Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
•added 2015/02/05 10:26 p.m.•31 views

Updated vorbis-tools package fixes security vulnerability

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted raw file CVE-2014-9640...

5CVSS5.5AI score0.03243EPSS
Exploits0References2
Mageia
Mageia
•added 2015/01/20 2:57 p.m.•31 views

Updated elfutils packages fix CVE-2014-9447

Updated elfutils packages fix security vulnerability: Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

6.4CVSS6.5AI score0.05018EPSS
Exploits0References2
Mageia
Mageia
•added 2014/12/01 5:57 p.m.•31 views

Updated gnome-shell and gnome-settings-daemon packages fix security vulnerability

The lock screen in gnome-shell does not disable taking screenshots via the Print Screen key, and several consecutive screenshot requests can trigger an out-of-memory situation, causing the lock screen to be killed, thus allowing it to be bypassed CVE-2014-7300...

7.2CVSS6.4AI score0.00473EPSS
Exploits0References3
Mageia
Mageia
•added 2014/11/29 8:46 p.m.•31 views

Updated geary package fixes security vulnerability

Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate CVE-2014-5444...

4.3CVSS6.2AI score0.01093EPSS
Exploits0References2
Mageia
Mageia
•added 2014/09/05 9:7 a.m.•31 views

Updated graphicsmagick packages fix CVE-2014-1947

Updated graphicsmagick packages fix security vulnerability: A buffer overflow flaw was found in the way GraphicsMagick writes PSD images when the input data has a large number of layers. Due to the compilation options used in Mageia, the buffer overflow is reduced to a crash, making this a denial...

7.8CVSS7.8AI score0.07024EPSS
Exploits5References2
Mageia
Mageia
•added 2014/07/04 5:57 p.m.•31 views

Updated samba packages fix multiple vulnerabilities

Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled CVE-2014-0178. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial...

3.5CVSS8.9AI score0.20481EPSS
Exploits0References5
Mageia
Mageia
•added 2014/06/06 6:8 a.m.•31 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...

2.6CVSS5.9AI score0.02097EPSS
Exploits0References4
Mageia
Mageia
•added 2014/05/29 6:58 a.m.•31 views

Updated cifs-utils packages fix CVE-2014-2830

Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c CVE-2014-2830...

10CVSS6.8AI score0.05178EPSS
Exploits1References2
Mageia
Mageia
•added 2014/04/28 6:16 p.m.•31 views

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action CVE-2014-2853...

4.3CVSS8.7AI score0.02397EPSS
Exploits0References3
Mageia
Mageia
•added 2014/03/31 7:44 p.m.•31 views

Updated 389-ds-base package fixes security vulnerability

It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This...

6.5CVSS6.6AI score0.0219EPSS
Exploits2References2
Mageia
Mageia
•added 2014/03/31 7:40 p.m.•31 views

Updated stunnel package fixes security vulnerability

A flaw was found in the way stunnel, a socket wrapper which can provide SSL support to ordinary applications, performed reinitialization of PRNG after fork. When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset...

4.3CVSS7.2AI score0.02155EPSS
Exploits1References2
Mageia
Mageia
•added 2014/03/12 4:18 p.m.•31 views

Updated imapsync packages fix an information disclosure

Updated imapsync package fixes security vulnerability: Imapsync, by default, runs a "release check" when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl CVE-2013-4279. The imapsync package...

5CVSS1.4AI score0.01803EPSS
Exploits1References2
Mageia
Mageia
•added 2014/02/16 12:49 p.m.•31 views

Updated socat package fixes security vulnerability

Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name in the documentation in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the...

1.9CVSS6.5AI score0.00404EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/21 4:17 p.m.•31 views

Updated libxfont packages fix security vulnerability

Updated libxfont packages fix security vulnerability: It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts BDF could result in the execution of arbitrary code CVE-2013-6462...

9.3CVSS3.7AI score0.10254EPSS
Exploits1References3
Mageia
Mageia
•added 2013/11/22 7:9 p.m.•31 views

Updated wireshark packages fix multiple vulnerabilities

Updated wireshark packages fix security vulnerabilities: The IEEE 802.15.4 dissector could crash CVE-2013-6336. The NBAP dissector could crash CVE-2013-6337. The SIP dissector could crash CVE-2013-6338. The OpenWire dissector could go into a large loop CVE-2013-6339. The TCP dissector could crash...

4.3CVSS1.2AI score0.01987EPSS
Exploits2References8
Mageia
Mageia
•added 2013/11/09 6:58 p.m.•31 views

Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation CVE-2013-2925. cloudfuzzer discovered a use-after-free issue in the list indenting implementation CVE-2013-2926. cloudfuzzer...

7.5CVSS0.7AI score0.01647EPSS
Exploits0References4
Mageia
Mageia
•added 2013/10/25 8:53 p.m.•31 views

Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

5.8CVSS4AI score0.0243EPSS
Exploits0References1
Mageia
Mageia
•added 2013/10/17 7:3 p.m.•31 views

Updated torque packages fix CVE-2013-4319

Updated torque package fixes security vulnerability: A non-priviledged user who was able to run jobs or login to a node which ran pbsserver or pbsmom, could submit arbitrary jobs to a pbsmom daemon to queue and run the job, which would run as root CVE-2013-4319...

9CVSS2.4AI score0.02915EPSS
Exploits0References3
Mageia
Mageia
•added 2013/10/09 10:39 p.m.•31 views

Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities: It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of servi...

4.3CVSS1.7AI score0.02059EPSS
Exploits1References2
Mageia
Mageia
•added 2013/09/13 8:14 p.m.•31 views

Updated subversion package fixes security vulnerability.

svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destination could be replaced by a...

3.3CVSS4.3AI score0.00688EPSS
Exploits0References3
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•31 views

Updated sssd packages fix security vulnerability

A TOCTOU time-of-check time-of-use race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of user directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd...

3.7CVSS2.3AI score0.00366EPSS
Exploits0References3
Mageia
Mageia
•added 2013/06/06 12:24 p.m.•31 views

Updated libraw packages fix security vulnerability

A double-free error exits when handling damaged full-color within Foveon and sRAW files in libraw before 0.15.2 CVE-2013-2126...

7.5CVSS0.8AI score0.04412EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/18 2:47 a.m.•30 views

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

9.1CVSS6.9AI score0.04409EPSS
Exploits2References10
Mageia
Mageia
•added 2025/11/13 11:37 p.m.•30 views

Updated ruby packages fix security vulnerabilities

Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...

7.5CVSS7.2AI score0.00784EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/16 7:44 p.m.•30 views

Updated dropbear packages fix security vulnerability

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

4.5CVSS7.5AI score0.00581EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/08 6:51 p.m.•30 views

Updated thunderbird packages fix security vulnerabilities

Process isolation bypass using "javascript:" URI links in cross-origin frames. CVE-2025-4083 Unsafe attribute access during XPath parsing. CVE-2025-4087 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. CVE-2025-4091 Memory safety bug fixed in...

9.1CVSS8.1AI score0.00419EPSS
Exploits0References3
Mageia
Mageia
•added 2025/03/27 4:14 p.m.•30 views

Updated chromium-browser-stable packages fix security vulnerability

Use after free in Lens. CVE-2025-2476...

8.8CVSS7.4AI score0.00791EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/13 6:25 p.m.•30 views

Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS4.7AI score0.00355EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/06 5:56 p.m.•30 views

Updated ffmpeg packages fix security vulnerability

FFmpeg n7.0 is affected by a Double Free via the rkmppretrieveframe function within libavcodec/rkmppdec.c. CVE-2024-35368...

9.8CVSS7.3AI score0.00715EPSS
Exploits0References2
Mageia
Mageia
•added 2024/12/17 7:42 p.m.•30 views

Updated socat packages fix security vulnerability

CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh...

9.8CVSS7.1AI score0.00794EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/14 6:46 p.m.•30 views

Updated firefox firefox-l10n packages fix security vulnerabilities

The updated packages fix a security vulnerability: Use-after-free in Animation timeline. CVE-2024-9680 We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x8664...

9.8CVSS7.1AI score0.32568EPSS
Exploits1References3
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•30 views

Updated tcpreplay package fix security vulnerability

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

7.8CVSS7.2AI score0.00437EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/11 8:42 p.m.•30 views

Updated expat packages fix security vulnerabilities

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

9.8CVSS7.6AI score0.01686EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/15 4:54 p.m.•30 views

Updated tomcat packages fix security vulnerability

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

7.5CVSS7.3AI score0.04602EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/05 4:28 p.m.•30 views

Updated znc packages fix security vulnerability

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. CVE-2024-39844...

9.8CVSS7.8AI score0.03862EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/28 2:41 a.m.•30 views

Updated erofs-utils packages fix security vulnerabilities

Heap Buffer Overflow in the erofsfsckdirentiter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

7.8CVSS7.9AI score0.00815EPSS
Exploits2References2
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•30 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. CVE-2024-4317...

4.3CVSS7.3AI score0.00722EPSS
Exploits0References2
Mageia
Mageia
•added 2024/03/13 11:14 p.m.•30 views

Updated screen packages fix security vulnerability

The updated package fixes a security vulnerability: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the...

6.5CVSS6.6AI score0.0054EPSS
Exploits3References2
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•30 views

Updated connman packages fix security vulnerability

client.c in gdhcp in ConnMan could be used by network-adjacent attackers operating a crafted DHCP server to cause a stack-based buffer overflow and denial of service, terminating the connman process. CVE-2023-28488...

6.5CVSS7.2AI score0.00964EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•30 views

Updated freeimage packages fix security vulnerability

Buffer Overflow vulnerability leading to denial of service via a crafted JXR file. CVE-2021-33367...

5.5CVSS6.7AI score0.0028EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•30 views

Updated rootcerts packages fix security vulnerability

Set CKANSSSERVERDISTRUSTAFTER and CKANSSEMAILDISTRUSTAFTER for 3 TrustCor Root Certificates. r=KathleenWilson...

2.4AI score
Exploits0References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•30 views

Updated gimp packages fix security vulnerability

An issue in gimplayerinvalidateboundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service DoS. CVE-2022-32990...

5.5CVSS5.1AI score0.00645EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•30 views

Updated osmo packages fix security vulnerability

Phishing website URL removed from package spec file and replaced with new official site link...

2.4AI score
Exploits0References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•30 views

Updated python-django-registration packages fix security vulnerability

Sensitive data could be included in error reports CVE-2021-21416...

3.7CVSS2.1AI score0.0041EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/23 8:36 a.m.•30 views

Updated sphinx packages fix security vulnerability

It was found that sphinx could allow arbitrary files to be read by abusing a configuration option. CVE-2020-29050...

7.5CVSS3AI score0.02166EPSS
Exploits2References4
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•30 views

Updated thunderbird packages fix security vulnerability

Crafted email could trigger an out-of-bounds write. CVE-2022-0566...

8.8CVSS2.4AI score0.00701EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•30 views

Updated toxcore packages fix security vulnerability

stack-based buffer overflow in handlerequest in DHT.c CVE-2021-44847...

9.8CVSS3.8AI score0.03954EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/02 4:49 p.m.•30 views

Updated hivex packages fix security vulnerability

Fixes limit recursion in ri-records. CVE-2021-3622...

4.3CVSS3AI score0.04794EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•30 views

Updated fail2ban packages fix security vulnerability

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...

8.1CVSS3.2AI score0.03621EPSS
Exploits1References4
Mageia
Mageia
•added 2021/09/29 5:22 p.m.•30 views

Updated libgd packages fix security vulnerability

The updated packages fix a security vulnerability: The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks CVE-2021-40812...

6.5CVSS2.4AI score0.01659EPSS
Exploits0References2
Total number of security vulnerabilities5000