Lucene search
K
MageiaMost viewed

6009 matches found

Mageia
Mageia
•added 2025/05/11 4:42 a.m.•30 views

Updated libreoffice packages fix security vulnerability

PDF signature forgery with adbe.pkcs7.sha1 SubFilter. CVE-2025-2866...

5.5CVSS7.4AI score0.00096EPSS
Exploits0References3
Mageia
Mageia
•added 2025/05/08 6:51 p.m.•30 views

Updated thunderbird packages fix security vulnerabilities

Process isolation bypass using "javascript:" URI links in cross-origin frames. CVE-2025-4083 Unsafe attribute access during XPath parsing. CVE-2025-4087 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. CVE-2025-4091 Memory safety bug fixed in...

9.1CVSS8.1AI score0.00419EPSS
Exploits0References3
Mageia
Mageia
•added 2025/03/19 11:44 p.m.•30 views

Updated mosquitto packages fix security vulnerability

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS7.1AI score0.01107EPSS
Exploits0References1
Mageia
Mageia
•added 2025/03/13 6:25 p.m.•30 views

Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS4.7AI score0.00355EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/06 5:56 p.m.•30 views

Updated ffmpeg packages fix security vulnerability

FFmpeg n7.0 is affected by a Double Free via the rkmppretrieveframe function within libavcodec/rkmppdec.c. CVE-2024-35368...

9.8CVSS7.3AI score0.00715EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/27 2:37 a.m.•30 views

Updated mozjs78 packages fix security vulnerabilities

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

9.8CVSS7.4AI score0.01686EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/16 1:32 a.m.•30 views

Updated unbound packages fix security vulnerabilities

NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression ...

5.3CVSS7.2AI score0.00806EPSS
Exploits0References1
Mageia
Mageia
•added 2024/10/14 6:46 p.m.•30 views

Updated firefox firefox-l10n packages fix security vulnerabilities

The updated packages fix a security vulnerability: Use-after-free in Animation timeline. CVE-2024-9680 We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x8664...

9.8CVSS7.1AI score0.32568EPSS
Exploits1References3
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•30 views

Updated tcpreplay package fix security vulnerability

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

7.8CVSS7.2AI score0.00437EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/11 8:42 p.m.•30 views

Updated expat packages fix security vulnerabilities

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

9.8CVSS7.6AI score0.01686EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/15 4:54 p.m.•30 views

Updated tomcat packages fix security vulnerability

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

7.5CVSS7.3AI score0.04602EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/05 4:28 p.m.•30 views

Updated znc packages fix security vulnerability

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. CVE-2024-39844...

9.8CVSS7.8AI score0.03862EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/28 2:41 a.m.•30 views

Updated erofs-utils packages fix security vulnerabilities

Heap Buffer Overflow in the erofsfsckdirentiter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

7.8CVSS7.9AI score0.00815EPSS
Exploits2References2
Mageia
Mageia
•added 2024/06/06 3:48 p.m.•30 views

Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459...

7.5CVSS7.2AI score0.02298EPSS
Exploits1References3
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•30 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. CVE-2024-4317...

4.3CVSS7.3AI score0.00722EPSS
Exploits0References2
Mageia
Mageia
•added 2024/03/13 11:14 p.m.•30 views

Updated screen packages fix security vulnerability

The updated package fixes a security vulnerability: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the...

6.5CVSS6.6AI score0.0054EPSS
Exploits3References2
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•30 views

Updated freeimage packages fix security vulnerability

Buffer Overflow vulnerability leading to denial of service via a crafted JXR file. CVE-2021-33367...

5.5CVSS6.7AI score0.0028EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•30 views

Updated rootcerts packages fix security vulnerability

Set CKANSSSERVERDISTRUSTAFTER and CKANSSEMAILDISTRUSTAFTER for 3 TrustCor Root Certificates. r=KathleenWilson...

2.4AI score
Exploits0References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•30 views

Updated gimp packages fix security vulnerability

An issue in gimplayerinvalidateboundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service DoS. CVE-2022-32990...

5.5CVSS5.1AI score0.00645EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•30 views

Updated osmo packages fix security vulnerability

Phishing website URL removed from package spec file and replaced with new official site link...

2.4AI score
Exploits0References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•30 views

Updated python-django-registration packages fix security vulnerability

Sensitive data could be included in error reports CVE-2021-21416...

3.7CVSS2.1AI score0.0041EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/23 8:36 a.m.•30 views

Updated sphinx packages fix security vulnerability

It was found that sphinx could allow arbitrary files to be read by abusing a configuration option. CVE-2020-29050...

7.5CVSS3AI score0.02166EPSS
Exploits2References4
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•30 views

Updated thunderbird packages fix security vulnerability

Crafted email could trigger an out-of-bounds write. CVE-2022-0566...

8.8CVSS2.4AI score0.00701EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/02 4:49 p.m.•30 views

Updated hivex packages fix security vulnerability

Fixes limit recursion in ri-records. CVE-2021-3622...

4.3CVSS3AI score0.04794EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•30 views

Updated fail2ban packages fix security vulnerability

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...

8.1CVSS3.2AI score0.03621EPSS
Exploits1References4
Mageia
Mageia
•added 2021/09/29 5:22 p.m.•30 views

Updated libgd packages fix security vulnerability

The updated packages fix a security vulnerability: The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks CVE-2021-40812...

6.5CVSS2.4AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•30 views

Updated rvxt-unicode, mxrvt, eterm packages fix security vulnerability

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ESC G Q. A response is terminated by a newline CVE-2021-33477...

8.8CVSS2.7AI score0.04012EPSS
Exploits1References7
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•30 views

Updated exif packages fix a security vulnerability

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service DoS by uploading a malicious JPEG file, causing the application to crash. CVE-2021-27815...

5.5CVSS4.5AI score0.01268EPSS
Exploits1References2
Mageia
Mageia
•added 2021/05/12 9:56 a.m.•30 views

Updated nagios packages fix a security vulnerability

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files CVE-2020-13977...

4.9CVSS5.4AI score0.02726EPSS
Exploits1References2
Mageia
Mageia
•added 2021/01/14 3:13 p.m.•30 views

Updated nvidia390 packages fix security vulnerabilities

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer nvidia.ko IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure CVE‑2021‑1052. NVIDIA GPU Display Driver for...

7.8CVSS3.3AI score0.01777EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/02 9:52 p.m.•30 views

Updated audacity package fixes security vulnerability

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there CVE-2020-11867...

3.3CVSS2.2AI score0.00469EPSS
Exploits0References2
Mageia
Mageia
•added 2020/11/21 12:21 p.m.•30 views

Updated librepo packages fix a security vulnerability

It was discovered that librepo was subject to a directory traversal vulnerability where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal...

8.5CVSS4AI score0.02526EPSS
Exploits0References4
Mageia
Mageia
•added 2020/11/08 2:14 p.m.•30 views

Updated fontforge packages fix a security vulnerability

SFDGetFontMetaData insufficient CVE-2020-5395 backport. CVE-2020-25690...

8.8CVSS2.6AI score0.01343EPSS
Exploits0References2
Mageia
Mageia
•added 2020/08/20 11:30 p.m.•30 views

Updated ngircd package fixes security vulnerability

The Server-Server protocol implementation in ngIRCd before 26rc2 allows an out-of-bounds access, as demonstrated by the IRCNJOIN function. CVE-2020-14148...

7.5CVSS4.3AI score0.02643EPSS
Exploits0References2
Mageia
Mageia
•added 2020/07/31 11:25 p.m.•30 views

Updated cloud-init packages fix security vulnerability

In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function CVE-2020-8631. In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default...

5.5CVSS4AI score0.00438EPSS
Exploits0References2
Mageia
Mageia
•added 2020/06/10 10:26 p.m.•30 views

Updated python-typed-ast packages fix security vulnerability

Updated python-typed-ast package fixes security vulnerabilities: typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process...

7.5CVSS4.6AI score0.03255EPSS
Exploits0References2
Mageia
Mageia
•added 2020/05/24 6:4 p.m.•30 views

Updated libntlm packages fix security vulnerability

Updated libntlm packages fix security vulnerability: It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in...

9.8CVSS2.3AI score0.03107EPSS
Exploits1References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks CVE-2019-19783...

6.5CVSS1.7AI score0.01655EPSS
Exploits0References7
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated libdwarf packages fix security vulnerability

Updated libdwarf packages fix security vulnerability: dwarfelfloadheaders.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service division by zero via an ELF file with a zero-size section group SHTGROUP, as demonstrated by dwarfdump CVE-2019-14249...

6.5CVSS5.8AI score0.0273EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated libextractor packages fix security vulnerability

Updated libextractor packages fix security vulnerability: GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTORdviextractmethod in plugins/dviextractor.c CVE-2019-15531...

6.5CVSS3.1AI score0.01696EPSS
Exploits0References2
Mageia
Mageia
•added 2020/01/05 3:37 p.m.•30 views

Updated freeimage packages fix security vulnerabilities

The updated packages fix security vulnerabilities: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow...

7.5CVSS1.6AI score0.0421EPSS
Exploits2References3
Mageia
Mageia
•added 2019/12/06 2:15 p.m.•30 views

Updated libcryptopp packages fix security vulnerability

The updated packages fix a security vulnerability: Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The iss...

5.9CVSS0.9AI score0.03245EPSS
Exploits1References2
Mageia
Mageia
•added 2019/07/25 7:53 p.m.•30 views

Updated vlc packages fix security vulnerability

VLC 3.0.7 has been released on June 6 including security fixes...

7.1CVSS2.3AI score0.01153EPSS
Exploits1References2
Mageia
Mageia
•added 2019/05/12 9:35 a.m.•30 views

Updated tcpreplay packages fixes security vulnerabilities

Updated tcpreplay package fixes security vulnerabilities: An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function getlayer4v6 located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause...

7.8CVSS4.3AI score0.01317EPSS
Exploits3References2
Mageia
Mageia
•added 2019/04/05 6:12 p.m.•30 views

Updated gnutls packages fix security vulnerability

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVE-2019-3829...

7.5CVSS3.7AI score0.58969EPSS
Exploits1References4
Mageia
Mageia
•added 2019/02/14 8:38 a.m.•30 views

Updated mad packages fix security vulnerability

The maddecoderrun function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file CVE-2017-11552. The maddecoderrun function in decoder.c in Underbit libmad through 0.15.1b allows attackers to cause a denial of service SIGABRT...

9.8CVSS6.1AI score0.0656EPSS
Exploits4References2
Mageia
Mageia
•added 2019/01/08 9:50 p.m.•30 views

Updated discount packages fix security vulnerabilities

The mkdtrimline function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted file CVE-2018-11468. DISCOUNT through version 2.2.3a is vulnerable to a Heap-based buffer-overflow in the markdown.c:isfootnote...

5.5CVSS6.2AI score0.01785EPSS
Exploits2References2
Mageia
Mageia
•added 2018/12/15 9:29 p.m.•30 views

Updated libwpd packages fix security vulnerability

It was discovered there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack CVE-2018-19208...

6.5CVSS3.1AI score0.01488EPSS
Exploits1References3
Mageia
Mageia
•added 2018/11/28 8:50 p.m.•30 views

Updated icecast packages fix security vulnerability

Buffer overflows in URL auth code if there is a "mount" definition that enables URL authentication. A malicious client could send long HTTP headers, leading to a buffer overflow and potential remote code execution CVE-2018-18820...

8.1CVSS4.8AI score0.48944EPSS
Exploits0References2
Mageia
Mageia
•added 2018/08/17 10:27 p.m.•30 views

Updated openslp packages fix security vulnerability

Updated openslp packages fix security vulnerability: OpenSLP is vulnerable to a double freeing of memory that causes a crash in the slpbuffer:SLPBufferRealloc function, which makes it vulnerable to a denial-of-service or remote code execution attack CVE-2017-17833...

9.8CVSS2.8AI score0.0389EPSS
Exploits0References2
Total number of security vulnerabilities5000