Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2015/11/02 8:21 p.m.29 views

Updated openafs packages fix security vulnerabilities

Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...

5CVSS6.3AI score0.02133EPSS
Exploits0References6
Mageia
Mageia
added 2015/08/10 2:31 p.m.29 views

Updated libunwind package fixes security vulnerability

An invalid DWOPbregXX opcodes can access dwarftounwregnummap one item past the end CVE-2015-3239...

3.3CVSS6.5AI score0.00498EPSS
Exploits1References2
Mageia
Mageia
added 2015/07/01 12:40 p.m.29 views

Updated python-tornado package fixes security vulnerability

Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...

6.5CVSS6.4AI score0.02489EPSS
Exploits0References3
Mageia
Mageia
added 2015/04/04 10:45 a.m.29 views

Updated novnc packages fix CVE-2013-7436

Updated novnc package fixes security vulnerability: noVNC before 0.5.1 allows an attacker to steal insecurely set session token cookies, hijacking active or inactive VNC sessions CVE-2013-7436...

4.3CVSS3AI score0.02183EPSS
Exploits0References2
Mageia
Mageia
added 2015/02/26 8:26 a.m.29 views

Updated sympa packages fix CVE-2015-1306

Updated sympa packages fix security vulnerability: A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Symp...

6.4AI score
Exploits0References3
Mageia
Mageia
added 2014/12/19 3:6 p.m.29 views

Updated c-icap packages fix security vulnerabilities

Several vulnerabilities were found in c-icap, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts CVE-2013-7401, CVE-2013-7402...

5CVSS4.9AI score0.02817EPSS
Exploits1References3
Mageia
Mageia
added 2014/11/21 12:44 p.m.29 views

Updated php-smarty packages fix security vulnerability

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template CVE-2014-8350...

7.5CVSS7.3AI score0.03127EPSS
Exploits1References2
Mageia
Mageia
added 2014/11/02 1:14 p.m.29 views

Updated pulseaudio package fixes RTP remote crash vulnerability

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the...

2.9CVSS6.4AI score0.01457EPSS
Exploits1References1
Mageia
Mageia
added 2014/10/07 9:22 a.m.29 views

Updated mediawiki packages fix security vulnerbilities

Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...

4.3CVSS8.9AI score0.01983EPSS
Exploits0References5
Mageia
Mageia
added 2014/09/07 9:56 a.m.29 views

Updated procmail packages fix CVE-2014-3618

Updated procmail package fixes security vulnerability: A heap-based buffer overflow was reported in procmail's formail utility when parsing addresses with unbalanced quotes CVE-2014-3618...

7.5CVSS8.3AI score0.08525EPSS
Exploits1References2
Mageia
Mageia
added 2014/08/25 8:44 a.m.32 views

Updated busybox packages fix CVE-2014-4607

Updated busybox packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. Busybox bundles part ...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Mageia
Mageia
added 2014/08/25 8:44 a.m.29 views

Updated mednafen packages fix CVE-2014-4607

The bundled version of minilzo.c in the mednafen package has been updated to version 2.08 to fix the following security vulnerability: An integer overflow in minilzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References4
Mageia
Mageia
added 2014/05/30 7:50 a.m.29 views

Updated libgadu package fixes CVE-2014-3775

Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, o...

7.5CVSS7.6AI score0.0378EPSS
Exploits0References3
Mageia
Mageia
added 2014/05/30 7:47 a.m.29 views

Updated mumble packages fix two security vulnervabilitites

Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...

5CVSS6AI score0.02521EPSS
Exploits1References4
Mageia
Mageia
added 2014/04/04 10:58 a.m.29 views

Updated a2ps packages fix CVE-2014-0466

Updated a2ps packages fix security vulnerability: Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges...

6.8CVSS7.7AI score0.02344EPSS
Exploits1References2
Mageia
Mageia
added 2013/12/06 10:2 p.m.29 views

Updated pixman package fixes security vulnerability

Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash CVE-2013-6425...

5CVSS3.7AI score0.0288EPSS
Exploits0References4
Mageia
Mageia
added 2013/10/17 6:49 p.m.29 views

Updated nmap package fixes CVE-2013-4885

Updated nmap packages fix security vulnerability: It is possible to write arbitrary files to a remote system, through a specially crafted server response for NMAP http-domino-enum-passwords.nse script from nmap before 6.40 CVE-2013-4885...

6.8CVSS2.6AI score0.07217EPSS
Exploits2References3
Mageia
Mageia
added 2013/09/13 8:29 p.m.29 views

Updated chromium-browser-stable package fix security vulnerabilities

The chrome 29 development team found various issues from internal fuzzing audits, and other studies CVE-2013-2887. Krystian Bigaj discovered a file handling path sanitization issue CVE-2013-2900. Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer...

7.5CVSS1.2AI score0.01627EPSS
Exploits0References4
Mageia
Mageia
added 2013/08/22 6:20 p.m.29 views

Updated libtiff packagess fix multiple security vulnerabilities

Updated libtiff packages fix security vulnerabilities: Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote...

6.8CVSS3.8AI score0.07399EPSS
Exploits0References2
Mageia
Mageia
added 2013/08/11 12:20 p.m.29 views

Updated xymon package fixes security vulnerability.

A security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymondrrd". File deletion is done with the privileges of the user that Xymon is running with, s...

5CVSS2.2AI score0.02829EPSS
Exploits0References2
Mageia
Mageia
added 2013/07/09 6:39 p.m.29 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.297 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a heap buffer overflow vulnerability that could...

10CVSS2.9AI score0.08031EPSS
Exploits1References2
Mageia
Mageia
added 2025/05/05 4:57 a.m.28 views

Updated apache-mod_auth_openidc packages fix security vulnerability

modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. CVE-2025-31492...

8.2CVSS6.7AI score0.00542EPSS
Exploits0References5
Mageia
Mageia
added 2025/04/05 6:46 p.m.28 views

Updated corosync packages fix security vulnerability

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...

9.8CVSS7.8AI score0.00433EPSS
Exploits1References2
Mageia
Mageia
added 2025/03/26 3:43 a.m.28 views

Updated ffmpeg packages fix security vulnerability

FFmpeg NULL Pointer Dereference. CVE-2024-12361...

7.3AI score
Exploits0References2
Mageia
Mageia
added 2025/03/21 12:32 a.m.28 views

Updated freerdp packages fix security vulnerabilities

FreeRDP rdpwritelogoninfov1 NULL access. CVE-2024-32661...

7.5CVSS7.7AI score0.01224EPSS
Exploits0References2
Mageia
Mageia
added 2025/03/06 5:56 p.m.28 views

Updated vim packages fix security vulnerability

Potential code execution with tar.vim and special crafted tar files...

7.1CVSS7.9AI score0.20775EPSS
Exploits0References2
Mageia
Mageia
added 2025/02/08 2:23 a.m.28 views

Updated libtasn1 packages fix security vulnerability

When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

5.3CVSS7.3AI score0.01025EPSS
Exploits0References2
Mageia
Mageia
added 2025/02/03 7:58 p.m.28 views

Updated redis packages fix security vulnerabilities

Redis' Lua library commands may lead to remote code execution. CVE-2024-46981 Redis allows denial-of-service due to malformed ACL selectors. CVE-2024-51741...

9.8CVSS8AI score0.07802EPSS
Exploits2References3
Mageia
Mageia
added 2025/01/22 3:19 a.m.28 views

Updated rsync packages fix security vulnerabilities

Heap buffer overflow in rsync due to improper checksum length handling. CVE-2024-12084 Info leak via uninitialized stack contents. CVE-2024-12085 Rsync server leaks arbitrary client files. CVE-2024-12086 Path traversal vulnerability in rsync. CVE-2024-12087 Rsync --safe-links option bypass leads ...

9.8CVSS7.6AI score0.72059EPSS
Exploits8References5
Mageia
Mageia
added 2025/01/12 6:41 a.m.28 views

Updated avahi packages fix security vulnerabilities

Avahi wide-area dns uses constant source port. CVE-2024-52615 Avahi wide-area dns predictable transaction ids. CVE-2024-52616...

5.3CVSS6.9AI score0.00681EPSS
Exploits0References2
Mageia
Mageia
added 2024/12/02 5:17 p.m.28 views

Updated krb5 packages fix security vulnerability

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...

9CVSS7.1AI score0.14859EPSS
Exploits2References2
Mageia
Mageia
added 2024/11/06 7:57 p.m.28 views

Updated libarchive packages fix security vulnerabilities

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a...

7.8CVSS6.8AI score0.00551EPSS
Exploits2References1
Mageia
Mageia
added 2024/10/04 5:27 a.m.28 views

Updated hostapd & wpa_supplicant packages fix security vulnerability

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive th...

7.4CVSS7.2AI score0.00716EPSS
Exploits0References2
Mageia
Mageia
added 2024/09/27 1:30 a.m.28 views

Updated gnome-shell packages fix security vulnerability

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

6.5CVSS6.6AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
added 2024/09/10 4:40 p.m.28 views

Updated webmin package fixes security vulnerability

CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources...

7.5CVSS7AI score0.05397EPSS
Exploits0References2
Mageia
Mageia
added 2024/05/21 11:17 p.m.28 views

Updated stb packages fix security vulnerabilities

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

9.8CVSS8.1AI score0.0141EPSS
Exploits1References2
Mageia
Mageia
added 2024/04/27 6:26 a.m.28 views

Updated opencryptoki packages fix security vulnerability

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...

5.9CVSS7AI score0.00878EPSS
Exploits0References2
Mageia
Mageia
added 2023/07/07 5:54 a.m.28 views

Updated cups packages fix security vulnerability

Use-after-free in cupsdAcceptClient. CVE-2023-34241...

7.1CVSS7.1AI score0.01395EPSS
Exploits1References3
Mageia
Mageia
added 2023/04/24 12:20 a.m.28 views

Updated tcpdump packages fix security vulnerability

The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. CVE-2023-1801...

6.5CVSS6.4AI score0.00841EPSS
Exploits0References2
Mageia
Mageia
added 2023/03/31 12:13 a.m.28 views

Updated dino packages fix security vulnerability

When a Dino client receives a specifically crafted message from an unauthorized sender, it would use information from that message to add, update or remove entries in the user’s personal bookmark store without requiring further user interaction. CVE-2023-28686...

7.1CVSS6.6AI score0.00699EPSS
Exploits0References2
Mageia
Mageia
added 2023/03/18 10:16 p.m.28 views

Updated liferea packages fix security vulnerability

Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. CVE-2023-1350...

9.8CVSS9.6AI score0.02385EPSS
Exploits0References2
Mageia
Mageia
added 2022/10/18 11:14 p.m.28 views

Updated sos packages fix security vulnerability

SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. CVE-2022-2806...

5.5CVSS1.9AI score0.00233EPSS
Exploits0References2
Mageia
Mageia
added 2022/06/18 9:30 p.m.28 views

Updated bluez packages fix security vulnerability

It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code...

3.2AI score
Exploits0References2
Mageia
Mageia
added 2022/06/03 5:15 p.m.28 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix several crashes and rendering issues. WSA-2022-0005...

1.7AI score
Exploits0References2
Mageia
Mageia
added 2022/02/09 8:46 p.m.28 views

Updated epiphany packages fix security vulnerability

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list CVE-2021-45085. XSS can occur in GNOME Web aka Epiphany before 40.4 a...

6.1CVSS6.4AI score0.01485EPSS
Exploits4References2
Mageia
Mageia
added 2021/12/10 10:19 p.m.28 views

Updated fetchmail packages fix security vulnerability

Update to fetchmail 6.4.24 fixes STARTTLS session encryption bypassing. CVE-2021-39272...

5.9CVSS1.5AI score0.00925EPSS
Exploits0References3
Mageia
Mageia
added 2021/06/29 5:31 p.m.28 views

Updated re2c package fixes a security vulnerability

re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags CVE-2018-21232...

5.5CVSS4.9AI score0.01432EPSS
Exploits1References2
Mageia
Mageia
added 2021/06/23 5:11 p.m.28 views

Updated cifs-utils packages fix a security vulnerability

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity CVE-2021-20208...

6.1CVSS3.8AI score0.00642EPSS
Exploits0References3
Mageia
Mageia
added 2021/06/08 2:33 p.m.28 views

Updated mpv packages fix a security vulnerability

Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...

7.8CVSS6.4AI score0.02409EPSS
Exploits1References2
Mageia
Mageia
added 2021/01/10 7:46 p.m.28 views

Updated alpine and c-client packages fix security vulnerability

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...

7.5CVSS2.4AI score0.01823EPSS
Exploits0References2
Total number of security vulnerabilities5000