fix security vulnerability

The TIFFFdOpen function in tifunix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. CVE-2019-6128...

8.8CVSS3.1AI score0.03869EPSS
Exploits1References2
Mageia
Mageia
•added 2019/02/03 7:36 p.m.•35 views

Updated netatalk packages fix security vulnerability

Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, allowing an unauthenticated user to execute arbitrary code with root privileges CVE-2018-1160...

10CVSS3.3AI score0.86539EPSS
Exploits10References3
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•35 views

Updated opensc packages fix security vulnerabilities

Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.8CVSS3.2AI score0.00692EPSS
Exploits12References2
Mageia
Mageia
•added 2018/11/17 10:23 p.m.•35 views

Updated jhead package fixes security vulnerabilities

The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling CVE-2018-16554. The ProcessGpsInfo...

7.8CVSS4.2AI score0.01766EPSS
Exploits2References3
Mageia
Mageia
•added 2018/11/17 10:23 p.m.•35 views

Updated hylafax+ packages fix security vulnerability

Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message CVE-2018-17141...

9.8CVSS2.9AI score0.05588EPSS
Exploits2References2
Mageia
Mageia
•added 2018/10/27 9:45 a.m.•35 views

Updated x11-server packages fix security vulnerability

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

7.2CVSS5.1AI score0.2704EPSS
Exploits39References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•35 views

Updated libcgroup packages fix security vulnerability

The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...

8.1CVSS3AI score0.02316EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/23 11:35 p.m.•35 views

Updated sssd packages fix security vulnerability

Updated sssd packages fix security vulnerability: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to world-readable and writable, which means that anyone who can send a message using the same raw protocol that sudo and SS...

7.5CVSS1.9AI score0.01519EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/01 5:17 p.m.•35 views

Updated phpmyadmin packages fix security vulnerability

A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name...

6.1CVSS1.8AI score0.01818EPSS
Exploits0References1
Mageia
Mageia
•added 2018/06/24 10:2 p.m.•35 views

Updated libvorbis packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The barknoisehybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact via a crafted mp4 file. CVE-2017-14160...

8.8CVSS6.8AI score0.04575EPSS
Exploits1References4
Mageia
Mageia
•added 2018/06/05 9:42 p.m.•35 views

Updated glpi packages fix security vulnerability

Updated glpi package fixes security vulnerability: An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execu...

6.1CVSS2.6AI score0.01111EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/29 7:41 p.m.•35 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.20.2, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.0873EPSS
Exploits4References3
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•35 views

Updated ming packages fix security vulnerabilities

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. CVE-2017-8782 The...

8.8CVSS5.2AI score0.02489EPSS
Exploits7References1
Mageia
Mageia
•added 2018/04/30 7:8 p.m.•35 views

Updated libofx packages fix security vulnerabilities

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...

8.8CVSS5.1AI score0.02393EPSS
Exploits4References2
Mageia
Mageia
•added 2018/03/29 9:0 p.m.•35 views

Updated libvirt packages fix CVE-2018-1064

Updated libvirt package fixes security vulnerability: It was discovered that libvirt had a potential denial of service reading from QEMU guest agent CVE-2018-1064...

7.5CVSS2.8AI score0.02955EPSS
Exploits0References3
Mageia
Mageia
•added 2018/02/28 1:55 p.m.•35 views

Updated TiMidity++ packages fix security vulnerabilities

The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option CVE-2017-11546. The resamplegauss function in...

5.5CVSS4.7AI score0.01097EPSS
Exploits0References2
Mageia
Mageia
•added 2018/02/26 4:23 p.m.•35 views

Updated flatpak packages fix security vulnerability

Updated flatpak packages fix security vulnerability: A sandbox escape in the flatpak dbus proxy in the authentication phase CVE-2018-6560. The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,...

8.8CVSS2.3AI score0.0042EPSS
Exploits0References2
Total number of security vulnerabilities5000