Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2023/05/16 7:17 p.m.•31 views

Updated connman packages fix security vulnerability

client.c in gdhcp in ConnMan could be used by network-adjacent attackers operating a crafted DHCP server to cause a stack-based buffer overflow and denial of service, terminating the connman process. CVE-2023-28488...

6.5CVSS7.2AI score0.00964EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•102 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. This issue could occur when associnfo-reqlen data is bigger than the siz...

7.8CVSS7.1AI score0.16642EPSS
Exploits9References5
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•45 views

Updated firefox/nss/rootcerts packages fix security vulnerability

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks CVE-2023-32205. An out-of-bounds read could have led to a crash in the RLBox Expat driver CVE-2023-32206. A missing delay in popup...

8.8CVSS8.3AI score0.00753EPSS
Exploits0References4
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•45 views

Updated python-django packages fix security vulnerability

Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...

9.8CVSS7.1AI score0.62575EPSS
Exploits0References6
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•18 views

Updated indent packages fix security vulnerability

Multiple memory safety issues bsc1209718...

7.4AI score
Exploits0References2
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•30 views

Updated freeimage packages fix security vulnerability

Buffer Overflow vulnerability leading to denial of service via a crafted JXR file. CVE-2021-33367...

5.5CVSS6.7AI score0.0028EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•48 views

Updated golang packages fix security vulnerability

Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input...

9.8CVSS7.4AI score0.01548EPSS
Exploits0References3
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•29 views

Updated thunderbird packages fix security vulnerability

Browser prompts could have been obscured by popups. CVE-2023-32205 Crash in RLBox Expat driver. CVE-2023-32206 Potential permissions request bypass via clickjacking. CVE-2023-32207 Content process crash due to invalid wasm code. CVE-2023-32211 Potential spoof due to obscured address bar...

8.8CVSS8AI score0.00753EPSS
Exploits0References3
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•90 views

Updated libxml2 packages fix security vulnerability

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...

7.5CVSS7.1AI score0.02462EPSS
Exploits2References4
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•48 views

Updated libfastjson packages fix security vulnerability

Integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762...

7.8CVSS8AI score0.01888EPSS
Exploits1References3
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•39 views

Updated avahi packages fix security vulnerability

Fixes crash on some invalid DBus calls. CVE-2023-1981...

5.5CVSS7.1AI score0.00392EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•25 views

Updated parcellite packages fix security vulnerability

Parcellite clipboard manager might cause your copied secrets to be stored in the plain-text form in the system logs...

6.8AI score
Exploits0References3
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•124 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 7.0.8 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 7.0.8. A difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM...

8.2CVSS5.3AI score0.00671EPSS
Exploits1References3
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•34 views

Updated imagemagick packages fix security vulnerability

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of...

5.5CVSS5.9AI score0.00593EPSS
Exploits1References3
Mageia
Mageia
•added 2023/05/06 6:19 p.m.•100 views

Updated git packages fix security vulnerability

By feeding specially crafted input to 'git apply --reject', a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch. CVE-2023-25652. When Git is compiled with runtime prefix support and runs without translated...

7.8CVSS7.4AI score0.52164EPSS
Exploits2References3
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•66 views

Updated squirrel/supertux packages fix security vulnerability

sqclass.cpp in Squirrel 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as Fi...

10CVSS9.4AI score0.02177EPSS
Exploits1References3
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•60 views

Updated dnsmasq packages fix security vulnerability

A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. CVE-2023-28450...

7.5CVSS7.6AI score0.01334EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•41 views

Updated php-smarty packages fix security vulnerability

Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...

7.1CVSS6.2AI score0.01025EPSS
Exploits0References5
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•43 views

Updated emacs packages fix security vulnerability

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. CVE-2023-28617...

7.8CVSS8.3AI score0.00469EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•28 views

Updated tcpdump packages fix security vulnerability

The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. CVE-2023-1801...

6.5CVSS6.4AI score0.00841EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•43 views

Updated redis packages fix security vulnerability

Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. CVE-2023-28856...

6.5CVSS7AI score0.00963EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/24 12:20 a.m.•65 views

Updated openimageio packages fix security vulnerability

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensiti...

9.8CVSS8.3AI score0.01962EPSS
Exploits25References6
Mageia
Mageia
•added 2023/04/17 7:52 p.m.•57 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.15.106 and fixes atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap...

7.8CVSS7.4AI score0.06346EPSS
Exploits2References9
Mageia
Mageia
•added 2023/04/17 7:52 p.m.•58 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on upstream 5.15.106 and fixes atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tunta...

7.8CVSS7.4AI score0.06346EPSS
Exploits2References9
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•50 views

Updated ceph packages fix security vulnerability

Openstack manilla owning a Ceph File system "share", enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system...

9.1CVSS8.3AI score0.00935EPSS
Exploits1References3
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•28 views

Updated python-flask-restx packages fix security vulnerability

Fixes unspecified security issues...

6.9AI score
Exploits0References3
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•35 views

Updated jpegoptim packages fix security vulnerability

A heap overflow can occur with crafted JPEG image file. CVE-2023-27781...

7.8CVSS7.8AI score0.00393EPSS
Exploits1References3
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•142 views

Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

7.5CVSS6.7AI score0.73139EPSS
Exploits21References12
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•56 views

Updated firefox packages fix security vulnerability

Updated firefox and libwebp packages fix security vulnerabilities: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash CVE-2023-1945. A website could have obscured the fullscreen notification by using a combination of...

8.8CVSS9.2AI score0.00741EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•138 views

Updated python-certifi packages fix security vulnerability

Disable bundled Trustcor root cerificate signatures generated after Wednesday November 30 00:00:00 2022. CVE-2022-23491...

7.5CVSS7.7AI score0.00535EPSS
Exploits0References7
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•168 views

Updated davmail packages fix security vulnerability

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1...

9.8CVSS9.8AI score0.81147EPSS
Exploits13References2
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•35 views

Updated libheif packages fix security vulnerability

Vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996...

7.8CVSS7.7AI score0.00307EPSS
Exploits0References3
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•55 views

Updated golang packages fix security vulnerability

DOS due to incorrect HTTP and MIME header parsing CVE-2023-24534 DOS due to incorrect Multipart form parsing CVE-2023-24536 Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

9.8CVSS8.1AI score0.02281EPSS
Exploits0References6
Mageia
Mageia
•added 2023/04/15 7:3 p.m.•52 views

Updated thunderbird packages fix security vulnerability

Fullscreen notification obscured. CVE-2023-29533 Double-free in libwebp. MFSA-TMP-2023-0001 Potential Memory Corruption following Garbage Collector compaction. CVE-2023-29535 Invalid free from JavaScript code. CVE-2023-29536 Revocation status of S/Mime recipient certificates was not checked...

8.8CVSS7.7AI score0.00901EPSS
Exploits0References3
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•35 views

Updated thunderbird packages fix security vulnerability

Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...

8.2CVSS8.1AI score0.01185EPSS
Exploits0References3
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•61 views

Updated openssl packages fix security vulnerability

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS7.7AI score0.59501EPSS
Exploits0References9
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•27 views

Updated tigervnc/x11-server packages fix security vulnerability

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window aka COW, the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-fr...

7.8CVSS7.4AI score0.0044EPSS
Exploits0References7
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•58 views

Updated ipmitool packages fix security vulnerability

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged...

8.8CVSS8.9AI score0.0329EPSS
Exploits1References2
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•51 views

Updated imgagmagick packages fix security vulnerability

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

5.5CVSS5.4AI score0.00865EPSS
Exploits1References3
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•15 views

Updated vim packages fix security vulnerability

"rvim" can execute a shell through :diffpatch...

7AI score
Exploits0References2
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•68 views

Updated ghostscript packages fix security vulnerability

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

9.8CVSS9.6AI score0.06341EPSS
Exploits1References2
Mageia
Mageia
•added 2023/04/11 7:2 p.m.•37 views

Updated sudo packages fix security vulnerability

Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487...

5.3CVSS5.9AI score0.00953EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•37 views

Updated libapreq2 packages fix security vulnerability

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. CVE-2022-22728...

7.5CVSS7.6AI score0.04712EPSS
Exploits0References5
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•38 views

Updated zstd packages fix security vulnerability

Buffer overrun in util.c CVE-2022-4899...

7.5CVSS7.5AI score0.01588EPSS
Exploits0References3
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•24 views

Updated stellarium packages fix security vulnerability

Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. CVE-2023-28371...

9.8CVSS9.2AI score0.01545EPSS
Exploits0References2
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•73 views

Updated python-cairosvg packages fix security vulnerability

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS6.8AI score0.00722EPSS
Exploits0References3
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•32 views

Updated peazip packages fix security vulnerability

Denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. CVE-2023-24785...

5.5CVSS5.8AI score0.00311EPSS
Exploits1References2
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•58 views

Updated opencontainers-runc packages fix security vulnerability

/sys/fs/cgroup is writable when cgroupns isn't unshared CVE-2023-25809 Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges CVE-2023-27561 AppArmor/SELinux bypass with symlinked /proc CVE-2023-28642...

7.8CVSS7AI score0.00448EPSS
Exploits2References3
Mageia
Mageia
•added 2023/04/06 9:20 p.m.•50 views

Updated ldb/samba packages fix security vulnerability

Deletion of AD DC "dnsHostname" attribute by unprivileged authenticated users CVE-2023-0225 Read access controlled AD LDAP attributes CVE-2023-0614 Cleartext password sending by AD DC admin tool CVE-2023-0922...

7.7CVSS5.9AI score0.00719EPSS
Exploits0References5
Mageia
Mageia
•added 2023/03/31 12:13 a.m.•33 views

Updated tigervnc/x11-server packages fix security vulnerability

DeepCopyPointerClasses use-after-free leads to privilege elevation. CVE-2023-0494...

7.8CVSS7.9AI score0.00899EPSS
Exploits0References12
Total number of security vulnerabilities6009