Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/10/08 8:22 p.m.•32 views

Updated kitty packages fix security vulnerability

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. CVE-2022-41322...

7.8CVSS2.4AI score0.00499EPSS
Exploits1References4
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•57 views

Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

6.5CVSS1.4AI score0.0131EPSS
Exploits3References2
Mageia
Mageia
•added 2022/10/08 8:22 p.m.•105 views

Updated php packages fix security vulnerability

Core Fixed bug GH-9323 Crash in ZENDRETURN/GC/zendcallfunction Fixed bug GH-9361 Segmentation fault on script exit 9379. Fixed bug GH-9407 LSP error in eval'd code refers to wrong class for static type. Fixed bug 81727: Don't mangle HTTP variable names that clash with ones that have a specific...

6.5CVSS6.4AI score0.49336EPSS
Exploits2References2
Mageia
Mageia
•added 2022/10/05 5:23 a.m.•48 views

Updated golang packages fix security vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path...

7.5CVSS7.7AI score0.02607EPSS
Exploits0References4
Mageia
Mageia
•added 2022/10/05 5:23 a.m.•51 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are: High CVE-2022-3304: Use after free in CSS. High CVE-2022-3201: Insufficient...

8.8CVSS0.00616EPSS
Exploits6References4
Mageia
Mageia
•added 2022/10/05 5:23 a.m.•19 views

Updated bash packages fix security vulnerability

Bash has been updated to version 5.1.16 using a patch from Fedora to fix a security issue by adding a null check in the parameterbracetransform function...

2.7AI score
Exploits0References2
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•51 views

Updated firejail packages fix security vulnerability

root escalation in --join logic CVE-2022-31214...

7.8CVSS2.1AI score0.00382EPSS
Exploits0References5
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•34 views

Updated libjpeg packages fix security vulnerability

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the getwordrgbrow function in rdppm.c. CVE-2021-468...

5.5CVSS2.3AI score0.01009EPSS
Exploits0References3
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•63 views

Updated squid packages fix security vulnerability

Exposure of Sensitive Information in Cache Manager. CVE-2022-41317 Buffer Over Read in SSPI and SMB Authentication. CVE-2022-41318...

8.6CVSS2.4AI score0.0282EPSS
Exploits0References4
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•56 views

Updated python-mako packages fix security vulnerability

Denial of service attack via crafted regular expressions. CVE-2022-40023...

7.5CVSS3.6AI score0.01718EPSS
Exploits1References3
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•54 views

Updated expat packages fix security vulnerability

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674...

8.1CVSS2.2AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•64 views

Updated nodejs packages fix security vulnerability

DNS rebinding in --inspect on macOS CVE-2022-32212 Bypass via obs-fold mechanic CVE-2022-32213 HTTP Request Smuggling Due to Incorrect Parsing of Header Fields CVE-2022-35256...

8.1CVSS2AI score0.35079EPSS
Exploits2References3
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•35 views

Updated perl-HTTP-Daemon packages fix security vulnerability

Request smuggling in HTTP::Daemon CVE-2022-31081...

7.3CVSS0.5AI score0.02108EPSS
Exploits1References2
Mageia
Mageia
•added 2022/10/01 5:48 p.m.•53 views

Updated thunderbird packages fix security vulnerability

Improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properlyCVE-2022-39236 Too permissive key forwarding strategy allowing impersonation CVE-2022-39249 Trusting/verifying the user identity under the control of the homeserver instead of the intended one...

8.6CVSS3.7AI score0.01047EPSS
Exploits0References3
Mageia
Mageia
•added 2022/09/26 6:22 a.m.•75 views

Updated webkit2 packages fix security vulnerability

A buffer overflow issue which may lead to arbitrary code execution was addressed with improved memory handling. CVE-2022-32886 Visiting a website that frames malicious content may lead to UI spoofing. he issue was addressed with improved UI handling. CVE-2022-32891 A buffer overflow issue which m...

8.8CVSS8.3AI score0.01413EPSS
Exploits0References3
Mageia
Mageia
•added 2022/09/26 6:22 a.m.•56 views

Updated thunderbird packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS1.6AI score0.01342EPSS
Exploits0References3
Mageia
Mageia
•added 2022/09/26 6:22 a.m.•50 views

Updated tcpreplay packages fix security vulnerability

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in getlayer4v6 in common/get.c. CVE-2022-27939 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in getipv6next in common/get.c. CVE-2022-27940 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in getl2lenprotocol...

7.8CVSS1.3AI score0.01918EPSS
Exploits8References2
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•79 views

Updated google-gson packages fix security vulnerability

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. CVE-2022-25647...

7.7CVSS2.9AI score0.1158EPSS
Exploits0References4
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•59 views

Updated redis packages fix security vulnerability

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS2AI score0.02189EPSS
Exploits2References5
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•54 views

Updated open-vm-tools packages fix security vulnerability

A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine CVE-2022-31676...

7.8CVSS2.7AI score0.0054EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•77 views

Updated sofia-sip packages fix security vulnerability

An attacker can send a message with evil sdp to FreeSWITCH, which may a cause a crash due to an out-of-bounds access. CVE-2022-31001 An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. CVE-2022-31002 An out-of-bounds write. CVE-2022-31003...

9.8CVSS2.2AI score0.0366EPSS
Exploits3References5
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•101 views

Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS1.5AI score0.01342EPSS
Exploits0References5
Mageia
Mageia
•added 2022/09/21 6:15 p.m.•50 views

Updated libxslt packages fix security vulnerability

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30560...

8.8CVSS2.1AI score0.21623EPSS
Exploits0References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•48 views

Updated freecad packages fix security vulnerability

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. CVE-2021-45844...

7.8CVSS4.3AI score0.01102EPSS
Exploits1References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•42 views

Updated dpkg packages fix security vulnerability

A malicious source package could write files outside the unpack directory. CVE-2022-1664...

9.8CVSS2.2AI score0.02871EPSS
Exploits0References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•30 views

Updated gimp packages fix security vulnerability

An issue in gimplayerinvalidateboundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service DoS. CVE-2022-32990...

5.5CVSS5.1AI score0.00645EPSS
Exploits1References2
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•31 views

Updated ostree packages fix security vulnerability

A memory corruption issue that could be triggered when diffing binary files. CVE-2014-9862...

7.8CVSS8AI score0.06762EPSS
Exploits0References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•82 views

Updated libtiff packages fix security vulnerability

libtiff's tiffcrop utility has a uint32t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parameters could cause a crash or in some cases, further exploitation. CVE-2022-2867...

5.5CVSS2.7AI score0.003EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•44 views

Updated sdl2 packages fix security vulnerability

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, for denial of service, or for Code execution. CVE-2021-33657...

8.8CVSS5AI score0.01986EPSS
Exploits0References4
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•52 views

Updated zlib packages fix security vulnerability

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

9.8CVSS2.7AI score0.1593EPSS
Exploits1References5
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•47 views

Updated python-lxml packages fix security vulnerability

NULL pointer dereference due to state leak between parser runs CVE-2022-2309...

7.5CVSS3.6AI score0.02462EPSS
Exploits1References2
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•45 views

Updated curl packages fix security vulnerability

Control code in cookie denial of service. CVE-2022-35252...

3.7CVSS6.2AI score0.01839EPSS
Exploits1References3
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•52 views

Updated mediawiki packages fix security vulnerability

Username is not escaped in the "welcomeuser" message T308471. Bundled guzzlehttp/guzzle has been updated to 6.5.8, fixing several issues CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090, CVE-2022-31091...

8.1CVSS1.6AI score0.0182EPSS
Exploits0References7
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•41 views

Updated schroot packages fix security vulnerability

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. CVE-2022-2787...

4.3CVSS4.2AI score0.00815EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•27 views

Updated wireshark packages fix security vulnerability

F5 Ethernet Trailer dissector infinite loop wnpa-sec-2022-06...

1.7AI score
Exploits0References7
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•43 views

Updated SDL12 packages fix security vulnerability

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVE-2021-33657 SDL v1.2 was discovered to contai...

8.8CVSS5.1AI score0.01986EPSS
Exploits1References5
Mageia
Mageia
•added 2022/09/16 7:39 p.m.•40 views

Updated libtar packages fix security vulnerability

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger...

9.1CVSS2.1AI score0.01431EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/10 8:26 p.m.•58 views

Updated rpm packages fix security vulnerability

RPM does not require subkeys to have a valid binding signature CVE-2021-3521...

4.7CVSS2.1AI score0.00302EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/10 8:26 p.m.•53 views

Updated gstreamer1.0-plugins-good packages fix security vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2022-1920, CVE-2022-1921 It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this...

7.8CVSS8AI score0.00465EPSS
Exploits7References7
Mageia
Mageia
•added 2022/09/10 8:26 p.m.•70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.65 and fixes at least the following security issues: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of the map. This flaw allows a local...

7.8CVSS7.2AI score0.00971EPSS
Exploits4References5
Mageia
Mageia
•added 2022/09/10 8:26 p.m.•71 views

Updated jupyter-notebook packages fix security vulnerability

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. CVE-2018-19351 It was discovered that Jupyter Notebook...

7.5CVSS1.2AI score0.05664EPSS
Exploits2References6
Mageia
Mageia
•added 2022/09/07 5:27 a.m.•46 views

Updated connman packages fix security vulnerability

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute code. CVE-2022-32292 In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a...

9.8CVSS3.4AI score0.02392EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/07 5:27 a.m.•67 views

Updated xpdf packages fix security vulnerability

In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. CVE-2022-24106 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc...

7.8CVSS7.8AI score0.00314EPSS
Exploits0References2
Mageia
Mageia
•added 2022/09/04 7:47 p.m.•110 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 105 branch with the 105.0.5195.102 version, fixing many bugs and 25 vulnerabilities. Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. Some of the addressed CVE are listed below: High CVE-2022-3075:...

9.6CVSS0.3AI score0.24738EPSS
Exploits1References4
Mageia
Mageia
•added 2022/09/02 7:59 p.m.•53 views

Updated ytnef packages fix security vulnerability

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service and potentially code execution due to a double free which can be triggered via a crafted file. CVE-2021-3403 In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote...

7.8CVSS6.3AI score0.0193EPSS
Exploits2References2
Mageia
Mageia
•added 2022/09/02 7:59 p.m.•59 views

Updated webkit2 packages fix security vulnerability

Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32893...

8.8CVSS3.3AI score0.09785EPSS
Exploits0References3
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•40 views

Updated python-ldap packages fix security vulnerability

It was discovered that Python LDAP incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service CVE-2021-46823...

6.5CVSS2.5AI score0.01713EPSS
Exploits0References3
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•29 views

Updated clamav packages fix security vulnerability

ClamAV 0.103.7 is a critical patch release with the following fixes: Upgrade the vendored UnRAR library to version 6.1.7. Fix logical signature "Intermediates" feature. Relax constraints on slightly malformed zip archives that contain overlapping file entries...

3.9AI score
Exploits0References2
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•53 views

Updated thunderbird packages fix security vulnerability

Address bar spoofing via XSLT error handling CVE-2022-38472 Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-38473 Memory safety bugs. CVE-2022-38478...

8.8CVSS1.8AI score0.00905EPSS
Exploits0References3
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•71 views

Updated postgresql packages fix security vulnerability

Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 Extension scripts replace objects not belonging to the extension CVE-2022-2625...

8.8CVSS2.7AI score0.12403EPSS
Exploits0References4
Total number of security vulnerabilities6011