Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2014/11/14 12:57 a.m.•33 views

Updated kdebase4-workspace packages fix security vulnerability and various bugs

This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14487, and fixes some additional issues: - fix kcm botching unrelated user settings mga3310, bko254430, - do not popup during initialization 0 B Removable media...

7.2CVSS6.3AI score0.00388EPSS
Exploits0References5
Mageia
Mageia
•added 2014/09/22 8:31 a.m.•33 views

Updated gnupg packages fix CVE-2014-5270

Updated gnupg packages fix security vulnerability: The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack CVE-2014-5270...

2.1CVSS6.2AI score0.00531EPSS
Exploits0References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•33 views

Updated grub2 package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The grub2 package is built with a bundled copy of minilzo, which is a part...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•33 views

Updated 389-ds-base packages fix security vulnerability

It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensiti...

5CVSS6.1AI score0.02198EPSS
Exploits0References2
Mageia
Mageia
•added 2014/06/13 10:2 p.m.•33 views

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.378 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This updates resolves cross-site-scripting vulnerabilities CVE-2014-0531, CVE-2014-0532, CVE-2014-0533. Th...

10CVSS7.6AI score0.10912EPSS
Exploits0References2
Mageia
Mageia
•added 2014/05/14 10:7 p.m.•33 views

Updated nrpe packages fix CVE-2014-2913

Updated nrpe packages fix security vulnerability: A remote, command execution flaw was discovered in Nagios NRPE when command arguments are enabled. A remote attacker could use this flaw to execute arbitrary commands CVE-2014-2913...

7.5CVSS7.3AI score0.15312EPSS
Exploits6References2
Mageia
Mageia
•added 2014/04/20 6:54 p.m.•33 views

Updated virtualbox packages fixes security vulnerabilities

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer ...

6.9CVSS7.2AI score0.08195EPSS
Exploits12References5
Mageia
Mageia
•added 2014/04/17 8:30 p.m.•33 views

Updated cups-filters packages fix security vulnerability

Updated cups-filters packages fix security vulnerability: Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups- browsed daemon CVE-2014-2707. Note that only systems that have enabled the affected feature by usin...

8.3CVSS7.1AI score0.01174EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/15 6:25 p.m.•33 views

Updated tigervnc packages fix CVE-2014-0011

Updated tigervnc packages fix security vulnerability: A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute...

9.8CVSS9.7AI score0.02494EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/15 4:24 p.m.•33 views

Updated udisks and udisks2 packages fixes security vulnerability

A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon root CVE-2014-0004...

6.9CVSS6.9AI score0.0043EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/05 11:17 p.m.•33 views

Updated libssh package fixes security vulnerability

When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...

1.9CVSS6.3AI score0.00356EPSS
Exploits1References3
Mageia
Mageia
•added 2014/03/03 9:37 p.m.•33 views

Updated python-logilab-common packages fix security vulnerabilities

Updated python-logilab-common packages fix security vulnerabilities about temporary file handling CVE-2014-1838 and CVE-2014-1839...

4.4CVSS6.6AI score0.00355EPSS
Exploits0References6
Mageia
Mageia
•added 2014/03/02 8:58 p.m.•33 views

Updated otrs package fixes security vulnerability

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695...

4.3CVSS8.5AI score0.04913EPSS
Exploits5References3
Mageia
Mageia
•added 2014/02/25 9:39 p.m.•33 views

Updated openswan packages fix CVE-2013-6466

Updated openswan packages fix security vulnerability: A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service daemon crash,...

5CVSS3.1AI score0.02664EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/21 4:6 p.m.•33 views

Updated zabbix packages fix two security vulnerabilities

Updated zabbix packages fixes security vulnerability: This update multiples vulnerabilities. - Fix vulnerability for remote command execution injection ZBX-7479, CVE-2013-6824 - Fix SQL injection vulnerability ZBX-7091, CVE-2013-5743 - Fix XSS issues ZBX-6952...

9.8CVSS2AI score0.79988EPSS
Exploits10References7
Mageia
Mageia
•added 2014/01/17 12:20 a.m.•33 views

Updated qt4 package fixes security vulnerability

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service CVE-2013-4549...

5CVSS2.7AI score0.03105EPSS
Exploits0References3
Mageia
Mageia
•added 2013/12/19 9:10 p.m.•33 views

Updated wireshark packages fix two security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The SIP dissector could go into an infinite loop CVE-2013-7112. The NTLMSSP v2 dissector could crash CVE-2013-7114...

5CVSS1.8AI score0.02307EPSS
Exploits1References5
Mageia
Mageia
•added 2013/11/20 8:26 p.m.•33 views

Updated pmake packages fix CVE-2011-1920

Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to bsd.lib.mk and bsd.prog.mk CVE-2011-1920...

3.3CVSS5.4AI score0.00438EPSS
Exploits1References2
Mageia
Mageia
•added 2013/08/11 12:24 p.m.•33 views

Updated subversion packages fixes security vulnerability

Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior. Commit access is required t...

4CVSS3.8AI score0.04383EPSS
Exploits0References3
Mageia
Mageia
•added 2013/07/21 8:38 a.m.•33 views

Updated moodle package fixes multiple security vulnerabilities

Flash files distributed with the YUI library in Moodle before 2.4.5 may have allowed for cross-site scripting attacks MSA-13-0025. Privacy settings for the IMS-LTI External tool module in Moodle before 2.4.5 were not able to be changed so personal information was always transferred MSA-13-0026...

4.3CVSS2.4AI score0.01406EPSS
Exploits0References10
Mageia
Mageia
•added 2013/07/09 6:27 p.m.•33 views

Updated rubygem-passenger package fixes CVE-2013-2119

Phusion Passengers code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability...

4.6CVSS3.6AI score0.004EPSS
Exploits0References5
Mageia
Mageia
•added 2026/02/06 5:11 a.m.•32 views

Updated python-django packages fix security vulnerabilities

Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...

8.5CVSS5.6AI score0.09436EPSS
Exploits2References2
Mageia
Mageia
•added 2025/05/08 6:51 p.m.•32 views

Updated firefox packages fix security vulnerabilities

A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox...

9.1CVSS8.3AI score0.00419EPSS
Exploits0References3
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•32 views

Updated pam packages fix security vulnerability

libpam vulnerable to leaking hashed passwords. CVE-2024-10041...

4.7CVSS6.9AI score0.00265EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/01 6:51 a.m.•32 views

Updated imagemagick packages fix security vulnerabilities

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

7.5CVSS3.9AI score0.00481EPSS
Exploits0References2
Mageia
Mageia
•added 2025/04/17 5:37 p.m.•32 views

Updated rust packages fix security vulnerability

The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...

10CVSS7.8AI score0.20342EPSS
Exploits10References9
Mageia
Mageia
•added 2025/02/25 4:58 p.m.•32 views

Updated emacs packages fix a security vulnerability

A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

8.8CVSS8.7AI score0.02657EPSS
Exploits0References4
Mageia
Mageia
•added 2025/02/13 7:9 p.m.•32 views

Updated ofono packages fix security vulnerabilities

Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodedeliver function. CVE-2023-2794 Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodestatusreport function. CVE-2023-4232 Sms decoder stack-based buffer overflow...

8.1CVSS8.2AI score0.0124EPSS
Exploits4References3
Mageia
Mageia
•added 2024/08/28 5:11 p.m.•32 views

Updated nodejs & yarnpkg packages fix security vulnerabilities

Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...

8.1CVSS7.1AI score0.01104EPSS
Exploits0References10
Mageia
Mageia
•added 2024/06/25 4:12 p.m.•32 views

Updated python-ansible-core packages fix security vulnerability

ansible-core: possible information leak in tasks that ignore ANSIBLENOLOG configuration CVE-2024-0690...

5.5CVSS7AI score0.00301EPSS
Exploits0References2
Mageia
Mageia
•added 2023/12/04 8:28 a.m.•32 views

Updated virtualbox packages fix security vulnerabilities and other bugs

This update fixes several security issues and other bugs, among them: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon t...

8.2CVSS7.6AI score0.0055EPSS
Exploits1References4
Mageia
Mageia
•added 2023/10/23 10:5 p.m.•32 views

Updated libcue packages fix a security vulnerability

Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it is then automatically scanned by tracker-miners. And because it has a .c...

8.8CVSS7.5AI score0.1657EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/10 5:21 p.m.•32 views

Updated cups packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents. CVE-2023-32360 Due to failure in validating the length provided by an...

7CVSS7.2AI score0.00663EPSS
Exploits2References5
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•32 views

Updated indent package fixes security vulnerabilities

GNU indent 2.2.13 has a heap-based buffer overflow in searchbrace in indent.c via a crafted file. CVE-2023-40305 GNU indent 2.2.13 has a heap overread in lexi...

5.5CVSS7.4AI score0.00424EPSS
Exploits1References3
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•32 views

Updated curaengine packages fix security vulnerability

Denial of service due to integer overflow CVE-2022-28041...

6.5CVSS7.2AI score0.02069EPSS
Exploits1References2
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•32 views

Updated peazip packages fix security vulnerability

Denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. CVE-2023-24785...

5.5CVSS5.8AI score0.00311EPSS
Exploits1References2
Mageia
Mageia
•added 2023/03/18 10:16 p.m.•32 views

Updated epiphany packages fix security vulnerability

In Epiphany aka GNOME Web through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. CVE-2023-26081...

7.5CVSS7.4AI score0.01228EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•32 views

Updated libksba packages fix security vulnerability

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629...

9.8CVSS4.8AI score0.0155EPSS
Exploits2References3
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•32 views

Updated matio packages fix security vulnerability

matio aka MAT File I/O Library 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble called from ReadInt32Data and MatVarRead4. CVE-2020-36428 matio aka MAT File I/O Library 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MMmemcpy called from H5MMmalloc and...

8.8CVSS3.5AI score0.01503EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•32 views

Updated thunderbird packages fix security vulnerability

Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. CVE-2022-45414...

8.1CVSS1.5AI score0.00528EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/18 10:50 p.m.•33 views

Updated x11-server packages fix security vulnerability

Buffer overflow in function GetCountedString of the file xkb/xkb.c. CVE-2022-3550 Memory leak in the function ProcXkbGetKbdByName of the file xkb/xkb.c. CVE-2022-3551...

8.8CVSS7.8AI score0.01681EPSS
Exploits0References5
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•32 views

Updated kitty packages fix security vulnerability

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. CVE-2022-41322...

7.8CVSS2.4AI score0.00499EPSS
Exploits1References4
Mageia
Mageia
•added 2022/01/15 8:9 a.m.•32 views

Updated htmldoc packages fix security vulnerability

Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to imageloadbmp. CVE-2021-40985...

5.5CVSS4AI score0.00871EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/10 10:19 p.m.•32 views

Updated curaengine packages fix security vulnerability

Buffer overflow vulnerability in function stbiextendreceive in stbimage.h in stb 2.26 via a crafted JPEG file. CVE-2021-28021 An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An...

7.8CVSS2.3AI score0.0136EPSS
Exploits2References2
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•32 views

Updated libgd packages fix security vulnerability

readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file. CVE-2021-38115 gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. CVE-2021-40145...

7.5CVSS6.7AI score0.02051EPSS
Exploits2References2
Mageia
Mageia
•added 2021/09/23 4:49 a.m.•32 views

Updated gpac packages fix security vulnerability

A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. CVE-2021-21834 A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause a...

8.8CVSS3.6AI score0.02019EPSS
Exploits24References2
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•32 views

Updated fetchmail packages fix security vulnerability

Updated fetchmail packages fix security vulnerability: reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages...

7.5CVSS4.4AI score0.0256EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/10 8:0 p.m.•32 views

Updated libebml packages fix a security vulnerability

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml CVE-2021-3405...

6.5CVSS2AI score0.01737EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/04 2:13 a.m.•32 views

Updated file-roller packages fix security vulnerability

Updated file-roller package fixes security vulnerability: A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives containing symbolic links. The...

3.9CVSS1.3AI score0.00611EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•32 views

Updated wavpack packages fix a security vulnerability

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument CVE-2020-35738...

6.1CVSS3.8AI score0.01196EPSS
Exploits1References2
Total number of security vulnerabilities5000