Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/11/08 7:44 p.m.•84 views

Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...

7.8CVSS2.8AI score0.22791EPSS
Exploits2References5
Mageia
Mageia
•added 2022/11/08 7:44 p.m.•16 views

Updated bluez packages fix security vulnerability

The updated packages add one additional fix for security vulnerabilities. See references for details...

2.2AI score
Exploits0References3
Mageia
Mageia
•added 2022/11/04 9:16 p.m.•73 views

Updated expat packages fix security vulnerability

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680...

7.5CVSS7.9AI score0.02241EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/04 9:16 p.m.•97 views

Updated wkhtmltopdf packages fix security vulnerability

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. CVE-2020-21365...

7.5CVSS3.8AI score0.01817EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/04 9:16 p.m.•46 views

Updated ntfs-3g packages fix security vulnerability

NTFS-3G could be made to crash or run programs as an administrator if it mounted a specially crafted disk. CVE-2022-40284...

7.8CVSS2.8AI score0.00347EPSS
Exploits0References4
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•38 views

Updated virglrenderer packages fix security vulnerability

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer virglrenderer. This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPUEXECBUFFER ioctl, leading to a denial of service or possible code execution. CVE-2022-0135 A flaw was...

7.8CVSS1.5AI score0.0038EPSS
Exploits0References6
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•21 views

Updated php packages fix security vulnerability

GD - Fixed bug 81739: OOB read due to insufficient input validation in imageloadfont. Hash - Fixed bug 81738: buffer overflow in hashupdate on long parameter. Session - Fixed bug GH-9583 sessioncreateid fails with user defined save handler that doesn't have a validateId method. Streams - Fixed bu...

0.9AI score
Exploits0References2
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•202 views

Updated curl packages fix security vulnerability

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. CVE-2022-32221...

9.8CVSS8.7AI score0.04325EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•47 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. CVE-2021-44648...

8.8CVSS3AI score0.01891EPSS
Exploits1References5
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•43 views

Updated libksba packages fix security vulnerability

Integer Overflow in LibKSBA. CVE-2022-3515...

9.8CVSS3.6AI score0.01635EPSS
Exploits1References2
Mageia
Mageia
•added 2022/11/01 10:58 p.m.•38 views

Updated nbd packages fix security vulnerability

It was discovered that nbd prior to 3.24 contained an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name resulting in a write to a dangling pointer CVE-2022-26495. Stack-based...

9.8CVSS2.7AI score0.0347EPSS
Exploits3References6
Mageia
Mageia
•added 2022/10/28 11:32 p.m.•48 views

Updated libreoffice packages fix security vulnerability

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS1.8AI score0.04354EPSS
Exploits0References4
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•47 views

Updated minidlna packages fix security vulnerability

A DNS rebinding issue in ReadyMedia formerly MiniDLNA before 1.3.1 allows a remote web server to exfiltrate media files. CVE-2022-26505...

7.4CVSS3.2AI score0.01578EPSS
Exploits0References5
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•59 views

Updated nginx packages fix security vulnerability

Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact. CVE-2022-41741, CVE-2022-41742...

7.8CVSS3AI score0.01069EPSS
Exploits2References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•101 views

Updated heimdal packages fix security vulnerability

Heimdal was not properly handling logical conditions that related to memory management operations. An attacker could possibly use this issue to cause a denial of service. CVE-2022-3116...

7.5CVSS2.8AI score0.00885EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•61 views

Updated krb5-appl packages fix security vulnerability

NULL pointer dereference in krb5-appl telnetd. CVE-2022-39028...

7.5CVSS2.2AI score0.01657EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•56 views

Updated thunderbird packages fix security vulnerability

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674...

8.1CVSS8.4AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•36 views

Updated cups packages fix security vulnerability

Authentication bypass and code execution vulnerability. CVE-2022-26691...

7.2CVSS2.6AI score0.00579EPSS
Exploits0References8
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•51 views

Updated http-parser packages fix security vulnerability

http-parser could be made to expose sensitive data if it received a specially crafted request. CVE-2020-8287...

6.5CVSS7.4AI score0.16296EPSS
Exploits2References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•71 views

Updated git packages fix security vulnerability

CVE-2022-39253: A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. CVE-2022-39260: Allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. CVE-2022-29187:...

8.8CVSS7.6AI score0.02938EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/28 6:54 a.m.•57 views

Updated firefox packages fix security vulnerability

expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 Fixes webrtc...

8.1CVSS8.4AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/27 9:38 a.m.•60 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.1.40 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.40 contains a difficult to exploit vulnerability that allows high privileged attacker with logon to the infrastructure...

8.1CVSS1.4AI score0.01635EPSS
Exploits0References3
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•64 views

Updated freerdp packages fix security vulnerability

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. Th...

9.8CVSS1.6AI score0.02674EPSS
Exploits1References4
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•67 views

Updated libosip2 packages fix security vulnerability

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader. CVE-2022-41550...

6.5CVSS3.7AI score0.00538EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•65 views

Updated bind packages fix security vulnerability

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 By spoofing the target resolver with responses that have a malformed ECDSA...

7.5CVSS8AI score0.02299EPSS
Exploits0References6
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•39 views

Updated perl-Image-ExifTool packages fix security vulnerability

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection. CVE-2022-23935...

7.8CVSS2.1AI score0.07575EPSS
Exploits5References2
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•44 views

Updated e2fsprogs packages fix security vulnerability

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304...

7.8CVSS4.9AI score0.01382EPSS
Exploits0References4
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•33 views

Updated epiphany packages fix security vulnerability

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow in ephystringshorten in the UI process via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. CVE-2022-29536...

7.5CVSS2.8AI score0.01952EPSS
Exploits0References4
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•62 views

Updated poppler packages fix security vulnerability

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...

7.8CVSS7.8AI score0.00574EPSS
Exploits1References7
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•35 views

Updated libconfuse packages fix security vulnerability

cfgtildeexpand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. CVE-2022-40320...

8.8CVSS2.3AI score0.01079EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/23 10:48 p.m.•55 views

Updated ntfs-3g packages fix security vulnerability

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+5123-2. CVE-2021-46790 An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...

7.8CVSS7.6AI score0.00504EPSS
Exploits1References9
Mageia
Mageia
•added 2022/10/23 8:35 p.m.•77 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM...

8.8CVSS8AI score0.03763EPSS
Exploits8References10
Mageia
Mageia
•added 2022/10/23 8:35 p.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest V...

8.8CVSS8.3AI score0.03763EPSS
Exploits12References13
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•59 views

Updated dokuwiki packages fix security vulnerability

Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. CVE-2022-3123...

6.1CVSS1AI score0.00891EPSS
Exploits1References3
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•54 views

Updated dhcp packages fix security vulnerability

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

6.5CVSS6.9AI score0.00664EPSS
Exploits0References5
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•75 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.119 version, fixing many bugs and 6 vulnerabilities. Some of the security fixes are: High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang @eternalsakura13 and Yong Liu of 360 Vulnerability...

8.8CVSS1.3AI score0.00683EPSS
Exploits0References3
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•46 views

Updated unzip packages fix security vulnerability

Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2021-4217 Conversion of a wide string to a local string that leads to a heap of out-of-bound write. Thi...

5.5CVSS3AI score0.02421EPSS
Exploits3References9
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•60 views

Updated golang packages fix security vulnerability

regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880...

7.5CVSS8.1AI score0.01544EPSS
Exploits1References4
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•58 views

Updated firefox packages fix security vulnerability

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries CVE-2022-42927. Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to...

8.8CVSS2.7AI score0.0083EPSS
Exploits0References4
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•28 views

Updated sos packages fix security vulnerability

SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. CVE-2022-2806...

5.5CVSS1.9AI score0.00233EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/18 11:14 p.m.•42 views

Updated python-joblib packages fix security vulnerability

Arbitrary Code Execution in joblib CVE-2022-21797...

9.8CVSS3.2AI score0.01975EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/13 8:5 p.m.•15 views

Updated libofx packages fix security vulnerability

The updated packages fix memory issues in libofx. rhbz2127755...

2.1AI score
Exploits0References6
Mageia
Mageia
•added 2022/10/13 8:5 p.m.•55 views

Updated lighttpd packages fix security vulnerability

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. CVE-2022-37797 A...

7.5CVSS0.4AI score0.02714EPSS
Exploits5References2
Mageia
Mageia
•added 2022/10/13 8:5 p.m.•78 views

Updated python packages fix security vulnerability

The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...

8CVSS7.3AI score0.08325EPSS
Exploits2References7
Mageia
Mageia
•added 2022/10/13 8:5 p.m.•55 views

Updated mediawiki packages fix security vulnerability

HTMLUserTextField exposes existence of hidden users CVE-2022-41765. reassignEdits doesn't update results in an IP range check on Special:Contributions CVE-2022-41767...

5.3CVSS1.8AI score0.00641EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•268 views

Updated python3 packages fix security vulnerability

Converting between int and str in bases other than 2 binary, 4, 8 octal, 16 hexadecimal, or 32 such as base 10 decimal now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. CVE-2020-10735...

8CVSS7.9AI score0.07017EPSS
Exploits1References8
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•104 views

Updated php packages fix security vulnerability

Core Fixed bug GH-9323 Crash in ZENDRETURN/GC/zendcallfunction Fixed bug GH-9361 Segmentation fault on script exit 9379. Fixed bug GH-9407 LSP error in eval'd code refers to wrong class for static type. Fixed bug 81727: Don't mangle HTTP variable names that clash with ones that have a specific...

6.5CVSS6.4AI score0.49336EPSS
Exploits2References2
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•32 views

Updated kitty packages fix security vulnerability

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. CVE-2022-41322...

7.8CVSS2.4AI score0.00499EPSS
Exploits1References4
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•41 views

Updated enlightenment packages fix security vulnerability

Updated enlightenment package to fix the security vulnerability, CVE-2022-37706 that would allow an user to gain root privileges...

7.8CVSS3.5AI score0.05486EPSS
Exploits15References3
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•48 views

Updated unbound packages fix security vulnerability

Non-Responsive Delegation Attack. CVE-2022-3204 Improves performance when under load, by cutting promiscuous queries for nameserver discovery and limiting the number of times a delegation point can look in the cache for missing records...

7.5CVSS2.6AI score0.01293EPSS
Exploits0References2
Total number of security vulnerabilities6011