Lucene search
K
MageiaMost viewed

6007 matches found

Mageia
Mageia
added 2015/08/30 2:27 p.m.28 views

Updated audit packages fix security vulnerability

When auditing the filesystem the names of files are logged. These filenames can contain escape sequences, when viewed using the ausearch programs "-i" option for example this can result in the escape sequences being processed unsafely by the terminal program being used to view the data...

5.3CVSS6.1AI score0.02755EPSS
Exploits0References2
Mageia
Mageia
added 2015/08/21 6:54 p.m.28 views

Updated libcryptopp package fixes security vulnerability

Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...

5CVSS7.4AI score0.02879EPSS
Exploits0References2
Mageia
Mageia
added 2015/07/27 5:45 p.m.28 views

Updated stunnel package fixes security vulnerability

Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with "verify = 2" or higher, then on...

5.8CVSS6.6AI score0.02136EPSS
Exploits0References3
Mageia
Mageia
added 2015/05/12 7:37 p.m.28 views

Updated pam packages fix security vulnerabilities

Updated pam packages fix security vulnerabilities: The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack CVE-2013-7041. Multiple directory traversal vulnerabilities in...

5.8CVSS7AI score0.04121EPSS
Exploits2References2
Mageia
Mageia
added 2015/05/11 8:10 p.m.28 views

Updated mailman packages fix security vulnerabilities

Updated mailman packages fix security vulnerability: A path traversal vulnerability was discovered in Mailman. Installations using a transport script such as postfix-to-mailman.py to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully...

7.6CVSS8.4AI score0.07964EPSS
Exploits1References2
Mageia
Mageia
added 2015/05/06 5:10 p.m.28 views

Updated perl-XML-LibXML packages fix CVE-2015-3451

Updated perl-XML-LibXML package fixes security vulnerability: Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expandentities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected...

5CVSS6.4AI score0.04013EPSS
Exploits0References2
Mageia
Mageia
added 2015/03/10 4:48 p.m.28 views

Updated pngcrush package fixes security vulnerability

pngcrush-1.7.84 fixes defects reported by Coverity-scan, so it should be more resistant to crashes due to malformed input files, such as the one presented in CVE-2015-2158...

7.8CVSS7.5AI score0.02771EPSS
Exploits0References3
Mageia
Mageia
added 2015/02/26 8:26 a.m.28 views

Updated sympa packages fix CVE-2015-1306

Updated sympa packages fix security vulnerability: A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Symp...

6.4AI score
Exploits0References3
Mageia
Mageia
added 2014/12/19 3:6 p.m.28 views

Updated c-icap packages fix security vulnerabilities

Several vulnerabilities were found in c-icap, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts CVE-2013-7401, CVE-2013-7402...

5CVSS4.9AI score0.02817EPSS
Exploits1References3
Mageia
Mageia
added 2014/11/02 1:14 p.m.28 views

Updated pulseaudio package fixes RTP remote crash vulnerability

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the...

2.9CVSS6.4AI score0.01457EPSS
Exploits1References1
Mageia
Mageia
added 2014/10/07 9:22 a.m.28 views

Updated mediawiki packages fix security vulnerbilities

Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...

4.3CVSS8.9AI score0.01983EPSS
Exploits0References5
Mageia
Mageia
added 2014/09/05 9:7 a.m.28 views

Updated libgcrypt packages fix CVE-2014-5270

Updated libgcrypt packages fix security vulnerability: The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack CVE-2014-5270...

2.1CVSS6.2AI score0.00531EPSS
Exploits0References4
Mageia
Mageia
added 2014/09/05 9:7 a.m.28 views

Updated ppp packages fix a security vulnerability

Updated ppp packages fix security vulnerability: A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options CVE-2014-3158...

7.5CVSS9AI score0.03502EPSS
Exploits0References2
Mageia
Mageia
added 2014/06/06 5:45 p.m.28 views

Updated perl-LWP-Protocol-https package fixes CVE-2014-3230

Updated perl-LWP-Protocol-https package fixes security vulnerability: It was reported that libwww-perl LWP, when using IO::Socket::SSL the default and when the HTTPSCADIR or HTTPSCAFILE environment variables were set, would disable server certificate verification, when the intent was to only...

5.9CVSS6AI score0.01602EPSS
Exploits1References2
Mageia
Mageia
added 2014/05/30 7:50 a.m.28 views

Updated libgadu package fixes CVE-2014-3775

Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, o...

7.5CVSS7.6AI score0.0378EPSS
Exploits0References3
Mageia
Mageia
added 2014/04/15 6:25 p.m.28 views

Updated tigervnc packages fix CVE-2014-0011

Updated tigervnc packages fix security vulnerability: A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute...

9.8CVSS9.7AI score0.02494EPSS
Exploits1References2
Mageia
Mageia
added 2014/03/31 7:30 p.m.28 views

Updated mutt package fixes security vulnerability

A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the us...

5CVSS7.5AI score0.05155EPSS
Exploits1References2
Mageia
Mageia
added 2013/12/06 10:2 p.m.28 views

Updated pixman package fixes security vulnerability

Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash CVE-2013-6425...

5CVSS3.7AI score0.0288EPSS
Exploits0References4
Mageia
Mageia
added 2013/11/18 2:41 p.m.28 views

Updated torque packages fix CVE-2013-4495

Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbsserver CVE-2013-4495...

10CVSS1.7AI score0.03266EPSS
Exploits0References3
Mageia
Mageia
added 2013/09/13 8:16 p.m.28 views

Updated python-OpenSSL package fixes security vulnerability

The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing CVE-2013-4314...

4.3CVSS3AI score0.01197EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/19 2:46 a.m.27 views

Updated postgresql15 packages fix security vulnerabilities

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References2
Mageia
Mageia
added 2025/05/27 6:46 p.m.27 views

Updated thunderbird packages fix security vulnerabilities

Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3875 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. CVE-2025-3877 JavaScript Execution via Spoofed PDF Attachment and file:/// Link. CVE-2025-3909 Tracking Links in Attachments...

9.8CVSS9AI score0.08917EPSS
Exploits1References5
Mageia
Mageia
added 2025/05/05 4:57 a.m.27 views

Updated apache-mod_auth_openidc packages fix security vulnerability

modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. CVE-2025-31492...

8.2CVSS6.7AI score0.00542EPSS
Exploits0References5
Mageia
Mageia
added 2025/05/05 4:57 a.m.27 views

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. CVE-2025-32460...

9.1CVSS7.4AI score0.00315EPSS
Exploits1References4
Mageia
Mageia
added 2025/04/05 6:46 p.m.27 views

Updated corosync packages fix security vulnerability

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...

9.8CVSS7.8AI score0.00433EPSS
Exploits1References2
Mageia
Mageia
added 2025/03/06 5:56 p.m.27 views

Updated erlang packages fix security vulnerability

SSH SFTP packet size not verified properly in Erlang OTP. CVE-2025-26618...

7CVSS7.3AI score0.0046EPSS
Exploits0References2
Mageia
Mageia
added 2025/02/14 8:36 p.m.27 views

Updated golang packages fix security vulnerability

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. CVE-2025-22866...

4CVSS7.3AI score0.00272EPSS
Exploits0References2
Mageia
Mageia
added 2025/02/09 12:19 a.m.27 views

Updated qtbase5 & qtbase6 packages fix security vulnerabilities

network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 A buffer overflow and application crash can occur via a crafted KTX image file. CVE-2024-25580 Code to make security-relevant decisions about an established connection may execute too early, because...

9.8CVSS7.9AI score0.00986EPSS
Exploits0References3
Mageia
Mageia
added 2025/01/20 6:21 p.m.27 views

Updated git packages fix security vulnerabilities

Git does not sanitize URLs when asking for credentials interactively. CVE-2024-50349 Newline confusion in credential helpers can lead to credential exfiltration in git. CVE-2024-52006...

7.5CVSS6.9AI score0.01019EPSS
Exploits0References2
Mageia
Mageia
added 2025/01/20 6:21 p.m.27 views

Updated proftpd packages fix security vulnerability

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...

7.5CVSS6.8AI score0.02204EPSS
Exploits0References2
Mageia
Mageia
added 2024/10/04 5:27 a.m.27 views

Updated openjpeg2 packages fix security vulnerability

Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. CVE-2023-39327...

4.3CVSS7.2AI score0.00528EPSS
Exploits0References2
Mageia
Mageia
added 2024/09/09 7:0 p.m.27 views

Updated ntfs-3g packages fix security vulnerability

NTFS-3G before 75dcdc2 has a use-after-free in ntfsuppercasembs in libntfs-3g/unistr.c. CVE-2023-52890...

4.5CVSS7AI score0.00159EPSS
Exploits0References2
Mageia
Mageia
added 2024/06/06 3:48 p.m.27 views

Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459...

7.5CVSS7.2AI score0.02298EPSS
Exploits1References3
Mageia
Mageia
added 2024/05/21 11:17 p.m.27 views

Updated stb packages fix security vulnerabilities

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

9.8CVSS8.1AI score0.0141EPSS
Exploits1References2
Mageia
Mageia
added 2024/04/11 11:58 p.m.27 views

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities

Heap buffer overread/data leakage in ProcXIGetSelectedEvents. CVE-2024-31080 Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. CVE-2024-31081 User-after-free in ProcRenderAddGlyphs. CVE-2024-31083...

7.8CVSS7.1AI score0.01843EPSS
Exploits0References1
Mageia
Mageia
added 2023/07/07 5:54 a.m.27 views

Updated opensc packages fix security vulnerability

Crash or info leak due to heap-based buffer out of bounds read CVE-2023-2977...

7.1CVSS7AI score0.00295EPSS
Exploits0References2
Mageia
Mageia
added 2023/03/18 10:16 p.m.27 views

Updated xfig packages fix security vulnerability

A potential buffer overflow exists in the file src/whelp.c at line 55. Specifically, the length of the string returned by getenv"LANG" may become very long and cause a buffer overflow while executing the sprintf function. This vulnerability could potentially allow an attacker to execute arbitrary...

9.8CVSS4.9AI score0.00976EPSS
Exploits1References2
Mageia
Mageia
added 2022/09/16 7:39 p.m.27 views

Updated wireshark packages fix security vulnerability

F5 Ethernet Trailer dissector infinite loop wnpa-sec-2022-06...

1.7AI score
Exploits0References7
Mageia
Mageia
added 2022/07/25 9:41 p.m.27 views

Updated logrotate packages fix security vulnerability

Improved coredump handing for SUID binaries. bsc1192449...

1.5AI score
Exploits0References3
Mageia
Mageia
added 2021/12/10 10:19 p.m.27 views

Updated speex packages fix security vulnerability

Fixed zero division error in readsamples bsc1192580. CVE-2020-23903...

5.5CVSS2AI score0.0094EPSS
Exploits1References4
Mageia
Mageia
added 2021/12/02 4:49 p.m.27 views

Updated perl/perl-Encode packages fix security vulnerability

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

7.8CVSS3.5AI score0.01397EPSS
Exploits0References3
Mageia
Mageia
added 2021/07/04 2:13 a.m.27 views

Updated networkmanager packages fix security vulnerability

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. CVE-2021-20297...

5.5CVSS2.5AI score0.00254EPSS
Exploits0References1
Mageia
Mageia
added 2021/03/27 2:27 p.m.27 views

Updated openscad package fixes a security vulnerability

A stack-based buffer overflow vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2020-28599...

8.8CVSS4.2AI score0.01956EPSS
Exploits1References2
Mageia
Mageia
added 2021/02/10 6:41 p.m.27 views

Updated perl-Email-MIME and perl-Email-MIME-ContentType packages fix security vulnerability

Messages with too many tiny nested MIME parts can lead to memory exhaustion on split, resulting in denial of service rhbz1835353 This update limits the number of nested MIME parts to 10 by default, to avoid a possible memory exhaustion issue with lots of tiny MIME parts...

2.3AI score
Exploits0References3
Mageia
Mageia
added 2021/01/29 7:5 p.m.27 views

Updated db53 packages fix a security vulnerability

Vulnerability in the Data Store component of Oracle Berkeley DB. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in...

3.3CVSS5.3AI score0.00604EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/14 8:10 p.m.27 views

Updated nvidia-current packages fix security vulnerabilities

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer nvidia.ko IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure CVE‑2021‑1052. NVIDIA GPU Display Driver for...

7.8CVSS3.3AI score0.01777EPSS
Exploits0References2
Mageia
Mageia
added 2020/11/08 2:14 p.m.27 views

Updated blueman packages fixes a security vulnerability

Vaisha Bernard discovered that blueman did not properly sanitize input on the D-Bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service CVE-2020-15238...

7.1CVSS4.2AI score0.04539EPSS
Exploits4References2
Mageia
Mageia
added 2020/08/29 6:40 a.m.27 views

Updated ark packages fix security vulnerability

A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction CVE-2020-24654...

4.3CVSS1.3AI score0.01496EPSS
Exploits0References2
Mageia
Mageia
added 2020/08/20 11:30 p.m.27 views

Updated ngircd package fixes security vulnerability

The Server-Server protocol implementation in ngIRCd before 26rc2 allows an out-of-bounds access, as demonstrated by the IRCNJOIN function. CVE-2020-14148...

7.5CVSS4.3AI score0.02643EPSS
Exploits0References2
Mageia
Mageia
added 2020/05/15 3:48 p.m.27 views

Updated jbig2dec packages fix security vulnerability

Updated jbig2dec packages fix security vulnerability: jbig2imagecompose in jbig2image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow CVE-2020-12268...

9.8CVSS3.7AI score0.02622EPSS
Exploits1References2
Total number of security vulnerabilities5000