Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/08/29 5:7 a.m.•54 views

Updated net-snmp packages fix security vulnerability

A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. CVE-2022-24805 Buffer overflow and out of bounds memory access. CVE-2022-24806 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memo...

8.8CVSS2.6AI score0.01299EPSS
Exploits0References4
Mageia
Mageia
•added 2022/08/29 5:7 a.m.•85 views

Updated mariadb packages fix security vulnerability

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 A use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc. CVE-2022-32081 An assertion failure at table-getrefcount == 0 in...

7.5CVSS4.8AI score0.51733EPSS
Exploits6References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•39 views

Updated freetype2 packages fix security vulnerability

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. CVE-2022-31782...

7.8CVSS3.6AI score0.00699EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•264 views

Updated nodejs packages fix security vulnerability

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

9.8CVSS1AI score0.77766EPSS
Exploits5References7
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•63 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Us...

8.8CVSS1.6AI score0.04493EPSS
Exploits1References3
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•37 views

Updated freeciv packages fix security vulnerability

Advisory text to describe the update. Wrap lines at 75 chars. Modpack Installer buffer overflow. CVE-2022-39047...

8.8CVSS4.6AI score0.01013EPSS
Exploits0References4
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•45 views

Updated dovecot packages fix security vulnerability

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...

8.8CVSS2.4AI score0.01748EPSS
Exploits1References5
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•49 views

Updated rsync packages fix security vulnerability

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

7.4CVSS3.5AI score0.01659EPSS
Exploits1References4
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•57 views

Updated microcode packages fix security vulnerability

Updated microcode packages fix security vulnerability: Improper isolation of shared resources in some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access CVE-2022-21233, intel-sa-00657. For more info, see the refenced advisory and release...

5.5CVSS4AI score0.00324EPSS
Exploits0References3
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•43 views

Updated canna packages fix security vulnerability

Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. CVE-2022-21950...

5.3CVSS4.1AI score0.00142EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•95 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a...

7.8CVSS0.6AI score0.12746EPSS
Exploits14References6
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•200 views

Updated kernel-linus packages fix security vulnerabilities

This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a...

7.8CVSS2.8AI score0.12746EPSS
Exploits15References6
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•64 views

Updated libgsasl packages fix security vulnerability

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. CVE-2022-2469...

8.1CVSS2.2AI score0.01091EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•86 views

Updated kicad packages fix security vulnerability

Multiple buffer overflows were discovered in Kicad, a suite of programs for the creation of printed circuit boards, which could result in the execution of arbitrary code if malformed Gerber/Excellon files, as follows. A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber...

7.8CVSS5.6AI score0.01736EPSS
Exploits3References5
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•44 views

Updated gnutls packages fix security vulnerability

A double free error occurs during verification of pkcs7 signatures in gnutlspkcs7verify function. CVE-2022-2509...

7.5CVSS3.2AI score0.01492EPSS
Exploits0References6
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•41 views

Updated thunderbird packages fix security vulnerability

Mouse Position spoofing with CSS transforms. CVE-2022-36319 Directory indexes for bundled resources reflected URL parameters. CVE-2022-36318...

7.5CVSS4AI score0.00694EPSS
Exploits0References4
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•52 views

Updated unbound packages fix security vulnerability

Advisory text to describe the update. Wrap lines at 75 chars. Update to version 1.16.2 fixes many bugs along with versions 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.16.0 and 1.16.1, and protects against CVE-2022-306989...

6.5CVSS3AI score0.00868EPSS
Exploits0References8
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•56 views

Updated ldb/samba/sssd packages fix security vulnerability

Fixed AD restrictions bypass associated with changing passwords bsc1201495. CVE-2022-2031 Fixed a memory leak in SMB1 bsc1201496. CVE-2022-32742 Fixed an arbitrary password change request for any AD user bsc1201493. CVE-2022-32744 Fixed a remote server crash with an LDAP add or modify request...

8.8CVSS2.4AI score0.01064EPSS
Exploits0References10
Mageia
Mageia
•added 2022/08/25 9:21 p.m.•46 views

Updated firefox/nss packages fix security vulnerability

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin CVE-2022-38472. A cross-origin iframe referencing ...

8.8CVSS0.5AI score0.00905EPSS
Exploits0References6
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•55 views

Updated apache-mod_wsgi packages fix security vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...

7.5CVSS2.4AI score0.0069EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•61 views

Updated libxml2 packages fix security vulnerability

It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code CVE-2016-3709...

6.1CVSS2.7AI score0.00764EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•43 views

Updated wavpack packages fix security vulnerability

Null pointer dereference in wvunpack CVE-2022-2476...

5.5CVSS2.9AI score0.00358EPSS
Exploits1References3
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•39 views

Updated teeworlds packages fix security vulnerability

Code execution via malicious map file CVE-2021-43518...

7.8CVSS3.8AI score0.01382EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•59 views

Updated libitrpc packages fix security vulnerability

It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service CVE-2021-46828...

7.5CVSS2.4AI score0.02088EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/20 10:4 a.m.•66 views

Updated webkit2 packages fix security vulnerability

The updated packages fix security vulnerabilities and other issues...

8.8CVSS2.1AI score0.70461EPSS
Exploits0References4
Mageia
Mageia
•added 2022/08/18 6:45 p.m.•64 views

Updated nvidia-current packages fix security vulnerabilities

Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of...

7.8CVSS3AI score0.00245EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/18 6:45 p.m.•60 views

Updated nvidia390 packages fix security vulnerabilities

Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges,...

7.8CVSS3AI score0.00245EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/13 2:32 a.m.•46 views

Updated ruby-sinatra packages fix security vulnerability

Sinatra before 2.2.0 does not validate that the expanded path matches publicdir when serving static files. CVE-2022-29970...

7.5CVSS2AI score0.02059EPSS
Exploits0References2
Mageia
Mageia
•added 2022/08/13 2:32 a.m.•172 views

Updated python-django packages fix security vulnerability

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS0.8AI score0.73274EPSS
Exploits3References4
Mageia
Mageia
•added 2022/08/13 2:32 a.m.•45 views

Updated poppler packages fix security vulnerability

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file. CVE-2022-27337...

6.5CVSS4.2AI score0.01547EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/13 2:32 a.m.•64 views

Updated golang packages fix security vulnerability

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. CVE-2022-32189...

7.5CVSS7.7AI score0.0198EPSS
Exploits1References6
Mageia
Mageia
•added 2022/08/13 2:32 a.m.•44 views

Updated libtiff packages fix security vulnerability

A stack overflow was discovered in the TIFFVGetField function of Tiffsplit CVE-2022-34526...

6.5CVSS3.9AI score0.01385EPSS
Exploits1References2
Mageia
Mageia
•added 2022/08/06 3:43 p.m.•125 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.58 and fixes at least the following security issues: Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled CVE-2022-21505. Aliases in the branch predictor may cause some AMD processors to predict the wrong...

7.8CVSS7.8AI score0.05542EPSS
Exploits2References6
Mageia
Mageia
•added 2022/08/06 3:43 p.m.•86 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.58 and fixes at least the following security issues: Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled CVE-2022-21505. Aliases in the branch predictor may cause some AMD processors to predict the...

7.8CVSS7.7AI score0.04947EPSS
Exploits1References6
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•30 views

Updated osmo packages fix security vulnerability

Phishing website URL removed from package spec file and replaced with new official site link...

2.4AI score
Exploits0References2
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•94 views

Updated sqlite3 packages fix security vulnerability

It was discovered that sqlite contained an assertion failure upon queries when compiled with -DSQLITEENABLESTAT4 CVE-2022-35737...

7.5CVSS1.8AI score0.17981EPSS
Exploits2References3
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•48 views

Updated python-m2crypto packages fix security vulnerability

Bleichenbacher timing attacks in the RSA decryption API CVE-2020-25657...

5.9CVSS3.8AI score0.01727EPSS
Exploits0References3
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•47 views

Updated mingw-giflib packages fix security vulnerability

It was discovered that giflib 5.2.1 including mingw-giflib which has giflib 5.2.1 bundled contained a heap-buffer-overflow in function DumpScreen2RGB CVE-2022-28506...

5.5CVSS2.7AI score0.01222EPSS
Exploits1References3
Mageia
Mageia
•added 2022/08/05 9:0 p.m.•124 views

Updated chromium-browser-stable packages fix security vulnerability

1325699 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 1335316 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang@eternalsakura13 and Guang Gong of 360 Alpha Lab on 2022-06-10 1338470 High CVE-2022-2605: Out of bounds read in Dawn. Report...

8.8CVSS0.3AI score0.00799EPSS
Exploits3References3
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•49 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

It was discovered that gdk-pixbuf contained a buffer overwrite in io-gif-animation.c compositeframe exploitable using a crafted GIF CVE-2021-46829...

7.8CVSS3AI score0.00748EPSS
Exploits1References3
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•41 views

Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.998, fixing XSS issues in the HTTP Tunnel and Read Mail modules, along with several other bugs...

1.2AI score
Exploits0References3
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•60 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to version 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below. Use after free in Guest View. CVE-2022-2477 Use after free in PDF. CVE-2022-2478 Insufficient validation of untrusted input in File. CVE-2022-2479 Use...

8.8CVSS2.5AI score0.17864EPSS
Exploits0References3
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•112 views

Updated python-ujson packages fix security vulnerability

Add support for arbitrary size integers. Replace 'wchart' string decoding implementation with a 'uint32t'-based one; fix handling of surrogates on decoding CVE-2022-31116 Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized -...

7.5CVSS3AI score0.02283EPSS
Exploits1References2
Mageia
Mageia
•added 2022/07/29 8:53 p.m.•56 views

Updated firefox packages fix security vulnerability

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected CVE-2022-36318. When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed CVE-2022-36319...

7.5CVSS3.8AI score0.00694EPSS
Exploits0References4
Mageia
Mageia
•added 2022/07/25 9:41 p.m.•78 views

Updated libtiff packages fix security vulnerability

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-2056, CVE-2022-2057, CVE-2022-2058...

6.5CVSS5.3AI score0.01255EPSS
Exploits3References2
Mageia
Mageia
•added 2022/07/25 9:41 p.m.•27 views

Updated logrotate packages fix security vulnerability

Improved coredump handing for SUID binaries. bsc1192449...

1.5AI score
Exploits0References3
Mageia
Mageia
•added 2022/07/25 9:50 a.m.•121 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.1.36 maintenance release that fixes at least the following security vulnerabilities: A vulnerability in the Oracle VM VirtualBox prior to 6.1.36 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure...

8.2CVSS1.8AI score0.00347EPSS
Exploits0References3
Mageia
Mageia
•added 2022/07/20 8:24 p.m.•104 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and Networ...

7.8CVSS1.2AI score0.05451EPSS
Exploits10References9
Mageia
Mageia
•added 2022/07/20 8:24 p.m.•73 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and...

7.8CVSS2.5AI score0.05451EPSS
Exploits10References9
Mageia
Mageia
•added 2022/07/16 7:58 p.m.•71 views

Updated java packages fix security vulnerability

OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...

7.5CVSS4.2AI score0.04046EPSS
Exploits0References3
Total number of security vulnerabilities6011