Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2023/03/01 9:14 p.m.•95 views

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

9.8CVSS9.1AI score0.01639EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•51 views

Updated postgresql packages fix security vulnerability

Client memory disclosure when connecting, with Kerberos, to modified server. CVE-2022-41862...

3.7CVSS2.2AI score0.00616EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•53 views

Updated clamav packages fix security vulnerability

A possible remote code execution vulnerability in the HFS+ file parser. CVE-2023-20032 A possible remote information leak vulnerability in the DMG file parser. CVE-2023-20052...

9.8CVSS8.1AI score0.29314EPSS
Exploits5References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•42 views

Updated ipython packages fix security vulnerability

Executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to. CVE-2022-21699...

8.8CVSS3.6AI score0.00657EPSS
Exploits1References6
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•36 views

Updated python-twisted packages fix security vulnerability

When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...

5.4CVSS0.9AI score0.01156EPSS
Exploits1References4
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•36 views

Updated jupyter-core packages fix security vulnerability

Arbitrary code execution when loading configuration files CVE-2022-39286...

8.8CVSS3.2AI score0.01056EPSS
Exploits0References3
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•51 views

Updated apr packages fix security vulnerability

Integer Overflow or Wraparound vulnerability in aprencode functions of Apache Portable Runtime APR allows an attacker to write beyond bounds of a buffer. CVE-2022-24963...

9.8CVSS9.1AI score0.01472EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•58 views

Updated php packages fix security vulnerability

The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...

8.1CVSS7.4AI score0.01408EPSS
Exploits2References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•40 views

Updated c-ares packages fix security vulnerability

The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-4904...

8.6CVSS8.7AI score0.01232EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•40 views

Updated python-cryptography packages fix security vulnerability

Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as 'bytes' to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an...

6.5CVSS6.9AI score0.01301EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•64 views

Updated python-jupyterlab packages fix security vulnerability

Remote code execution, but requires user action to open a notebook. CVE-2021-32797, and other bug fixes...

9.6CVSS2.9AI score0.02638EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•48 views

Updated gnutls packages fix security vulnerability

Timing side channel in the RSA decryption implementation of the GNU TLS library. CVE-2023-0361...

7.4CVSS7.7AI score0.01403EPSS
Exploits1References3
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•74 views

Updated git packages fix security vulnerability

Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links, the objects directory itself may still be a symbolic link. The...

7.5CVSS6.8AI score0.01144EPSS
Exploits3References3
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•64 views

Updated apache-commons-fileupload packages fix security vulnerability

Denial of service with a malicious upload or series of uploads. CVE-2023-24998...

7.5CVSS7.9AI score0.46836EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•43 views

Updated sofia-sip packages fix security vulnerability

The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-47516...

7.5CVSS3.9AI score0.01647EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/27 8:27 p.m.•116 views

Updated sox packages fix security vulnerability

CVE-2019-13590: sox-fmt validation CVE-2021-3643 and CVE-2021-23210: voc validation CVE-2021-23159 and CVE-2021-23172: hcom validation CVE-2021-33844: wav validation CVE-2021-40426: sphere validation CVE-2022-31650: aiff validation CVE-2022-31651: reject implausible rate...

10CVSS6.4AI score0.02211EPSS
Exploits8References3
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•58 views

Updated webkit2 packages fix security vulnerability

Type confusion leading to arbitrary code execution using crafted web page CVE-2023-23529...

8.8CVSS9.1AI score0.09426EPSS
Exploits0References4
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•66 views

Updated qtbase5 packages fix security vulnerability

Avoid unintentionally using binaries from CWD CVE-2022-23853 Fix a possible DOS involving the Qt SQL ODBC driver plugin CVE-2023-24607 Also fixes a regression that prevented Akonadi from working with kmail...

7.8CVSS7.8AI score0.0132EPSS
Exploits0References1
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•145 views

Updated curl packages fix security vulnerability

HTTP multi-header compression denial of service. CVE-2023-23916...

6.5CVSS6.8AI score0.01703EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•355 views

Updated nodejs-qs packages fix security vulnerability

nodejs qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query...

7.5CVSS8.6AI score0.14663EPSS
Exploits2References3
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•39 views

Updated upx packages fix security vulnerability

Denial of service due to heap-based buffer overflow issue in UPX in PackTmt::pack in ptmt.cpp file. CVE-2023-23456 Denial of service due to segmentation fault in UPX in PackLinuxElf64::invertptdynamic in plxelf.cpp. CVE-2023-23457...

5.5CVSS6.3AI score0.0039EPSS
Exploits2References3
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•52 views

Updated firefox packages fix security vulnerability

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled CVE-2023-0767. The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when...

8.8CVSS1.5AI score0.00817EPSS
Exploits0References6
Mageia
Mageia
•added 2023/02/20 9:25 p.m.•74 views

Updated thunderbird packages fix security vulnerability

User Interface lockup with messages combining S/MIME and OpenPGP. CVE-2023-0616 Content security policy leak in violation reports using iframes. CVE-2023-25728 Screen hijack via browser fullscreen mode. CVE-2023-25730 Arbitrary memory write via PKCS 12 in NSS. CVE-2023-0767 Potential use-after-fr...

8.8CVSS2.1AI score0.00817EPSS
Exploits0References3
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•51 views

Updated apr-util packages fix security vulnerability

Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer. CVE-2022-25147...

6.5CVSS9.1AI score0.01417EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•38 views

Updated tpm2-tss packages fix security vulnerability

Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array only has TPM2ERRORTSS2RCLAYERCOUNT entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer...

6.4CVSS6.6AI score0.00519EPSS
Exploits1References3
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•42 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 109.0.5414.119 release, fixing 6 vulnerabilities. Some of the security fixes are: High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 High CVE-2023-0472: Use after...

8.8CVSS9.1AI score0.00736EPSS
Exploits0References3
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•48 views

Updated webkit2 packages fix security vulnerability

Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-42826 CVE-2023-23517 CVE-2023-23518...

8.8CVSS9.1AI score0.00902EPSS
Exploits0References3
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•136 views

Updated ffmpeg packages fix security vulnerability

A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformatnewstream and triggers the null pointer dereference error, causing an application to crash...

5.3CVSS2.8AI score0.00817EPSS
Exploits0References3
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•50 views

Updated libzen packages fix security vulnerability

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference...

7.5CVSS3.1AI score0.01177EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•65 views

Updated editorconfig-core-c packages fix security vulnerability

Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary...

7.8CVSS8.1AI score0.00965EPSS
Exploits1References1
Mageia
Mageia
•added 2023/02/14 10:43 p.m.•24 views

Updated phpmyadmin packages fix security vulnerability

Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...

1.7AI score
Exploits0References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•140 views

Updated netatalk packages fix security vulnerability

Heap overflow leading to arbitrary code execution. CVE-2021-31439 Buffer overflow leading to remote code execution CVE-2022-0194 Improper length validation leading to remote code execution CVE-2022-23121 Buffer overflow leading to remote code execution CVE-2022-23122 Out-of-bounds read leading to...

9.8CVSS3.4AI score0.08525EPSS
Exploits1References4
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•68 views

Updated java/timezone packages fix security vulnerability

Improper restrictions in CORBA deserialization. CVE-2023-21830 Handshake DoS attack against DTLS connections. CVE-2023-21835 Soundbank URL remote loading. CVE-2023-21843...

5.3CVSS6.3AI score0.01836EPSS
Exploits0References4
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•68 views

Updated python-future packages fix security vulnerability

Excessive CPU usage via a crafted Set-Cookie header CVE-2022-40899...

7.5CVSS2AI score0.01804EPSS
Exploits1References3
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•161 views

Updated nodejs-minimist packages fix security vulnerability

Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906...

9.8CVSS3.5AI score0.04581EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•25 views

Updated advancecomp packages fix security vulnerability

Segmentation fault on invalid MNG size...

2.9AI score
Exploits0References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•23 views

Updated tigervnc packages fix security vulnerability

Updated packages rebuilt for recent x11-server security update...

2AI score
Exploits0References5
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•117 views

Updated libxpm packages fix security vulnerability

libXpm incorrectly handled calling external helper binaries. If libXpm was being used by a setuid binary, a local attacker could possibly use this issue to escalate privileges. CVE-2022-4883 libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a...

8.8CVSS1.8AI score0.01273EPSS
Exploits2References5
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•56 views

Updated thunderbird packages fix security vulnerability

libusrsctp library out of date. CVE-2022-46871 Arbitrary file read from GTK drag and drop on Linux. CVE-2023-23598 URL being dragged from cross-origin iframe into same tab triggers navigation. CVE-2023-23601 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers...

8.8CVSS2.7AI score0.00892EPSS
Exploits0References7
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•142 views

Updated dojo packages fix security vulnerability

Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to cross-site scripting XSS attacks. CVE-2020-4051 Prototype pollution vulnerability via the setObject function. CVE-2021-23450...

9.8CVSS2.3AI score0.30367EPSS
Exploits1References3
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•57 views

Updated libtiff packages fix security vulnerability

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image. CVE-2022-48281...

5.5CVSS4.1AI score0.00461EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•62 views

Updated ruby-sinatra packages fix security vulnerability

Potential reflected file download RFD vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. CVE-2022-45442...

8.8CVSS1AI score0.00642EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•99 views

Updated apache packages fix security vulnerability

CVE-2022-37436: Apache HTTP Server: modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers ha...

9CVSS7.5AI score0.57941EPSS
Exploits0References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•98 views

Updated git packages fix security vulnerability

gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a '.gitattributes' file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes,...

9.8CVSS3.6AI score0.56334EPSS
Exploits0References5
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•31 views

Updated python-mechanize packages fix security vulnerability

Denial of service via crafted regular expression CVE-2021-32837 Fixed mechanize not found during build...

7.5CVSS3.4AI score0.28661EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•58 views

Updated sofia-sip packages fix security vulnerability

Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...

9.8CVSS9.1AI score0.0238EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•37 views

Updated opusfile packages fix security vulnerability

NULL pointer dereferences in opgetdata and opopen1 in opusfile.c CVE-2022-47021...

7.8CVSS2.4AI score0.00395EPSS
Exploits1References2
Mageia
Mageia
•added 2023/02/07 12:6 a.m.•68 views

Updated python-django packages fix security vulnerability

Internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. CVE-2022-41323 Potential denial-of-service via Accept-Language headers CVE-2023-23969...

7.5CVSS7.6AI score0.47102EPSS
Exploits0References5
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•76 views

Updated firefox packages fix security vulnerability

A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...

8.8CVSS1AI score0.00892EPSS
Exploits0References6
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•216 views

Updated sudo packages fix security vulnerability

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

7.8CVSS7.8AI score0.55367EPSS
Exploits20References5
Total number of security vulnerabilities6011