Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2023/01/24 7:58 a.m.•50 views

Updated tor packages fix security vulnerability

SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. CVE-2023-23589...

6.5CVSS6.6AI score0.00832EPSS
Exploits1References3
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•24 views

Updated phoronix-test-suite packages fix security vulnerability

XSS in phoromaticraddtestdetails.php CVE-2022-40704...

6.1CVSS1.8AI score0.00606EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•42 views

Updated jpegoptim packages fix security vulnerability

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. CVE-2022-32325...

6.5CVSS2.6AI score0.00896EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•114 views

Updated virtualbox packages fix security vulnerability

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. CVE-2023-21884 Unauthenticated attacker with network access via multiple protocols to compromise Oracle VM...

8.1CVSS5.2AI score0.01205EPSS
Exploits0References3
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•41 views

Updated sdl2 packages fix security vulnerability

Potential memory leak when creating a texture for an OpenGL ES image CVE-2022-4743...

7.5CVSS2.6AI score0.01265EPSS
Exploits0References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•46 views

Updated vim packages fix security vulnerability

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. CVE-2023-0049...

7.8CVSS7.8AI score0.00471EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•72 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities. Some of the security fixes are - High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 High CVE-2023-0129 Heap buffer overflow in Network Service...

8.8CVSS8.2AI score0.007EPSS
Exploits0References3
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•52 views

Updated viewvc packages fix security vulnerability

ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names names that, when...

6.1CVSS6AI score0.00694EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•115 views

Updated docker packages fix security vulnerability

Server side request forgery CVE-2022-29153 Bypass primary group restrictions due to a flaw in the supplementary group access setup CVE-2022-36109 Imported Nodes/Services Information leak in moby-engine. CVE-2022-3920...

7.5CVSS6.8AI score0.08912EPSS
Exploits0References7
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•33 views

Updated nautilus packages fix security vulnerability

GNOME Nautilus 42.2 allows a NULL pointer dereference and getbasename application crash via a pasted ZIP archive. CVE-2022-37290...

5.5CVSS3.5AI score0.00326EPSS
Exploits1References4
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•50 views

Updated php packages fix security vulnerability

Update to php version 8.0.27 fixes PDO/SQLite, where PDO::quote may return unquoted string See referenced changelog for other changes...

9.1CVSS3.1AI score0.02154EPSS
Exploits0References2
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•54 views

Updated x11-server packages fix security vulnerability

X.Org Server XkbGetKbdByName use-after-free. CVE-2022-4283 X.Org Server XTestSwapFakeInput stack overflow. CVE-2022-46340 X.Org Server XIPassiveUngrab out-of-bounds access. CVE-2022-46341 X.Org Server XvdiSelectVideoNotify use-after-free. CVE-2022-46342 X.Org Server ScreenSaverSetAttributes...

8.8CVSS8.4AI score0.02685EPSS
Exploits0References5
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•110 views

Updated samba packages fix security vulnerability

There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...

9.8CVSS1.2AI score0.06419EPSS
Exploits1References25
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•50 views

Updated php-smarty packages fix security vulnerability

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...

5.4CVSS3.1AI score0.00826EPSS
Exploits1References3
Mageia
Mageia
•added 2023/01/24 7:58 a.m.•55 views

Updated net-snmp packages fix security vulnerability

handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2022-44792...

6.5CVSS6.4AI score0.5346EPSS
Exploits2References2
Mageia
Mageia
•added 2023/01/22 8:39 p.m.•150 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the...

8CVSS7.6AI score0.71737EPSS
Exploits3References8
Mageia
Mageia
•added 2023/01/22 8:39 p.m.•202 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment...

8CVSS8.3AI score0.71737EPSS
Exploits8References8
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•23 views

Updated ctags packages fix security vulnerability

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

7.8CVSS2AI score0.00577EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•31 views

Updated w3m packages fix security vulnerability

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. CVE-2022-38223...

7.8CVSS2.8AI score0.00441EPSS
Exploits1References2
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•37 views

Updated xrdp packages fix security vulnerability

xrdp less than v0.9.21 contain a buffer over flow in xrdploginwndcreate function. CVE-2022-23468 xrdp less than v0.9.21 contain a buffer over flow in audinsendopen function. CVE-2022-23477 xrdp less than v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function...

9.8CVSS2.5AI score0.00892EPSS
Exploits0References2
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•82 views

Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

9.8CVSS3.5AI score0.05378EPSS
Exploits1References3
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•43 views

Updated ffmpeg packages fix security vulnerability

An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. CVE-2022-3109...

7.5CVSS3AI score0.0142EPSS
Exploits0References3
Mageia
Mageia
•added 2023/01/13 5:37 p.m.•108 views

Updated minetest packages fix security vulnerability

This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...

10CVSS0.7AI score0.02195EPSS
Exploits0References6
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•63 views

Updated sogo packages fix security vulnerability

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...

7.5CVSS3.9AI score0.00987EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•29 views

Updated python-ujson packages fix security vulnerability

Fixes len integer overflow issue. RHBZ2149975 Ultrajson doesn't build on webassembly e.g. pyodide because the version of double-conversion used is too old. This updates it to a newer version which supports webassembly...

4.5AI score
Exploits0References3
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•192 views

Updated curl packages fix security vulnerability

Another HSTS bypass via IDN. CVE-2022-43551 HTTP Proxy deny use-after-free. CVE-2022-43552...

7.5CVSS7AI score0.1654EPSS
Exploits2References5
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•32 views

Updated libksba packages fix security vulnerability

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629...

9.8CVSS4.8AI score0.0155EPSS
Exploits2References3
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•75 views

Updated webkit2 packages fix security vulnerability

The updated packages fix security vulnerabilities and other issues. See references for details...

8.8CVSS7.8AI score0.34574EPSS
Exploits2References3
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•57 views

Updated freeradius packages fix security vulnerability

Information leakage in EAP-PWD. CVE-2022-41859 Crash on unknown option in EAP-SIM. CVE-2022-41860 Crash on invalid abinary data. CVE-2022-41861...

7.5CVSS6.9AI score0.01171EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•52 views

Updated thunderbird packages fix security vulnerability

Drag and Dropped Filenames could have been truncated to malicious extensions. CVE-2022-46874...

8.8CVSS2.4AI score0.00884EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/30 10:39 p.m.•35 views

Updated libtar packages fix security vulnerability

After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free. CVE-2021-33640...

9.8CVSS2.3AI score0.00646EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/24 9:14 a.m.•93 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 108.0.5359.124 release, fixing 8 vulnerabilities. Some of the security fixes are ... High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 High CVE-2022-4437: Use after free in Mojo IPC. Reported by...

8.8CVSS1AI score0.00651EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/18 1:25 a.m.•45 views

Updated advancecomp packages fix security vulnerability

advancecomp has been updated to fix a number of bugs and security issues...

5.5CVSS2.1AI score0.00448EPSS
Exploits7References2
Mageia
Mageia
•added 2022/12/17 11:55 p.m.•72 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver,...

7.8CVSS0.1AI score0.00463EPSS
Exploits1References6
Mageia
Mageia
•added 2022/12/17 11:55 p.m.•92 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the drive...

7.8CVSS1.2AI score0.00463EPSS
Exploits1References4
Mageia
Mageia
•added 2022/12/17 8:37 p.m.•65 views

Updated firefox packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

9.8CVSS1.7AI score0.00921EPSS
Exploits0References4
Mageia
Mageia
•added 2022/12/17 8:37 p.m.•45 views

Updated thunderbird packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

9.8CVSS1.6AI score0.00921EPSS
Exploits0References1
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•67 views

Updated heimdal packages fix security vulnerability

Isaac Boukris reported that the Heimdal KDC before 7.7.1 does not apply delegationnotallowed aka not-delegated user attributes for S4U2Self. Instead the forwardable flag is set even if the impersonated client has the not-delegated flag set. CVE-2019-14870 Joseph Sutton discovered that the Heimdal...

9.8CVSS7.5AI score0.06419EPSS
Exploits1References6
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•33 views

Updated xfce4-settings packages fix security vulnerability

argument injection vulnerability in xfce4-mime-helper from the xfce4-settings package...

9.8CVSS2.5AI score0.01406EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•50 views

Updated leptonica packages fix security vulnerability

This update fixes a denial of service vulnerability in leptonlib. It can be made to crash with an arithmetic exception on specially crafted JPEG files. CVE-2022-38266...

6.5CVSS2.6AI score0.01104EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•31 views

Updated libetpan packages fix security vulnerability

Null pointer dereference in mailimapmailboxdatastatusfree in low-level/imap/mailimaptypes.c. CVE-2022-4121...

5.5CVSS2.2AI score0.00542EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•61 views

Updated couchdb packages fix security vulnerability

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS3.5AI score0.92335EPSS
Exploits9References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•74 views

Updated krb5 packages fix security vulnerability

Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution in a KDC, kadmin, or GSS or Kerberos application server process, information exposure to a cross-realm KDC acting maliciously, or denial of servi...

8.8CVSS4.5AI score0.06419EPSS
Exploits1References4
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•31 views

Updated python-slixmpp packages fix security vulnerability

Fixes missing certificate hostname validation...

7.5CVSS1.6AI score0.00469EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•41 views

Updated freerdp packages fix security vulnerability

Affected versions of FreeRDP are missing input length validation in 'drive' channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. CVE-2022-41877...

4.6CVSS5.5AI score0.00719EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/17 6:48 p.m.•47 views

Updated golang packages fix security vulnerability

net/http: limit canonical header cache by bytes, not entries bsc1206135 CVE-2022-41717...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References5
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•63 views

Updated libarchive packages fix security vulnerability

In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. CVE-2022-36227...

9.8CVSS9.1AI score0.01936EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•63 views

Updated netkit-telnet packages fix security vulnerability

2-byte DoS in netkit-telnetd. CVE-2022-39028...

7.5CVSS2AI score0.01657EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•44 views

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...

7.8CVSS8.1AI score0.00635EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•52 views

Updated nodejs-json-schema packages fix security vulnerability

node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes. CVE-2021-3918...

9.8CVSS3.3AI score0.03563EPSS
Exploits1References2
Total number of security vulnerabilities6011