Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/05/28 8:56 a.m.•74 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging. CVE-2022-1856: Use after...

9.6CVSS0.8AI score0.0088EPSS
Exploits3References3
Mageia
Mageia
•added 2022/05/28 8:56 a.m.•41 views

Updated admesh packages fix security vulnerability

ADMesh through 0.98.4 has a heap-based buffer over-read in stlupdateconnectsremove1 called from stlremovedegenerate in connect.c in libadmesh.a. CVE-2018-25033...

8.1CVSS2.3AI score0.0102EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/28 8:56 a.m.•41 views

Updated pidgin packages fix security vulnerability

MITM vulnerability when DNSSEC wasn't used CVE-2022-26491...

5.9CVSS2.2AI score0.02419EPSS
Exploits0References5
Mageia
Mageia
•added 2022/05/28 8:56 a.m.•129 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...

7CVSS7.1AI score0.00612EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•69 views

Updated firefox/thunderbird packages fix security vulnerability

Prototype pollution in Top-Level Await implementation. CVE-2022-1802 Untrusted input used in JavaScript object indexing, leading to prototype pollution. CVE-2022-1529...

8.8CVSS2.1AI score0.26709EPSS
Exploits0References4
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•46 views

Updated cockpit packages fix security vulnerability

authenticates with revoked certificates CVE-2021-3698...

7.5CVSS3AI score0.00665EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•69 views

Updated supertux packages fix security vulnerability

squirrel: threadcall in sqbaselib.cpp lacks a certain sqreservestack call CVE-2022-30292...

10CVSS2.2AI score0.03576EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•39 views

Updated openldap packages fix security vulnerability

SQL injection in back-sql CVE-2022-29155...

9.8CVSS2.2AI score0.69899EPSS
Exploits1References4
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•97 views

Updated unrar packages fix security vulnerability

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. CVE-2022-30333...

7.5CVSS5AI score0.98975EPSS
Exploits12References2
Mageia
Mageia
•added 2022/05/25 6:46 p.m.•422 views

Updated vim packages fix security vulnerability

vim is vulnerable to out of bounds read CVE-2022-0213 Heap-based Buffer Overflow in blockinsert in src/ops.c CVE-2022-0261 a heap-based OOB read of size 1 CVE-2022-0128 heap-based buffer overflow in utfheadoff in mbyte.c CVE-2022-0318 access of memory location before start of buffer CVE-2022-0351...

9.8CVSS8.1AI score0.26583EPSS
Exploits30References19
Mageia
Mageia
•added 2022/05/22 1:36 p.m.•52 views

Updated postgresql packages fix security vulnerability

The updated postgresql packages fix a security vulnerability: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552...

8.8CVSS3.8AI score0.12403EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/22 11:26 a.m.•78 views

Updated netatalk packages fix security vulnerability

Remote arbitrary code execution related to dsistreamreceive. CVE-2021-31439 Remote arbitrary code execution related to parseentries. CVE-2022-23121 Remote arbitrary code execution related to copyapplfile. CVE-2022-23125...

9.8CVSS3.5AI score0.08525EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/22 11:26 a.m.•25 views

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 4.3.4, which fixes several security vulnerabilities and other bugs which were corrected upstream...

4AI score
Exploits0References4
Mageia
Mageia
•added 2022/05/22 11:26 a.m.•47 views

Updated nvidia390 packages fix security vulnerabilities

Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of...

9.9CVSS3.3AI score0.01034EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/22 11:26 a.m.•63 views

Updated nvidia-current packages fix security vulnerabilities

Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denia...

9.9CVSS0.9AI score0.01034EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/22 11:26 a.m.•47 views

Updated ruby-nokogiri packages fix security vulnerability

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a...

8.2CVSS5.5AI score0.02886EPSS
Exploits1References3
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•58 views

Updated microcode packages fix security vulnerabilities

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Sensitive information accessible by physical probing of JTAG interface for some IntelR Processors with SGX may allow an unprivileged user to potentially enable information...

5.5CVSS4.6AI score0.00347EPSS
Exploits0References5
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•65 views

Updated opencontainers-runc packages fix security vulnerability

A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bug did n...

7.8CVSS2AI score0.00386EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•94 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allo...

8.2CVSS1.9AI score0.02972EPSS
Exploits7References7
Mageia
Mageia
•added 2022/05/21 8:50 a.m.•106 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a...

8.2CVSS1.6AI score0.02972EPSS
Exploits7References7
Mageia
Mageia
•added 2022/05/19 7:56 a.m.•42 views

Updated htmldoc packages fix security vulnerability

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

5.5CVSS0.7AI score0.00917EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/19 7:56 a.m.•41 views

Updated python-oslo-utils packages fix security vulnerability

oslo.utils could be made to expose sensitive information if it received a specially crafted input CVE-2022-0718...

4.9CVSS2.6AI score0.01335EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/19 7:56 a.m.•69 views

Updated python-django packages fix security vulnerability

Potential SQL injection in QuerySet.annotate, aggregate, and extra CVE-2022-28346 Potential SQL injection via QuerySet.explainoptions on PostgreSQL QuerySet.explain CVE-2022-28347...

9.8CVSS3.7AI score0.18516EPSS
Exploits3References3
Mageia
Mageia
•added 2022/05/17 9:19 a.m.•76 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 101.0.4951.64 version, fixing many bugs and 13 CVE. Some of them are listed below: 1316990 High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 1314908 High CVE-2022-1634: Use after free in Browser UI...

8.8CVSS0.1AI score0.00776EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•39 views

Updated python-waitress packages fix security vulnerability

When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-en...

7.5CVSS0.3AI score0.01738EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•35 views

Updated fish packages fix security vulnerability

Arbitrary Code Execution. CVE-2022-20001...

7.8CVSS2.8AI score0.01417EPSS
Exploits0References3
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•214 views

Updated golang-github-prometheus-client packages fix security vulnerability

HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

7.5CVSS1.4AI score0.05994EPSS
Exploits0References4
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•90 views

Updated curl packages fix security vulnerability

CERTINFO never-ending busy-loop. CVE-2022-27781 TLS and SSH connection too eager reuse. CVE-2022-27782...

7.5CVSS1.5AI score0.02596EPSS
Exploits2References4
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•40 views

Updated clamav packages fix security vulnerability

Infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. CVE-2022-20770 Infinite loop vulnerability in the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior...

8.6CVSS0.6AI score0.0663EPSS
Exploits0References4
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•29 views

Updated python-nbxmpp packages fix security vulnerability

Missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it such as Gajim...

7.5CVSS2.9AI score0.01518EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•30 views

Updated python-django-registration packages fix security vulnerability

Sensitive data could be included in error reports CVE-2021-21416...

3.7CVSS2.1AI score0.0041EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•63 views

Updated xmlrpc-c packages fix security vulnerability

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVE-2022-25235...

9.8CVSS2.2AI score0.04955EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•43 views

Updated cairo packages fix security vulnerability

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call. CVE-2017-9814...

7.5CVSS5.3AI score0.03463EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/15 10:6 a.m.•67 views

Updated freetype2 packages fix security vulnerability

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfntinitface. CVE-2022-27404 FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNTSizeRequest...

9.8CVSS9.3AI score0.0339EPSS
Exploits2References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•46 views

Updated cifs-utils packages fix security vulnerability

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-27239 cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign...

7.8CVSS5.7AI score0.01804EPSS
Exploits0References4
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•98 views

Updated python-pillow packages fix security vulnerability

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary...

9.8CVSS5.3AI score0.03399EPSS
Exploits0References5
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•44 views

Updated python-ujson packages fix security vulnerability

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation. CVE-2021-45958...

5.5CVSS3.8AI score0.0155EPSS
Exploits1References3
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•58 views

Updated python-twisted packages fix security vulnerability

CVE-2022-21712: It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21716: It was discovered that Twisted incorrectly processed SSH handshake data on...

7.5CVSS1.6AI score0.03608EPSS
Exploits1References7
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•36 views

Updated libcaca packages fix security vulnerability

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. CVE-2022-0856...

6.5CVSS4.8AI score0.02752EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•51 views

Updated sqlite3 packages fix security vulnerability

DISPUTED A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentional...

7.5CVSS2.8AI score0.03898EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•128 views

Updated libxml2 packages fix security vulnerability

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS2.2AI score0.0363EPSS
Exploits5References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•34 views

Updated python-rencode packages fix security vulnerability

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory. CVE-2021-40839...

7.5CVSS4.4AI score0.05566EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•44 views

Updated golang packages fix security vulnerability

encoding/pem: fix stack overflow in Decode. A large more than 5 MB PEM input can cause a stack overflow in Decode, leading the program to crash CVE-2022-24675 crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause P256.ScalarMult or...

7.5CVSS3.7AI score0.05416EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•70 views

Updated openssl packages fix security vulnerability

The crehash script allows command injection. CVE-2022-1292...

10CVSS2.7AI score0.83223EPSS
Exploits5References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•40 views

Updated gerbv packages fix security vulnerability

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev commit b5f1eacd, and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker ca...

6.3CVSS4.1AI score0.01084EPSS
Exploits1References2
Mageia
Mageia
•added 2022/05/12 10:24 a.m.•47 views

Updated slurm packages fix security vulnerability

Incorrect Access Control that leads to Information Disclosure. CVE-2022-29500 Incorrect Access Control that leads to Escalation of Privileges and code execution. CVE-2022-29501...

9CVSS3.5AI score0.02639EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/08 7:58 a.m.•72 views

Updated rsyslog packages fix security vulnerability

Potential heap buffer overflow in TCP syslog server receiver components CVE-2022-24903...

8.1CVSS4AI score0.03821EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/08 7:58 a.m.•54 views

Updated ruby-nokogiri packages fix security vulnerability

Fix for possible DOS by regex. CVE-2022-24836...

7.5CVSS1.9AI score0.03549EPSS
Exploits0References2
Mageia
Mageia
•added 2022/05/06 8:16 p.m.•87 views

Updated dcraw packages fix security vulnerability

A buffer over-read in cropmaskedpixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. CVE-2018-19565 A heap buffer over-read in parsetiffifd in dcraw through 9.28 could be used by...

9.3CVSS1.9AI score0.01984EPSS
Exploits1References3
Mageia
Mageia
•added 2022/05/06 8:16 p.m.•47 views

Updated lighttpd packages fix security vulnerability

In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...

5.9CVSS1AI score0.08969EPSS
Exploits1References3
Total number of security vulnerabilities6011