Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2022/05/17 9:19 a.m.•76 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 101.0.4951.64 version, fixing many bugs and 13 CVE. Some of them are listed below: 1316990 High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 1314908 High CVE-2022-1634: Use after free in Browser UI...

8.8CVSS0.1AI score0.00776EPSS
Exploits1References2
Mageia
Mageia
•added 2022/02/01 3:26 p.m.•76 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.18 and fixes at least the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system ...

7.8CVSS2AI score0.02579EPSS
Exploits5References6
Mageia
Mageia
•added 2021/06/28 10:51 p.m.•76 views

Updated java-openjdk packages fix security vulnerabilities

For java-1.8.0 Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing -...

5.9CVSS6.4AI score0.03566EPSS
Exploits0References5
Mageia
Mageia
•added 2019/11/07 11:36 p.m.•76 views

Updated python packages fix security vulnerabilities

Updated python and python3 packages fix security vulnerabilities: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to...

9.8CVSS1.2AI score0.11844EPSS
Exploits4References5
Mageia
Mageia
•added 2019/09/15 1:24 p.m.•76 views

Updated nodejs packages fix security vulnerabilities

This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...

8.8CVSS1.9AI score0.41288EPSS
Exploits0References21
Mageia
Mageia
•added 2018/10/30 6:1 p.m.•76 views

Updated unzip packages fix security vulnerabilities

Updated unzip packages fix security vulnerabilities Heap-based out-of-bounds write CVE-2018-1000031. Heap/BSS-based buffer overflow Bypass of CVE-2015-1315 CVE-2018-1000032. Heap out-of-bounds access in efscanforstream CVE-2018-1000033. Multiple vulnerabilities in the LZMA compression algorithm...

9.1CVSS8.6AI score0.30469EPSS
Exploits2References2
Mageia
Mageia
•added 2018/08/10 2:37 p.m.•76 views

Updated libjpeg packages fix security vulnerabilities

Updated libjpeg package fixes security vulnerabilities: It was found that libjpeg is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image CVE-2018-1152. It was found that libjpeg had a defect where, due to a mishandled EOF, a specially...

7.5CVSS2AI score0.03445EPSS
Exploits0References3
Mageia
Mageia
•added 2018/07/25 8:24 a.m.•76 views

Updated microcode packages fix security vulnerability

This microcode update provides the first set of fixes for Speculative Store Bypass SSBD, Spectre v4, CVE-2018-3639 and Rogue System Register Read RSRE, Spectre v3a, CVE-2018-3640 for Intel Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/...

5.6CVSS2.3AI score0.60631EPSS
Exploits2References1
Mageia
Mageia
•added 2018/01/13 2:28 p.m.•76 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

7.4CVSS7.4AI score0.93838EPSS
Exploits13References9
Mageia
Mageia
•added 2017/10/30 7:23 p.m.•76 views

Updated exiv2 packages fix security vulnerabilities & bugs

Opening an image created on certain pentax cameras with gwenview, which uses the exiv2 library, causes gwenview to segfault. Exiv2 upstream created a patch to resolve this problem bugfix - applies only to mga6. The following security issues were also fixed: Heap overflow in...

8.8CVSS2.1AI score0.03098EPSS
Exploits8References3
Mageia
Mageia
•added 2017/08/23 3:43 p.m.•76 views

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to cod...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2016/08/31 3:32 p.m.•76 views

Updated kernel-linus packages fix security vulnerabilities

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

7.8CVSS4.4AI score0.05676EPSS
Exploits13References4
Mageia
Mageia
•added 2013/07/16 7:32 a.m.•76 views

Updated kernel-linus package fixes security issues

This kernel update provides the upstream 3.4.52 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a...

7.9CVSS5.1AI score0.07313EPSS
Exploits2References8
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•75 views

Updated sqlite packages fix security vulnerability

osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impact by leveraging use of the current working directory for...

7.5CVSS7AI score0.08186EPSS
Exploits0References2
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•75 views

Updated dropbear packages fix security vulnerability

Updated dropbear package fixes a security vulnerability in dbclient:. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measure...

7.5CVSS2.4AI score0.01348EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•75 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.119 version, fixing many bugs and 6 vulnerabilities. Some of the security fixes are: High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang @eternalsakura13 and Yong Liu of 360 Vulnerability...

8.8CVSS1.3AI score0.00683EPSS
Exploits0References3
Mageia
Mageia
•added 2022/09/26 6:22 a.m.•75 views

Updated webkit2 packages fix security vulnerability

A buffer overflow issue which may lead to arbitrary code execution was addressed with improved memory handling. CVE-2022-32886 Visiting a website that frames malicious content may lead to UI spoofing. he issue was addressed with improved UI handling. CVE-2022-32891 A buffer overflow issue which m...

8.8CVSS8.3AI score0.01413EPSS
Exploits0References3
Mageia
Mageia
•added 2022/06/18 9:30 p.m.•75 views

Updated dnsmasq packages fix security vulnerability

A write after free has been discovered in DHCPv6 code. A special request could be crafted to modify already freed memory. CVE-2022-0934...

7.5CVSS2.8AI score0.01487EPSS
Exploits0References2
Mageia
Mageia
•added 2022/01/25 12:13 p.m.•75 views

Updated python-numpy packages fix security vulnerability

Buffer overflow that could lead to DoS in PyArrayNewFromDescrint function of ctors.c bsc1193913. CVE-2021-33430 Buffer overflow that could lead to DoS in arrayfrompyobj function of fortranobject.c bsc1193907. CVE-2021-41496...

5.5CVSS3AI score0.01074EPSS
Exploits2References2
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•75 views

Updated libgda5.0 packages fix security vulnerability

Fix missing TLS certificate verification. CVE-2021-39359...

5.9CVSS2AI score0.01102EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/25 2:45 p.m.•75 views

Updated xstream packages fix security vulnerabilities

In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream CVE-2021-21341...

9.9CVSS4.1AI score0.82136EPSS
Exploits11References5
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•75 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

5.5CVSS6.1AI score0.00922EPSS
Exploits4References2
Mageia
Mageia
•added 2020/08/30 6:45 p.m.•75 views

Updated kernel and kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in trymergefreespace ...

7.8CVSS6.5AI score0.02143EPSS
Exploits1References9
Mageia
Mageia
•added 2020/03/06 4:13 p.m.•75 views

Updated firejail packages fix security vulnerabilities

Updated firejail package fixes security vulnerabilities: Firejail before 0.9.60 allows truncation resizing to length 0 of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The...

9.3CVSS0.8AI score0.02033EPSS
Exploits1References2
Mageia
Mageia
•added 2020/02/29 1:42 p.m.•75 views

Updated rsync packages fix security vulnerabilities

Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-9840, CVE-2016-9841 It was...

9.8CVSS4.6AI score0.07489EPSS
Exploits0References1
Mageia
Mageia
•added 2018/01/02 11:48 a.m.•75 views

Updated iceape packages fix security vulnerabilities

Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.48 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...

10CVSS2.6AI score0.18756EPSS
Exploits68References8
Mageia
Mageia
•added 2014/08/18 9:14 a.m.•75 views

Updated kernel-tmb package fixes security vulnerabilities

Updated kernel-tmb provides upstream 3.12.26 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value CVE-2014-020...

7.8CVSS7.1AI score0.37233EPSS
Exploits22References7
Mageia
Mageia
•added 2014/07/29 9:30 p.m.•75 views

Updated apache package fixes security vulnerabilities

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

6.8CVSS7.4AI score0.85744EPSS
Exploits5References3
Mageia
Mageia
•added 2014/04/15 6:22 p.m.•75 views

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.6.1, a 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an...

7.5CVSS8.3AI score0.1639EPSS
Exploits3References5
Mageia
Mageia
•added 2025/01/27 8:20 p.m.•74 views

Updated virtualbox, kmod-virtualbox packages fix security vulnerabilities

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

7.3CVSS6.8AI score0.00292EPSS
Exploits0References3
Mageia
Mageia
•added 2024/02/17 12:55 a.m.•74 views

Updated unbound packages fix security vulnerabilities

Unbound is updated to version 1.9.1 to fix security issues CVE-2023-50387 and CVE-2023-50868...

7.5CVSS7.5AI score0.99995EPSS
Exploits1References3
Mageia
Mageia
•added 2024/01/25 11:21 a.m.•74 views

Updated avahi packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 A vulnerability was found in Avahi. A reachable assertion exists in the avahiescapelabel function. CVE-2023-38470 A vulnerability...

6.2CVSS6.9AI score0.00314EPSS
Exploits0References1
Mageia
Mageia
•added 2023/11/29 10:29 p.m.•74 views

Updated kernel-linus packages fix security vulnerabilities

This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue ma...

9.8CVSS9.1AI score0.09141EPSS
Exploits3References13
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•74 views

Updated nodejs packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References4
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•74 views

Updated libcap packages fix security vulnerability

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory. CVE-2023-2602 A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and...

7.8CVSS7.1AI score0.00574EPSS
Exploits2References5
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•74 views

Updated git packages fix security vulnerability

Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links, the objects directory itself may still be a symbolic link. The...

7.5CVSS6.8AI score0.01144EPSS
Exploits3References3
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•74 views

Updated thunderbird packages fix security vulnerability

User Interface lockup with messages combining S/MIME and OpenPGP. CVE-2023-0616 Content security policy leak in violation reports using iframes. CVE-2023-25728 Screen hijack via browser fullscreen mode. CVE-2023-25730 Arbitrary memory write via PKCS 12 in NSS. CVE-2023-0767 Potential use-after-fr...

8.8CVSS2.1AI score0.00817EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•74 views

Updated webkit2 packages fix security vulnerability

The updated packages fix security vulnerabilities and other issues. See references for details...

8.8CVSS7.8AI score0.34574EPSS
Exploits2References3
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•74 views

Updated krb5 packages fix security vulnerability

Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution in a KDC, kadmin, or GSS or Kerberos application server process, information exposure to a cross-realm KDC acting maliciously, or denial of servi...

8.8CVSS4.5AI score0.06419EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/22 7:8 a.m.•74 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.52 and fixes at least the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root CVE-2021-3609. A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP...

7.8CVSS7AI score0.09729EPSS
Exploits7References7
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•74 views

Updated python-pygments packages fix a security vulnerability

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

7.5CVSS4.2AI score0.03832EPSS
Exploits1References2
Mageia
Mageia
•added 2020/10/21 1:7 p.m.•74 views

Updated kernel packages fix security vulnerabilities

A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP...

8.8CVSS8.9AI score0.07693EPSS
Exploits9References14
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•74 views

Updated java-1.8.0-openjdk packages fix security vulnerability

Bypass of boundary checks in nio.Buffer via concurrent access. CVE-2020-14583 Incomplete bounds checks in Affine Transformations. CVE-2020-14593 Incorrect handling of access control context in ForkJoinPool. CVE-2020-14556 Unexpected exception raised by DerInputStream. CVE-2020-14578 Unexpected...

8.3CVSS1.4AI score0.04315EPSS
Exploits0References3
Mageia
Mageia
•added 2020/01/28 7:52 a.m.•74 views

Updated c3p0 packages fix security vulnerabilities

An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 CVE-2018-20433. c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading...

9.8CVSS3.9AI score0.04882EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•74 views

Updated python-ecdsa packages fix security vulnerabilities

Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service CVE-2019-14853. It was...

9.1CVSS2.2AI score0.02505EPSS
Exploits1References2
Mageia
Mageia
•added 2019/05/30 9:1 a.m.•74 views

Updated kernel packages fix security vulnerabilities

This kernel update provides the upstream 4.14.121. It adds additional fixes to the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities. It also fixes the following security issues: A flaw was found in the Linux kernel's freescale...

7.8CVSS6.6AI score0.00645EPSS
Exploits0References4
Mageia
Mageia
•added 2018/05/31 8:34 p.m.•74 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.44 and fixes at least the following security issues: The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial...

8CVSS7.1AI score0.60631EPSS
Exploits21References27
Mageia
Mageia
•added 2017/10/24 8:9 p.m.•74 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

7.1CVSS0.9AI score0.01155EPSS
Exploits4References5
Mageia
Mageia
•added 2017/05/26 6:54 a.m.•74 views

Updated perl-CGI-Emulate-PSGI packages fix security vulnerability

This update removes the setting of the HTTPPROXY environment value. This works around the httproxy vulnerability aka CVE-2016-5387...

8.1CVSS0.8AI score0.55724EPSS
Exploits0References2
Mageia
Mageia
•added 2015/02/19 2:43 p.m.•74 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a...

10CVSS7.5AI score0.09828EPSS
Exploits15References10
Total number of security vulnerabilities5000