Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/12/13 10:9 p.m.•63 views

Updated libarchive packages fix security vulnerability

In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. CVE-2022-36227...

9.8CVSS9.1AI score0.01936EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•15 views

Updated admesh packages fix security vulnerability

Security fix for TALOS-2022-1594...

1.7AI score
Exploits0References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•44 views

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...

7.8CVSS8.1AI score0.00635EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•40 views

Updated rxvt-unicode packages fix security vulnerability

rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. CVE-2022-4170...

9.8CVSS2.9AI score0.02058EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•55 views

Updated ruby packages fix security vulnerability

If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object bas...

8.8CVSS0.7AI score0.02287EPSS
Exploits1References3
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•63 views

Updated netkit-telnet packages fix security vulnerability

2-byte DoS in netkit-telnetd. CVE-2022-39028...

7.5CVSS2AI score0.01657EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•44 views

Updated awstats packages fix security vulnerability

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. CVE-2022-46391...

6.1CVSS1.8AI score0.00655EPSS
Exploits0References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•48 views

Updated vim packages fix security vulnerability

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. CVE-2022-4141...

7.8CVSS2.5AI score0.00423EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/13 10:9 p.m.•52 views

Updated nodejs-json-schema packages fix security vulnerability

node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes. CVE-2021-3918...

9.8CVSS3.3AI score0.03563EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•92 views

Updated imagemagick packages fix security vulnerability

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. CVE-2021-3574 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows a...

7.8CVSS1.3AI score0.0238EPSS
Exploits4References16
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•69 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 108 branch with the 108.0.5359.94 release, fixing many bugs and 29 vulnerabilities, together with 107.0.5304.121 and 108.0.5359.71. Some of the security fixes are - CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao...

9.6CVSS9.1AI score0.31864EPSS
Exploits4References2
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•33 views

Updated thunderbird packages fix security vulnerability

Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. CVE-2022-45414...

8.1CVSS1.5AI score0.00528EPSS
Exploits0References3
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•90 views

Updated freerdp packages fix security vulnerability

In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. CVE-2022-39316 Affected versions of FreeRDP are missing a range check for input...

5.7CVSS5.8AI score0.00967EPSS
Exploits0References8
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•38 views

Updated libtiff packages fix security vulnerability

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. CVE-2022-3970...

8.8CVSS8.6AI score0.01237EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•46 views

Updated jbigkit packages fix security vulnerability

JBIG-KIT could be made to crash if it opened a specially crafted file. CVE-2017-9937...

6.5CVSS2.5AI score0.02846EPSS
Exploits1References2
Mageia
Mageia
•added 2022/12/06 11:32 p.m.•64 views

Updated erlang packages fix security vulnerability

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. CVE-2022-37026...

9.8CVSS2.4AI score0.01167EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•49 views

Updated xterm packages fix security vulnerability

xterm before patch 375 can enable an RCE under certain conditions...

9.8CVSS2AI score0.04949EPSS
Exploits1References3
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•59 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...

8.8CVSS8.4AI score0.21314EPSS
Exploits4References6
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•61 views

Updated golang packages fix security vulnerability

Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. CVE-2022-41716 runtime: lock count" fatal error when cgo is enabled go56308...

7.5CVSS2.2AI score0.00778EPSS
Exploits0References5
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•49 views

Updated botan packages fix security vulnerability

Fixed validation of embedded certificates was when checking OCSP responses CVE-2022-43705...

9.1CVSS1.9AI score0.00415EPSS
Exploits0References2
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•71 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an iouring request and the Unix socket garbage collector, allowing an attacker local privilege escalation CVE-2022-2602. A...

8.8CVSS8.4AI score0.21314EPSS
Exploits4References6
Mageia
Mageia
•added 2022/11/27 8:51 p.m.•117 views

Updated radare2/rizin packages fix security vulnerability

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. CVE-2021-32613 A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS...

9.8CVSS2.3AI score0.01799EPSS
Exploits19References7
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•22 views

Updated tumbler packages fix security vulnerability

gst-thumbnailer: Add mime type check gxoxfce/tumbler65 desktop-thumbnailer: Guard against null path Fix typo in gthread version gxoxfce/tumbler!14...

2.2AI score
Exploits0References2
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•57 views

Updated java packages fix security vulnerability

Class compilation issue. CVE-2022-21540 Improper restriction of MethodHandle.invokeBasic. CVE-2022-21541 Integer truncation issue in Xalan-J. CVE-2022-34169 Improper MultiByte conversion can lead to buffer overflow. CVE-2022-21618 Improper handling of long NTLM client hostnames. CVE-2022-21619...

7.5CVSS2.3AI score0.17673EPSS
Exploits2References7
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•75 views

Updated dropbear packages fix security vulnerability

Updated dropbear package fixes a security vulnerability in dbclient:. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measure...

7.5CVSS2.4AI score0.01348EPSS
Exploits0References2
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•62 views

Updated freerdp packages fix security vulnerability

FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. CVE-2022-39282 All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as...

7.5CVSS7.7AI score0.00985EPSS
Exploits0References6
Mageia
Mageia
•added 2022/11/24 10:21 p.m.•61 views

Updated libx11 packages fix security vulnerability

Memory leak in XRegisterIMInstantiateCallback. CVE-2022-3554 Memory leak in XFreeX11XCBStructure. CVE-2022-3555...

3.8AI score
Exploits0References4
Mageia
Mageia
•added 2022/11/18 10:50 p.m.•25 views

Updated sysstat packages fix security vulnerability

On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representin...

7.8CVSS8.3AI score0.01096EPSS
Exploits1References4
Mageia
Mageia
•added 2022/11/18 10:50 p.m.•31 views

Updated varnish packages fix security vulnerability

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...

7.5CVSS1.3AI score0.00936EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/18 10:50 p.m.•122 views

Updated php-pear-CAS packages fix security vulnerability

This update fixes a vulnerability in this lib. For details see refererenced github advisory...

8CVSS2.1AI score0.01064EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/18 10:50 p.m.•33 views

Updated x11-server packages fix security vulnerability

Buffer overflow in function GetCountedString of the file xkb/xkb.c. CVE-2022-3550 Memory leak in the function ProcXkbGetKbdByName of the file xkb/xkb.c. CVE-2022-3551...

8.8CVSS7.8AI score0.01681EPSS
Exploits0References5
Mageia
Mageia
•added 2022/11/18 10:50 p.m.•77 views

Updated vim packages fix security vulnerability

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2000, CVE-2022-2129, CVE-2022-2210 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-2042 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2124, CVE-2022-2175 Heap-based Buffer Overflow in...

8CVSS1.3AI score0.01564EPSS
Exploits55References16
Mageia
Mageia
•added 2022/11/17 8:45 p.m.•40 views

Updated firefox packages fix security vulnerability

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations CVE-2022-43680. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for...

9.8CVSS9.6AI score0.02241EPSS
Exploits1References4
Mageia
Mageia
•added 2022/11/17 8:45 p.m.•40 views

Updated systemd packages fix security vulnerability

buffer overrun in formattimespan function bsc1204968 CVE-2022-3821 Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 0469b9f2bc pstore: do not try to load all known pstore modules ad05f54439 pstore: Run after modules are loaded ccad817445 core: Add trigger limit for path units 281d818fe3...

5.5CVSS0.7AI score0.00412EPSS
Exploits1References3
Mageia
Mageia
•added 2022/11/17 8:45 p.m.•45 views

Updated thunderbird packages fix security vulnerability

Service Workers might have learned size of cross-origin media files. CVE-2022-45403 Fullscreen notification bypass. CVE-2022-45404 Use-after-free in InputStream implementation. CVE-2022-45405 Use-after-free of a JavaScript Realm. CVE-2022-45406 Fullscreen notification bypass via windowName...

9.8CVSS3.9AI score0.01061EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/17 3:45 p.m.•37 views

Updated sudo packages fix security vulnerability

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

7.1CVSS3.6AI score0.00271EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•50 views

Updated exiv2 packages fix security vulnerability

Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. CVE-2022-3756...

4AI score
Exploits0References2
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•60 views

Updated nodejs packages fix security vulnerability

DNS rebinding in --inspect via invalid octal IP address CVE-2022-43548 In addition, 14.21.0 has provided the following changes: deps update corepack to 0.14.2 Node.js GitHub Bot 44775 src add --openssl-shared-config option Daniel Bevenius 43124...

8.1CVSS2.8AI score0.14024EPSS
Exploits0References5
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•65 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.87 version, fixing many bugs and 15 vulnerabilities, together with 107.0.5304.68. Some of the security fixes are: High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team...

8.8CVSS0.3AI score0.23798EPSS
Exploits4References4
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•57 views

Updated webkit2 packages fix security vulnerability

The updated packages fix a security vulnerability and other issues...

8.8CVSS7.2AI score0.0141EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•63 views

Updated binutils/gdb packages fix security vulnerability

libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 binutils: heap-based buffer overflow in bfdgetl32 when called by stripmain in objcopy.c via a crafted file CVE-2022-38533...

6.5CVSS4.4AI score0.01089EPSS
Exploits0References3
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•47 views

Updated pcre packages fix security vulnerability

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

9.1CVSS3.3AI score0.02993EPSS
Exploits0References9
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•54 views

Updated wayland packages fix security vulnerability

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

6.6CVSS1.8AI score0.00297EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•38 views

Updated pixman packages fix security vulnerability

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an integer overflow in pixmansamplefloory. CVE-2022-44638...

8.8CVSS3.8AI score0.0144EPSS
Exploits1References4
Mageia
Mageia
•added 2022/11/13 2:25 a.m.•45 views

Updated libtiff packages fix security vulnerability

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections,...

6.5CVSS6.2AI score0.01016EPSS
Exploits3References2
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•48 views

Updated 389-ds-base packages fix security vulnerability

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated ttacker to cause a denial of service. This CVE is assigned against an incomplete fix o...

6.5CVSS3.6AI score0.01238EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•42 views

Updated libtasn1 packages fix security vulnerability

GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder. CVE-2021-46848...

9.1CVSS2.3AI score0.02062EPSS
Exploits1References4
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•62 views

Updated mbedtls packages fix security vulnerability

An unauthenticated remote host could send an invalid ClientHello message in which the declared length of the cookie extends past the end of the message. A DTLS server with MBEDTLSSSLDTLSCLIENTPORTREUSE enabled would read past the end of the message up to the declared length of the cookie. This...

9.1CVSS0.7AI score0.01831EPSS
Exploits1References3
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•148 views

Updated libtiff packages fix security vulnerability

There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1. CVE-2022-2519 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVE-2022-2520 It w...

7.7CVSS6.8AI score0.00985EPSS
Exploits5References3
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•16 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 4.3.5, which fixes several security vulnerabilities and other bugs which were corrected upstream...

4AI score
Exploits0References1
Total number of security vulnerabilities6011