Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2015/08/27 8:49 p.m.•35 views

Updated drupal packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...

7.5CVSS7.2AI score0.0506EPSS
Exploits0References4
Mageia
Mageia
•added 2015/08/27 8:49 p.m.•35 views

Updated vlc packages fix security vulnerabilities

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

6.8CVSS9.5AI score0.13337EPSS
Exploits0References3
Mageia
Mageia
•added 2015/07/28 9:1 p.m.•35 views

Updated freeradius package fixes security vulnerability

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...

7.5CVSS7.6AI score0.01791EPSS
Exploits0References6
Mageia
Mageia
•added 2015/05/15 6:23 p.m.•35 views

Updated virtualbox packages fix security vulnerabilities

Updated virtualbox packages fixes security vulnerability This update provides the 4.3.28 maintenance release fixing the following security issue: The Floppy Disk Controller FDC in QEMU, XEN, KVM and virtualbox allows local guest users to cause a denial of service out-of-bounds write and guest cra...

7.7CVSS8.1AI score0.15275EPSS
Exploits1References2
Mageia
Mageia
•added 2015/05/13 5:18 p.m.•35 views

Updated darktable packages fix CVE-2015-3885

Updated darktable package fixes security vulnerability The dcraw tool bundled in darktable's libraw copy suffers from an integer overflow condition which leads to a buffer overflow. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service conditio...

4.3CVSS7.2AI score0.05434EPSS
Exploits0References4
Mageia
Mageia
•added 2015/05/06 5:44 p.m.•35 views

Updated libtasn1 packages fix CVE-2015-3622

Updated libtasn1 packages fix security vulnerability: A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function asn1extractderoctet CVE-2015-3622...

4.3CVSS6.4AI score0.33094EPSS
Exploits1References3
Mageia
Mageia
•added 2015/05/06 3:16 p.m.•35 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: This update provides MariaDB 5.5.43, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References4
Mageia
Mageia
•added 2015/04/15 9:1 a.m.•35 views

Updated tor packages fix security vulnerabilities

"disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible CVE-2015-2928. "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidde...

7.5CVSS7.4AI score0.01384EPSS
Exploits0References3
Mageia
Mageia
•added 2015/03/10 4:48 p.m.•35 views

Updated gnupg and libgcrypt packages fix security vulnerabilities

GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak CVE-2014-3591. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak...

5.9CVSS5.9AI score0.01952EPSS
Exploits0References3
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•36 views

Updated sudo packages fix CVE-2014-9680

Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs ...

3.3CVSS5.2AI score0.0047EPSS
Exploits1References3
Mageia
Mageia
•added 2015/01/05 4:30 p.m.•35 views

Updated openvas-manager packages fix security vulnerability

Updated openvas-manager packages fixes security vulnerability: It has been identified that OpenVAS Manager before 4.0.6 is vulnerable to sql injections due to a improper handling of the timezone parameter in modifyschedule OMP command. It has been identified that this vulnerability may allow...

7.5CVSS6.2AI score0.02065EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•35 views

Updated glibc packages fix CVE-2014-7817

The function wordexp fails to properly handle the WRDENOCMD flag when processing arithmetic inputs in the form of "$... " where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDENOCMD forbade command substitution. This allows an attack...

4.6CVSS8.8AI score0.00578EPSS
Exploits0References2
Mageia
Mageia
•added 2014/10/29 11:30 a.m.•35 views

Updated konversation package fixes security vulnerability

Due to and out-of-bounds read issue in Konversation in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...

5CVSS6.1AI score0.0355EPSS
Exploits0References3
Mageia
Mageia
•added 2014/10/23 1:27 p.m.•35 views

Updated phpmyadmin package fixes security vulnerability

In phpMyAdmin before 4.1.14.6, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries CVE-2014-8326...

3.5CVSS6.3AI score0.01519EPSS
Exploits1References2
Mageia
Mageia
•added 2014/10/07 9:22 a.m.•35 views

Updated phpmyadmin package fixes security vulnerability

In phpMyAdmin before 4.1.14.4, with a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages CVE-2014-7217...

3.5CVSS5.8AI score0.01617EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•35 views

Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS7.5AI score0.0315EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/27 3:3 p.m.•35 views

Updated phpmyadmin packages fix CVE-2014-4349

Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be...

3.5CVSS5.7AI score0.0213EPSS
Exploits1References2
Mageia
Mageia
•added 2014/06/18 7:25 p.m.•35 views

Updated dbus packages fix security vulnerability

Updated dbus packages fix security vulnerability: A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusu...

4CVSS5.4AI score0.00444EPSS
Exploits0References2
Mageia
Mageia
•added 2014/05/14 10:15 p.m.•35 views

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.359 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a use-after-free vulnerability that could result in arbitrary code execution...

10CVSS7.4AI score0.08486EPSS
Exploits2References2
Mageia
Mageia
•added 2014/04/24 7:10 p.m.•35 views

Updated cups packages fix CVE-2014-2856

Updated cups packages fix security vulnerability: Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function CVE-2014-2856...

4.3CVSS5.7AI score0.01639EPSS
Exploits0References3
Mageia
Mageia
•added 2014/04/16 1:12 p.m.•35 views

Updated fail2ban packages fix security issues

An update to fail2ban 0.8.13 has been released to fix security issues, amongst other bugfixes. fail2ban versions prior to 0.8.11 would allow a remote unauthenticated attacker to cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services...

5CVSS6.5AI score0.03235EPSS
Exploits2References3
Mageia
Mageia
•added 2014/03/15 4:26 p.m.•35 views

Updated freetype2 packages fix security vulnerabilities

It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2hintmapbuild in the CFF rasterizing code, which could lead to a buffer overflow CVE-2014-2240. It was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CF...

7.5CVSS6.7AI score0.06275EPSS
Exploits3References3
Mageia
Mageia
•added 2014/03/12 4:22 p.m.•35 views

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.346 contains fixes to important vulnerabilities found in earlier versions that could allow a remote attacker to bypass security restrictions or to access sensitive information. This update resolves a vulnerability that could be used to bypass the same origin policy...

6.4CVSS6.2AI score0.04293EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/16 1:23 p.m.•35 views

Updated libgadu packages fix security vulnerability

A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow in Gadu-Gadu HTTP parsing CVE-2013-6487...

7.5CVSS2.6AI score0.08174EPSS
Exploits0References3
Mageia
Mageia
•added 2014/02/12 5:13 p.m.•35 views

Updated tor package fixes security vulnerability

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to...

4CVSS3.6AI score0.01751EPSS
Exploits0References2
Mageia
Mageia
•added 2014/02/11 10:6 p.m.•35 views

Updated libvirt packages fix two vulnerabilties

Updated libvirt packages fix security vulnerabilities: It was discovered that insecure job usage could lead to denial of service against libvirtd CVE-2013-6458. It was discovered that a race condition in keepalive handling could lead to denial of service against libvirtd CVE-2014-1447...

6.8CVSS6.1AI score0.02343EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/24 9:5 p.m.•35 views

Updated flash-player-plugin fixes security vulnerabilities

Adobe Flash Player 11.2.202.335 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a vulnerability that could be used to bypass Flas...

10CVSS6.5AI score0.07117EPSS
Exploits0References2
Mageia
Mageia
•added 2013/09/13 8:12 p.m.•35 views

Updated flash-player-plugin package fixes critical security vulnerabilities

Adobe Flash Player 11.2.202.310 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead...

10CVSS5.3AI score0.05759EPSS
Exploits0References2
Mageia
Mageia
•added 2013/08/30 5:33 p.m.•35 views

Updated ngircd package fixes CVE-2013-5580

Updated ngircd package fixes security vulnerability: Denial of service bug server crash in ngIRCd before 20.3 which could happen when the configuration option "NoticeAuth" is enabled which is NOT the default and ngIRCd failed to send the "notice auth" messages to new clients connecting to the...

4.3CVSS2.2AI score0.02322EPSS
Exploits0References3
Mageia
Mageia
•added 2013/08/03 8:45 a.m.•35 views

Updated gnupg package fixes security vulnerability

Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system CVE-2013-4242...

1.9CVSS3.6AI score0.00533EPSS
Exploits0References7
Mageia
Mageia
•added 2013/07/26 11:54 a.m.•35 views

Updated qemu package fixes CVE-2013-2231

Updated qemu packages fix security vulnerability: An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to ha...

7.2CVSS3.1AI score0.00448EPSS
Exploits0References2
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•35 views

Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

5CVSS2AI score0.06485EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/05 10:49 p.m.•34 views

Updated libsoup3 & libsoup packages fix security vulnerabilities

Libsoup: heap buffer over-read in skipinsignificantspace when sniffing content. CVE-2025-2784 Libsoup: denial of service attack to websocket server. CVE-2025-32049 Libsoup: integer overflow in appendparamquoted. CVE-2025-32050 Libsoup: segmentation fault when parsing malformed data uri...

9CVSS7.1AI score0.00847EPSS
Exploits2References7
Mageia
Mageia
•added 2025/05/31 4:20 p.m.•34 views

Updated deluge packages fix security vulnerabilities & bug

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

7.1AI score
Exploits0References1
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•34 views

Updated fcgi packages fix security vulnerability

FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. CVE-2025-23016...

9.3CVSS7.4AI score0.00566EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/16 5:9 a.m.•34 views

Updated freetype2 packages fix security vulnerability

An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may result in arbitrary code execution...

8.1CVSS8AI score0.26049EPSS
Exploits1References3
Mageia
Mageia
•added 2025/02/08 2:23 a.m.•34 views

Updated xrdp packages fix security vulnerability

xrdp allows an infinite number of login attempts. CVE-2024-39917...

9.8CVSS7.3AI score0.00602EPSS
Exploits0References2
Mageia
Mageia
•added 2024/12/04 4:58 p.m.•34 views

Updated python-aiohttp packages fix security vulnerabilities

When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'followsymlinks' is set to True,...

7.5CVSS7.4AI score0.76875EPSS
Exploits15References3
Mageia
Mageia
•added 2024/09/13 5:15 p.m.•34 views

Updated assimp packages fix security vulnerability

Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program...

8.4CVSS7.8AI score0.00281EPSS
Exploits0References2
Mageia
Mageia
•added 2024/08/15 5:48 p.m.•34 views

Updated roundcubemail packages fix security vulnerabilities

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

9.3CVSS6.2AI score0.82853EPSS
Exploits9References2
Mageia
Mageia
•added 2024/07/10 6:1 p.m.•34 views

Updated poppler packages fix security vulnerability

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. CVE-2024-6239...

7.5CVSS6.6AI score0.00785EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/29 6:8 p.m.•34 views

Updated qtnetworkauth5 & qtnetworkauth6 packages fix security vulnerability

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...

9.8CVSS7.2AI score0.0097EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/15 5:32 a.m.•34 views

Updated sssd packages fix security vulnerability

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758...

7.1CVSS7AI score0.01033EPSS
Exploits1References3
Mageia
Mageia
•added 2024/04/12 8:45 p.m.•34 views

Updated xfig packages fix security vulnerability

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. CVE-2023-45920...

4.2CVSS7.7AI score0.00235EPSS
Exploits0References2
Mageia
Mageia
•added 2024/04/10 4:3 a.m.•34 views

Updated gstreamer1.0 packages fix vulnerability

Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9 It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation...

8.8CVSS8.4AI score0.01559EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/18 10:41 p.m.•34 views

Updated ghostscript packages fix a security vulnerability

The updated packages fix a security vulnerability. An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751...

7.5CVSS7.4AI score0.0153EPSS
Exploits0References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•34 views

Updated minidlna packages fix security vulnerability

Out-of-bounds read/write due to buffer overflow CVE-2023-33476...

9.8CVSS7.5AI score0.02061EPSS
Exploits2References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•34 views

Updated python-wheel packages fix security vulnerability

Denial of service via attacker controlled input to wheel cli CVE-2022-40898...

7.5CVSS7AI score0.02659EPSS
Exploits1References3
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•34 views

Updated imagemagick packages fix security vulnerability

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of...

5.5CVSS5.9AI score0.00593EPSS
Exploits1References3
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•34 views

Updated jpegoptim packages fix security vulnerability

A heap overflow can occur with crafted JPEG image file. CVE-2023-27781...

7.8CVSS7.8AI score0.00393EPSS
Exploits1References3
Total number of security vulnerabilities5000