Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2023/06/15 7:27 a.m.•33 views

Updated firefox/nss packages fix security vulnerability

Click-jacking certificate exceptions through rendering lag. CVE-2023-34414 Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. CVE-2023-34416...

9.8CVSS7.8AI score0.0093EPSS
Exploits0References5
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•33 views

Updated httpie packages fix security vulnerability

Cookie exposure to third parties CVE-2022-24737...

6.5CVSS7AI score0.01625EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•33 views

Updated tcpreplay packages fix security vulnerability

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpeditdltcleanup function at plugins/dltplugins.c. CVE-2023-27783 An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the readhexstring function ...

7.5CVSS6.8AI score0.01506EPSS
Exploits7References2
Mageia
Mageia
•added 2023/03/31 12:13 a.m.•33 views

Updated tigervnc/x11-server packages fix security vulnerability

DeepCopyPointerClasses use-after-free leads to privilege elevation. CVE-2023-0494...

7.8CVSS7.9AI score0.00899EPSS
Exploits0References12
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•33 views

Updated python-twisted packages fix security vulnerability

When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...

5.4CVSS0.9AI score0.01156EPSS
Exploits1References4
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•33 views

Updated nautilus packages fix security vulnerability

GNOME Nautilus 42.2 allows a NULL pointer dereference and getbasename application crash via a pasted ZIP archive. CVE-2022-37290...

5.5CVSS3.5AI score0.00326EPSS
Exploits1References4
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•33 views

Updated epiphany packages fix security vulnerability

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow in ephystringshorten in the UI process via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. CVE-2022-29536...

7.5CVSS2.8AI score0.01896EPSS
Exploits0References4
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•33 views

Updated usbredir packages fix security vulnerability

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. CVE-2021-3700...

6.4CVSS4.5AI score0.00309EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/24 9:3 a.m.•33 views

Updated libpano13 packages fix security vulnerability

Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine in parser.c. CVE-2021-33293...

9.1CVSS2.4AI score0.02067EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/31 11:12 a.m.•33 views

Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody CVE-2021-28116...

5.3CVSS2.6AI score0.13005EPSS
Exploits0References4
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•33 views

Updated grilo packages fix security vulnerability

Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks...

5.9CVSS3.4AI score0.00866EPSS
Exploits0References4
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•33 views

Updated tor packages fix security vulnerability

Henry de Valence reported a flaw in the signature verification code in Tor, a connection-based low-latency anonymous communication system. A remote attacker can take advantage of this flaw to cause an assertion failure, resulting in denial of service...

7.5CVSS2.6AI score0.01685EPSS
Exploits1References3
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•33 views

Updated 389-ds-base packages fix security vulnerability

Fixed crypt handling of locked accounts. CVE-2021-3652...

6.5CVSS1.7AI score0.01428EPSS
Exploits0References4
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•33 views

Updated tor package fixes security vulnerabilities

Don't allow relays to spoof RELAYEND or RELAYRESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it CVE-2021-34548. hashtable-based CPU denial-of-service atta...

7.5CVSS0.8AI score0.02721EPSS
Exploits0References4
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•33 views

Updated qtwebsockets5 packages fix a security vulnerability

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption CVE-2018-21035...

8.6CVSS5AI score0.02281EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/18 7:24 p.m.•33 views

Updated python-babel packages fix a security vulnerability

Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code CVE-2021-20095...

6.1AI score
Exploits0References3
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•33 views

Updated cgal packages fix security vulnerabilities

Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...

10CVSS3AI score0.03265EPSS
Exploits1References2
Mageia
Mageia
•added 2021/03/04 4:53 p.m.•33 views

Updated gnome-autoar packages fix security vulnerability

Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution CVE-2020-36241...

5.5CVSS3.8AI score0.00639EPSS
Exploits1References2
Mageia
Mageia
•added 2021/02/06 6:20 p.m.•33 views

Updated python-py packages fix a security vulnerability

A denial of service via regular expression in the py.path.svnwc component of python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality CVE-2020-29651...

7.5CVSS6.7AI score0.04607EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/22 11:50 p.m.•33 views

Updated perl-DBI packages fix security vulnerabilities

An issue was discovered in the DBI module before 1.643 for Perl. The hvfetch documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOKprofile, causing a NULL pointer dereference. CVE-2019-20919. An untrusted pointer dereference flaw was found in...

7.1CVSS1.8AI score0.00602EPSS
Exploits0References5
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•33 views

Updated oniguruma packages fix security vulnerability

In Oniguruma, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concatoptexactstr in src/regcomp.c CVE-2020-26159...

4.3AI score
Exploits1References4
Mageia
Mageia
•added 2020/09/27 8:6 p.m.•33 views

Updated novnc package fixes a security vulnerability

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. CVE-2017-18635...

6.1CVSS2AI score0.0481EPSS
Exploits1References2
Mageia
Mageia
•added 2020/09/15 11:45 a.m.•33 views

Updated libetpan packages fix a security vulnerability

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS2.1AI score0.02393EPSS
Exploits1References3
Mageia
Mageia
•added 2020/08/18 5:41 p.m.•33 views

Updated claws-mail packages fix security vulnerability

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled CVE-2020-15917...

9.8CVSS2.2AI score0.02592EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•33 views

Updated redis packages fix security vulnerability

An integer overflow in the getnum function in luastruct.c CVE-2020-14147...

7.7CVSS3.6AI score0.03085EPSS
Exploits0References3
Mageia
Mageia
•added 2020/06/16 7:45 a.m.•33 views

Updated scapy packages fix security vulnerability

Updated scapy packages fix security vulnerabilities: A vulnerability was found in scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap...

7.5CVSS2.9AI score0.02791EPSS
Exploits1References2
Mageia
Mageia
•added 2020/06/15 7:54 a.m.•33 views

Updated networkmanager packages fix security vulnerability

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely...

4.3CVSS2.6AI score0.00983EPSS
Exploits0References5
Mageia
Mageia
•added 2020/06/10 10:57 p.m.•33 views

Updated openconnect packages fix security vulnerability

Updated openconnect packages fix security vulnerabilities: OpenConnect through 8.08 mishandles negative return values from X509check function calls, which might assist attackers in performing man-in-the-middle attacks CVE-2020-12105. OpenConnect 8.09 has a buffer overflow, causing a denial of...

9.8CVSS4.1AI score0.04622EPSS
Exploits1References2
Mageia
Mageia
•added 2020/05/29 9:18 p.m.•33 views

Updated gdb packages fix security vulnerability

Updated gdb packages fix security vulnerability: Potential buffer overflow when loading ELF sections larger than the file CVE-2019-1010180...

7.8CVSS3.9AI score0.02628EPSS
Exploits1References2
Mageia
Mageia
•added 2020/04/15 10:12 a.m.•33 views

Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: A flaw was reported in the DTLS protocol implementation in GnuTLS. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol CVE-2020-11501...

7.4CVSS7.5AI score0.03388EPSS
Exploits0References2
Mageia
Mageia
•added 2020/02/18 2:5 p.m.•33 views

Updated sphinx packages fix security vulnerability

Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only CVE-2019-14511...

7.5CVSS1.5AI score0.02042EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/09 7:13 p.m.•33 views

Updated spamassassin packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Nefarious rule configuration .cf files can be configured to run system commands with sa-compile. CVE-2020-1930 Nefarious rule configuration .cf files can be configured to run system commands with warnings. CVE-2020-1931...

9.3CVSS2.6AI score0.07053EPSS
Exploits0References5
Mageia
Mageia
•added 2019/12/15 6:3 p.m.•33 views

Updated libcroco packages fix security vulnerability

Updated libcroco packages fix security vulnerabilities: Heap overflow input: check end of input before reading a byte CVE-2017-7960. Undefined behavior tknzr: support only max long rgb values CVE-2017-7961. Denial of service memory allocation error via a crafted CSS file CVE-2017-8834. Denial of...

7.8CVSS1.5AI score0.12996EPSS
Exploits7References2
Mageia
Mageia
•added 2019/12/13 6:25 p.m.•33 views

Updated wireshark packages fix security vulnerability

Version 3.0.7 fixes the following security vulnerability: CMS dissector crash CVE-2019-19553. This update also brings the Mageia package from version 3.0.4 to 3.0.7...

7.5CVSS4.7AI score0.04128EPSS
Exploits0References8
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•33 views

Updated tnef packages fix security vulnerability

Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup CVE-2019-18849...

5.5CVSS3.2AI score0.01203EPSS
Exploits1References2
Mageia
Mageia
•added 2019/08/31 1:22 p.m.•33 views

Updated memcached packages fix security vulnerability

AUpdated memcached packages fix security vulnerability: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlrucommand in memcached.c CVE-2019-11596...

7.5CVSS3.9AI score0.02958EPSS
Exploits1References2
Mageia
Mageia
•added 2019/08/10 12:12 a.m.•33 views

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd package fixes security vulnerability: It was discovered that cyrus-imapd had a buffer overflow in CalDAV request handling triggered by a long iCalendar property name CVE-2019-11356...

9.8CVSS1.9AI score0.07622EPSS
Exploits0References2
Mageia
Mageia
•added 2019/07/21 6:17 p.m.•33 views

Updated libreswan packages fix security vulnerability

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects...

3.5CVSS4AI score0.00512EPSS
Exploits0References1
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•33 views

Updated cronie packages fix security vulnerabilities

Updated cronie packages fix security vulnerabilities: Cronie before 1.5.3 allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked CVE-2019-9704. Cronie before 1.5.3 allows local users to cause a denial of service memory...

5.5CVSS3.8AI score0.00354EPSS
Exploits0References2
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•33 views

Updated python-django packages fix security vulnerability

If django.utils.numberformat.format -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ':f'.format CVE-2019-6975...

7.5CVSS2.6AI score0.05399EPSS
Exploits0References2
Mageia
Mageia
•added 2019/01/23 3:50 p.m.•33 views

Updated pdns-recursor package fixes security vulnerabilities

An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua CVE-2019-3806. An issue has been found in PowerDNS Recursor where records in the...

9.8CVSS4AI score0.0146EPSS
Exploits0References3
Mageia
Mageia
•added 2019/01/18 10:19 p.m.•33 views

Updated python-django16 package fixes security vulnerability

It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL CVE-2019-3498...

6.5CVSS2.3AI score0.03685EPSS
Exploits0References3
Mageia
Mageia
•added 2018/12/02 10:15 p.m.•33 views

Updated apache-mod_perl packages fix security vulnerability

A flaw was found in modperl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processi...

10CVSS3AI score0.08946EPSS
Exploits0References2
Mageia
Mageia
•added 2018/10/19 6:0 p.m.•33 views

Updated tcpflow packages fix security vulnerability

pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handleprism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the functio...

9.1CVSS3.7AI score0.02753EPSS
Exploits1References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•33 views

Updated okular packages fix security vulnerability

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive..." in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular...

5.5CVSS5.1AI score0.0183EPSS
Exploits1References2
Mageia
Mageia
•added 2018/09/21 4:26 p.m.•33 views

Updated lcms2 packages fix security vulnerability

Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. CVE-2018-16435...

5.5CVSS3.7AI score0.01746EPSS
Exploits1References2
Mageia
Mageia
•added 2018/06/19 11:42 p.m.•33 views

Updated roundcubemail packages fix security vulnerability

Updated roundcubemail package fixes security vulnerability: This update fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. CVE-2018-9846...

8.8CVSS2.4AI score0.02289EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/16 8:24 a.m.•33 views

Updated libpam4j package fixes security vulnerability

It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pamacctmgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in CVE-2017-12197...

6.5CVSS2.8AI score0.01511EPSS
Exploits0References2
Mageia
Mageia
•added 2018/05/12 6:28 a.m.•33 views

Updated transmission packages fix a security vulnerability

Updated transmission packages fix security vulnerability: Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interfaces may result in the execution of arbitrary code if a user visits a malicious...

8.8CVSS2AI score0.11926EPSS
Exploits1References2
Mageia
Mageia
•added 2018/04/13 8:8 p.m.•33 views

Updated puppet packages fix security vulnerability

It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code CVE-2017-10689...

5.5CVSS2AI score0.00363EPSS
Exploits0References2
Total number of security vulnerabilities5000