Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2016/02/17 7:6 p.m.•32 views

Updated cpio packages fix CVE-2016-2037

Updated cpio package fixes security vulnerability: An out-of-bounds write in cpio was found in the parsing of cpio files, in the processcopyin function in src/copyin.c CVE-2016-2037...

6.5CVSS3.8AI score0.05484EPSS
Exploits0References2
Mageia
Mageia
•added 2016/02/05 5:26 p.m.•32 views

Updated cyrus-imapd packages fix security vulnerability

Cyrus-imapd versions 2.4.18 and earlier are vulnerable to potential integer and buffer overflows CVE-2015-8077, CVE-2015-8078...

7.5CVSS5AI score0.03261EPSS
Exploits0References2
Mageia
Mageia
•added 2016/01/20 5:53 p.m.•33 views

Updated perl and perl-PathTools packages fix security vulnerability

It was reported that File::Spec::canonpath routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code CVE-2015-8607...

7.5CVSS7.4AI score0.03124EPSS
Exploits0References3
Mageia
Mageia
•added 2015/12/16 9:1 p.m.•32 views

Updated quassel packages fix security vulnerability

The Quassel core could be crashed by a client using the op command, causing a denial of service CVE-2015-8547...

7.5CVSS7.3AI score0.02825EPSS
Exploits0References2
Mageia
Mageia
•added 2015/11/10 9:26 p.m.•32 views

Updated putty packages fix security vulnerability

Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator CVE-2015-5309...

4.3CVSS9.3AI score0.03467EPSS
Exploits0References3
Mageia
Mageia
•added 2015/09/25 6:43 p.m.•32 views

Updated rpcbind packages fix CVE-2015-7236

Updated rpcbind package fixes security vulnerability: A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service rpcbind crash...

7.5CVSS7.5AI score0.06408EPSS
Exploits0References2
Mageia
Mageia
•added 2015/09/13 9:58 p.m.•32 views

Updated conntrack-tools packages fix CVE-2015-6496

Updated conntrack-tools packages fix security vulnerability: It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets CVE-2015-6496...

5CVSS6.3AI score0.03202EPSS
Exploits1References2
Mageia
Mageia
•added 2015/09/08 5:55 p.m.•32 views

Updated libidn packages fix CVE-2015-2059

Updated libidn packages fix security vulnerability: In libidn before 1.31, stringpreputf8toucs4 did not validate that the input UTF-8 string was actually valid UTF-8, which could lead to out-of-bounds reads CVE-2015-2059...

7.5CVSS7.7AI score0.03185EPSS
Exploits0References5
Mageia
Mageia
•added 2015/08/07 7:20 p.m.•32 views

Updated lxc package fixes security vulnerability

Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user CVE-2015-1331. Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor...

4.9CVSS8.4AI score0.00459EPSS
Exploits1References2
Mageia
Mageia
•added 2015/07/01 12:40 p.m.•32 views

Updated drupal package fixes security vulnerability

Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users CVE-2015-3231. A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites CVE-2015-3232. Due to insufficient URL validation, the Overlay module could be...

5.8CVSS6.2AI score0.02763EPSS
Exploits0References9
Mageia
Mageia
•added 2015/04/30 9:57 p.m.•32 views

Updated quassel packages fix CVE-2015-3427

Updated quassel packages fix security vulnerability: Quassel is vulnerable to SQL injection through its use of Qt's postgres driver. If the PostgreSQL server is restarted or the connection is lost at any point, other IRC users may be able to trick the Quassel core into executing SQL queries upon...

7.5CVSS7.4AI score0.02003EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/26 8:26 a.m.•32 views

Updated cabextract packages fix CVE-2015-2060

A directory traversal issue in cabextract allows writing to locations outside of the current working directory, when extracting a crafted cab file that encodes the filenames in a certain manner CVE-2015-2060...

5.3CVSS5.5AI score0.02308EPSS
Exploits1References3
Mageia
Mageia
•added 2015/01/24 2:32 p.m.•32 views

Updated aircrack-ng packages fix security vulnerabilities

Updated aircrack-ng package fixes security vulnerabilities: A length parameter inconsistency in Aircrack-ng before 1.2-rc1 at aireplay tcptest which may lead to remote code execution CVE-2014-8322. A missing check for data format in Aircrack-ng before 1.2-rc1 at buddy-ng which may lead to denial ...

9.8CVSS9.1AI score0.23925EPSS
Exploits3References3
Mageia
Mageia
•added 2015/01/09 4:44 p.m.•32 views

Updated unrtf package fixes security vulnerability

Updated unrtf package fixes security vulnerability: Hanno Böck also reported a number of other crashes in unrtf besides the ones associated with CVE-2014-9275. These could allow a denial of service when opening a malicious malformed RTF file which causes unrtf to crash...

6.2AI score
Exploits0References2
Mageia
Mageia
•added 2015/01/05 4:30 p.m.•32 views

Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using...

5CVSS6.2AI score0.13195EPSS
Exploits1References3
Mageia
Mageia
•added 2014/12/31 12:28 p.m.•32 views

Updated xml-security packages fix CVE-2013-4517

Updated xml-security packages fixes security vulnerability: Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to signatures CVE-2013-4517...

4.3CVSS6.7AI score0.08863EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/19 3:6 p.m.•32 views

Updated unrtf package fixes security vulnerabilities

Updated unrtf package fixes security vulnerabilities: Michal Zalewski reported an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while accessing a pointer that may be under the attacker's control. This would lead to a denial of service...

7.5CVSS6.9AI score0.05826EPSS
Exploits1References2
Mageia
Mageia
•added 2014/11/26 5:29 p.m.•32 views

Updated icecast package fixes security vulnerability

Icecast did not properly handle the launching of "scripts" on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to external clients. CVE-2014-9018...

5CVSS6.1AI score0.02965EPSS
Exploits1References4
Mageia
Mageia
•added 2014/11/14 12:57 a.m.•32 views

Updated kdebase4-workspace packages fix security vulnerability and various bugs

This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14487, and fixes some additional issues: - fix kcm botching unrelated user settings mga3310, bko254430, - do not popup during initialization 0 B Removable media...

7.2CVSS6.3AI score0.00388EPSS
Exploits0References5
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•32 views

Updated net-snmp packages fix CVE-2014-3565

Updated net-snmp packages fix security vulnerabilities: A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected...

5CVSS8.5AI score0.04619EPSS
Exploits1References2
Mageia
Mageia
•added 2014/08/26 11:4 p.m.•32 views

Updated icecream package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The icecream package is built with a bundled copy of minilzo, which is a...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
•added 2014/07/26 12:46 p.m.•32 views

Updated transmission package fixes security vulnerability

Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code CVE-2014-4909...

6.8CVSS7.7AI score0.05406EPSS
Exploits1References1
Mageia
Mageia
•added 2014/07/04 5:51 p.m.•32 views

Updated libxfont packages fix security vulnerabilities

Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges CVE-2014-0209. Ilja van Sprundel discovered that libXfont incorrectly handled...

7.5CVSS8.1AI score0.04362EPSS
Exploits0References3
Mageia
Mageia
•added 2014/06/18 6:5 p.m.•32 views

Updated wireshark packages fix CVE-2014-4020

Updated wireshark packages fix security vulnerabilities: The frame metadissector could crash CVE-2014-4020...

4.3CVSS6.4AI score0.01413EPSS
Exploits1References4
Mageia
Mageia
•added 2014/05/17 12:38 a.m.•32 views

Updated dovecot packages fix security vulnerability

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...

5CVSS6.3AI score0.03331EPSS
Exploits0References4
Mageia
Mageia
•added 2014/04/23 4:16 p.m.•32 views

Updated libmms packages fix CVE-2014-2892

Updated libmms packages fix security vulnerability: The libmms library before 0.6.4 is vulnerable to a buffer overflow in getanswer in src/mmsh.c. It may be triggered via an overly long line of a MMSH MMS over HTTP server response, effectively overflowing the buffer which has a static size...

7.5CVSS6.8AI score0.06147EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/17 8:30 p.m.•32 views

Updated cups-filters packages fix security vulnerability

Updated cups-filters packages fix security vulnerability: Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups- browsed daemon CVE-2014-2707. Note that only systems that have enabled the affected feature by usin...

8.3CVSS7.1AI score0.01174EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/08 9:43 p.m.•32 views

Updated wireshark packages fix multiple vulnerabilies

Updated wireshark packages fix security vulnerabilities: The NFS dissector could crash CVE-2014-2281. The RLC dissector could crash CVE-2014-2283. The MPEG file parser could overflow a buffer CVE-2014-2299...

9.3CVSS6.8AI score0.47422EPSS
Exploits10References6
Mageia
Mageia
•added 2014/03/03 9:37 p.m.•32 views

Updated python-logilab-common packages fix security vulnerabilities

Updated python-logilab-common packages fix security vulnerabilities about temporary file handling CVE-2014-1838 and CVE-2014-1839...

4.4CVSS6.6AI score0.00355EPSS
Exploits0References6
Mageia
Mageia
•added 2014/01/24 9:2 p.m.•32 views

Updated graphviz packages fix security vulnerabilities

Updated graphviz packages fix security vulnerabilities: Multiple buffer overflow vulnerabilities in graphviz due to an error within the "yyerror" function lib/cgraph/scan.l which can be exploited to cause a stack-based buffer overflow via a specially crafted file CVE-2014-0978 and the acceptance ...

10CVSS7.9AI score0.06082EPSS
Exploits2References3
Mageia
Mageia
•added 2013/12/12 10:22 p.m.•32 views

Updated samba package fixes multiple vulnerabilities

Updated samba packages fix security vulnerabilities: Samba before 3.6.22 incorrectly allows login from authenticated users if the requiremembershipof parameter of pamwinbind specifies only invalid group names CVE-2012-6150. It was discovered that multiple buffer overflows in the processing of...

8.3CVSS4.9AI score0.0379EPSS
Exploits1References4
Mageia
Mageia
•added 2013/11/20 8:26 p.m.•32 views

Updated pmake packages fix CVE-2011-1920

Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to bsd.lib.mk and bsd.prog.mk CVE-2011-1920...

3.3CVSS5.4AI score0.00438EPSS
Exploits1References2
Mageia
Mageia
•added 2013/09/13 8:7 p.m.•32 views

Updated php-pear-Auth_OpenID package fixes security vulnerability

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

7.5CVSS4.4AI score0.02997EPSS
Exploits1References2
Mageia
Mageia
•added 2026/05/07 5:6 a.m.•31 views

Updated tcpflow packages fix security vulnerability

tcpflow has TIM Element OOB Write in wifipcap. CVE-2026-25061...

7.5CVSS5.8AI score0.00517EPSS
Exploits1References2
Mageia
Mageia
•added 2025/03/26 3:43 a.m.•31 views

Updated radare2 packages fix security vulnerabilities

Buffer overflow in the HFS parser from grub2. CVE-2024-56737 Out-of-bounds Write in radare2. CVE-2025-1744 Buffer Overflow and Potential Code Execution in Radare2. CVE-2025-1864...

10CVSS8.1AI score0.00721EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/22 5:53 p.m.•31 views

Updated libxslt packages fix security vulnerabilities

xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes CVE-2024-55549. numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValu...

7.8CVSS6.8AI score0.00324EPSS
Exploits4References2
Mageia
Mageia
•added 2025/03/17 4:33 p.m.•31 views

Updated php packages fix security vulnerabilities

Bugs and security with streams have been fixed...

9.8CVSS7.2AI score0.00821EPSS
Exploits2References7
Mageia
Mageia
•added 2025/03/12 7:0 a.m.•31 views

Updated firefox & nss packages fix security vulnerabilities

CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC...

8.1CVSS6.7AI score0.00519EPSS
Exploits1References4
Mageia
Mageia
•added 2025/01/25 9:32 p.m.•31 views

Updated iperf packages fix security vulnerability

It was discovered that iperf 3.17.1 contains a segmentation violation via the iperfexchangeparameters function...

7.5CVSS6.9AI score0.00908EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•31 views

Updated tomcat packages fix security vulnerabilities

Authentication bypass when using Jakarta Authentication API. CVE-2024-52316 Incorrect JSP tag recycling leads to XSS. CVE-2024-52318...

9.8CVSS7.4AI score0.06287EPSS
Exploits2References3
Mageia
Mageia
•added 2024/11/13 6:48 p.m.•31 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk packages fix security vulnerabilities

giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function. CVE-2023-48161 Array indexing integer overflow. CVE-2024-21210 HTTP client improper handling of maxHeaderSize. CVE-2024-21208 Unbounded allocation leads to out-of-memory error. CVE-2024-21217 Integer conversion error lea...

7.1CVSS7.1AI score0.01157EPSS
Exploits1References5
Mageia
Mageia
•added 2024/11/08 10:9 p.m.•31 views

Updated python-urllib3 packages fix security vulnerability

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

6.5CVSS7.3AI score0.01141EPSS
Exploits1References1
Mageia
Mageia
•added 2024/10/14 6:46 p.m.•31 views

Updated thunderbird packages fix security vulnerabilities

The current version has reached EOL and several security vulnerabilities were fixed by Mozilla. We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x8664...

9.8CVSS7.7AI score0.04395EPSS
Exploits1References11
Mageia
Mageia
•added 2024/06/17 5:44 p.m.•31 views

Updated iperf packages fix security vulnerability

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.7AI score0.01107EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/07 5:31 p.m.•31 views

Updated plasma-workspace packages fix security vulnerability

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...

7.8CVSS7.5AI score0.00293EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•31 views

Updated exfatprogs packages fix security vulnerability

exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in readfiledentryset. CVE-2023-45897...

5.5CVSS7.3AI score0.00381EPSS
Exploits1References2
Mageia
Mageia
•added 2024/03/14 7:34 p.m.•31 views

Updated fonttools packages fix security vulnerabilities

As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...

7.5CVSS7.2AI score0.01228EPSS
Exploits1References3
Mageia
Mageia
•added 2024/02/29 5:41 p.m.•31 views

Updated sympa packages fix security vulnerabilities

Sympa 6.2.72 fixes many bugs, including the security one related in CVE-2021-32850 It is required to manually run sympa upgrade after get this update...

6.1CVSS7.3AI score0.00802EPSS
Exploits1References3
Mageia
Mageia
•added 2023/10/23 10:5 p.m.•31 views

Updated libcue packages fix a security vulnerability

Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it is then automatically scanned by tracker-miners. And because it has a .c...

8.8CVSS7.5AI score0.1657EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/13 10:56 p.m.•31 views

Updated libX11 packages fix security vulnerabilities

A vulnerability was found in libX11 due to a boundary condition within the XkbReadKeySyms function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. CVE-2023-43785 A vulnerability was found in libX11 due to an infinite loop within...

7.8CVSS7.7AI score0.00633EPSS
Exploits1References2
Total number of security vulnerabilities5000