Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/05/06 8:16 p.m.•47 views

Updated firefox packages fix security vulnerability

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions CVE-2022-29909. Firefox did not properly protect against top-level navigations for an iframe...

9.8CVSS9.7AI score0.01005EPSS
Exploits3References3
Mageia
Mageia
•added 2022/05/06 8:16 p.m.•44 views

Updated thunderbird packages fix security vulnerability

Incorrect security status shown after viewing an attached email. CVE-2022-1520 Fullscreen notification bypass using popups. CVE-2022-29914 Bypassing permission prompt in nested browsing contexts. CVE-2022-29909 Leaking browser history with CSS variables. CVE-2022-29916 iframe sandbox bypass...

9.8CVSS1.1AI score0.01005EPSS
Exploits3References3
Mageia
Mageia
•added 2022/05/02 7:44 p.m.•53 views

Updated curl packages fix security vulnerability

OAUTH2 bearer bypass in connection re-use. CVE-2022-22576 Credential leak on redirect. CVE-2022-27774 Bad local IPv6 connection reuse. CVE-2022-27775 Auth/cookie leak on redirect. CVE-2022-27776...

8.1CVSS2.2AI score0.03425EPSS
Exploits4References6
Mageia
Mageia
•added 2022/05/02 7:44 p.m.•54 views

Updated chromium-browser-stable packages fix security vulnerability

Use after free in Vulkan. CVE-2022-1477 Use after free in SwiftShader. CVE-2022-1478 Use after free in ANGLE. CVE-2022-1479 Use after free in Sharing. CVE-2022-1481 Inappropriate implementation in WebGL. CVE-2022-1482 Heap buffer overflow in WebGPU. CVE-2022-1483 Heap buffer overflow in Web UI...

8.8CVSS1.1AI score0.0105EPSS
Exploits23References2
Mageia
Mageia
•added 2022/04/28 10:46 p.m.•80 views

Updated firefox/nss/rootcerts packages fix security vulnerability

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash CVE-2022-1097. After a VR Process is destroyed, a reference to it may have been retained and used, leading to a...

9.8CVSS1.6AI score0.34174EPSS
Exploits8References3
Mageia
Mageia
•added 2022/04/28 10:46 p.m.•70 views

Updated thunderbird packages fix security vulnerabilities

The updated thunderbird packages fix security vulnerabilities: Use-after-free in NSSToken objects CVE-2022-1097. Use-after-free after VR Process destruction CVE-2022-1196. OpenPGP revocation information was ignored CVE-2022-1197. Denial of Service via complex regular expressions CVE-2022-24713...

9.8CVSS4AI score0.34174EPSS
Exploits8References4
Mageia
Mageia
•added 2022/04/28 3:51 p.m.•78 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service DOS issue was found in the Linux kernel smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser...

7.8CVSS1.5AI score0.00773EPSS
Exploits8References4
Mageia
Mageia
•added 2022/04/28 3:51 p.m.•160 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service DOS issue was found in the Linux kernel smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser...

7.8CVSS2.2AI score0.00773EPSS
Exploits8References4
Mageia
Mageia
•added 2022/04/26 3:4 p.m.•62 views

Updated virtualbox packages fix security vulnerabilities

Updated virtualbox packages fix security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM...

6.7CVSS2.1AI score0.00374EPSS
Exploits0References3
Mageia
Mageia
•added 2022/04/24 10:43 a.m.•89 views

Updated libdxfrw packages fix security vulnerability

A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. CVE-2021-21898 A code...

8.8CVSS2.1AI score0.02686EPSS
Exploits4References5
Mageia
Mageia
•added 2022/04/24 10:43 a.m.•46 views

Updated librecad packages fix security vulnerability

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. CVE-2021-45341 A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and olde...

9.3CVSS4.7AI score0.06617EPSS
Exploits2References4
Mageia
Mageia
•added 2022/04/23 5:22 p.m.•34 views

Updated libinput packages fix security vulnerability

libinput could be made to crash or expose sensitive information. CVE-2022-1215...

7.8CVSS2.4AI score0.00364EPSS
Exploits0References3
Mageia
Mageia
•added 2022/04/23 5:22 p.m.•64 views

Updated gzip/xz packages fix security vulnerability

zgrep, xzgrep: arbitrary-file-write vulnerability. CVE-2022-1271...

8.8CVSS1.5AI score0.04271EPSS
Exploits0References8
Mageia
Mageia
•added 2022/04/22 5:7 p.m.•35 views

Updated openscad packages fix security vulnerability

Out-of-bounds memory access in DXF loader. CVE-2022-0496 Out-of-bounds memory access in comment parser. CVE-2022-0497...

7.1CVSS4.3AI score0.00441EPSS
Exploits2References2
Mageia
Mageia
•added 2022/04/22 5:7 p.m.•106 views

Updated git packages fix security vulnerability

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in /tmp, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs 'git status' or 'git diff' and navigating to a directory which ...

7.8CVSS0.9AI score0.00782EPSS
Exploits0References4
Mageia
Mageia
•added 2022/04/18 8:0 p.m.•105 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 100.0.4896.127 version, fixing many CVE, along with fixes from the 100.0.4896.75 and 100.0.4896.88 versions. Google is aware that an exploit for CVE-2022-1364 exists in the wild. 1315901 High CVE-2022-1364: Type Confusion in V8. Reported...

9.6CVSS0.3AI score0.16488EPSS
Exploits14References5
Mageia
Mageia
•added 2022/04/18 7:42 a.m.•60 views

Updated mediawiki packages fix security vulnerability

Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki CVE-2022-28201. Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete CVE-2022-28202. Requesting Special:NewFiles on a wiki with many file uploads with acto...

7.5CVSS1.5AI score0.01152EPSS
Exploits3References2
Mageia
Mageia
•added 2022/04/15 9:35 p.m.•107 views

Updated libarchive packages fix security vulnerability

7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in readchildren. RARv4 redaer: fix multiple issues in RARv4 filter code introduced in libarchive 3.6.0: - fix heap use after free in archivereadformatrarreaddata;...

6.5CVSS1.1AI score0.01877EPSS
Exploits1References3
Mageia
Mageia
•added 2022/04/15 9:35 p.m.•42 views

Updated ruby packages fix security vulnerability

Double free in Regexp compilation CVE-2022-28738. A buffer overrun was found in String-to-Float conversion CVE-2022-28739...

9.8CVSS3.7AI score0.04127EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/15 9:35 p.m.•41 views

Updated crun packages fix security vulnerability

Containers were started incorrectly with non-empty inheritable Linux process capabilities. CVE-2022-27650...

7.5CVSS3.5AI score0.01124EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/15 9:35 p.m.•80 views

Updated docker-containerd packages fix security vulnerability

Containers were incorrectly started with non-empty inheritable Linux process capabilities CVE-2022-24769...

5.9CVSS3.3AI score0.00492EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/13 4:6 p.m.•52 views

Updated subversion packages fix security vulnerability

SVN authz protected copyfrom paths regression. CVE-2021-28544 Subversion's moddavsvn is vulnerable to memory corruption. CVE-2022-24070...

7.5CVSS6.4AI score0.09254EPSS
Exploits1References4
Mageia
Mageia
•added 2022/04/13 4:6 p.m.•56 views

Updated ceph packages fix security vulnerability

Updated ceph packages fix security vulnerabilities: the key length for encrypted devices created using ceph-volume is incorrect. This is due to a bug in cephvolume/util/encryption.py which is fixed by this new version. CVE-2021-3979...

6.5CVSS3.2AI score0.00436EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/13 4:6 p.m.•66 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.36.0, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.03668EPSS
Exploits0References3
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•49 views

Updated busybox packages fix security vulnerability

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. CVE-2022-28391...

8.8CVSS7AI score0.03505EPSS
Exploits1References3
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•38 views

Updated gdal packages fix security vulnerability

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment. CVE-2021-45943...

5.5CVSS3.1AI score0.01491EPSS
Exploits1References2
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•39 views

Updated flatpak packages fix security vulnerability

Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. CVE-2021-43860 Path traversal vulnerability CVE-2022-21682 Vario...

8.6CVSS2.9AI score0.01666EPSS
Exploits0References14
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•46 views

Updated 389-ds-base packages fix security vulnerability

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The...

7.5CVSS2.9AI score0.05914EPSS
Exploits3References3
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•54 views

Updated python-paramiko packages fix security vulnerability

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure. CVE-2022-24302...

5.9CVSS2.6AI score0.0208EPSS
Exploits1References2
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•33 views

Updated usbredir packages fix security vulnerability

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. CVE-2021-3700...

6.4CVSS4.5AI score0.00309EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/09 9:20 p.m.•36 views

Updated fribidi packages fix security vulnerability

Stack based buffer overflow. CVE-2022-25308 Heap-buffer-overflow in fribidicaprtltounicode. CVE-2022-25309 SEGV in fribidiremovebidimarks. CVE-2022-25310...

7.8CVSS4.1AI score0.00508EPSS
Exploits3References2
Mageia
Mageia
•added 2022/04/05 5:32 p.m.•63 views

Updated chromium-browser-stable packages fix security vulnerability

Use after free in Portals. CVE-2022-1125 Use after free in QR Code Generator. CVE-2022-1127 Inappropriate implementation in Web Share API. CVE-2022-1128 Inappropriate implementation in Full Screen Mode. CVE-2022-1129 Insufficient validation of untrusted input in WebOTP. CVE-2022-1130 Use after fr...

8.8CVSS0.7AI score0.01613EPSS
Exploits17References2
Mageia
Mageia
•added 2022/04/02 10:22 p.m.•48 views

Updated openjpeg2 packages fix security vulnerability

A flaw was found in the opj2decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and...

5.5CVSS1.5AI score0.01078EPSS
Exploits0References2
Mageia
Mageia
•added 2022/04/02 10:22 p.m.•41 views

Updated libtiff packages fix security vulnerability

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-0907...

5.5CVSS5.2AI score0.0127EPSS
Exploits1References2
Mageia
Mageia
•added 2022/04/02 10:22 p.m.•132 views

Updated php-smarty packages fix security vulnerability

Updated php-smarty packages to version 4 for php 8 compatibility and to fix security vulnerabilities...

9.8CVSS3.8AI score0.82316EPSS
Exploits4References3
Mageia
Mageia
•added 2022/03/31 7:55 p.m.•45 views

Updated golang packages fix security vulnerability

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...

7.5CVSS1.8AI score0.03255EPSS
Exploits0References4
Mageia
Mageia
•added 2022/03/31 7:55 p.m.•458 views

Updated zlib packages fix security vulnerability

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 Update to release 1.2.12 for additional bug fixes. See the changelog for details...

7.5CVSS2.8AI score0.51733EPSS
Exploits1References4
Mageia
Mageia
•added 2022/03/31 7:55 p.m.•39 views

Updated wavpack packages fix security vulnerability

An out of bounds read was found in Wavpack 5.4.0 in processing .WAV files. This issue triggered in function WavpackPackSamples of file src/packutils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. CVE-2021-44269...

5.5CVSS1.9AI score0.01155EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/30 5:6 p.m.•43 views

Updated openvpn packages fix security vulnerability

Potential authentication by-pass with multiple deferred authentication plug-ins. CVE-2022-0547...

9.8CVSS2.9AI score0.03519EPSS
Exploits0References4
Mageia
Mageia
•added 2022/03/29 2:25 p.m.•97 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local...

7.8CVSS8.1AI score0.06197EPSS
Exploits24References5
Mageia
Mageia
•added 2022/03/29 2:25 p.m.•95 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to...

7.8CVSS8.1AI score0.06197EPSS
Exploits24References5
Mageia
Mageia
•added 2022/03/28 4:23 p.m.•81 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to 99.0.4844.84 that fixes one security vulnerability and many bugs together with 99.0.4844.82. Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware that an exploit for CVE-2022-1096 exists in the wild. CVE-2022-1096...

8.8CVSS1.9AI score0.24237EPSS
Exploits1References3
Mageia
Mageia
•added 2022/03/28 4:23 p.m.•48 views

Updated docker packages fix security vulnerability

Containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during 'execve2' CVE-2022-24769...

5.9CVSS3.1AI score0.00492EPSS
Exploits0References3
Mageia
Mageia
•added 2022/03/28 4:23 p.m.•20 views

Updated graphicsmagick packages fix security vulnerability

The graphicsmagick package has been updated to version 1.3.38, fixing several security issues and other bugs. See the referenced NEWS link for details...

3.1AI score
Exploits0References2
Mageia
Mageia
•added 2022/03/28 4:23 p.m.•150 views

Updated libtiff packages fix security vulnerability

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-0865 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory acces...

7.7CVSS4.4AI score0.01542EPSS
Exploits5References2
Mageia
Mageia
•added 2022/03/24 9:3 a.m.•14 views

Updated pesign packages fix security vulnerability

Fix potential DoS in pesign daemon...

2.4AI score
Exploits0References2
Mageia
Mageia
•added 2022/03/24 9:3 a.m.•33 views

Updated libpano13 packages fix security vulnerability

Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine in parser.c. CVE-2021-33293...

9.1CVSS2.4AI score0.02067EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/24 9:3 a.m.•39 views

Updated abcm2ps packages fix security vulnerability

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculatebeam at draw.c. CVE-2021-32434 Stack-based buffer overflow in the function getkey in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2021-324...

6.5CVSS6AI score0.01642EPSS
Exploits3References2
Mageia
Mageia
•added 2022/03/23 8:36 a.m.•30 views

Updated sphinx packages fix security vulnerability

It was found that sphinx could allow arbitrary files to be read by abusing a configuration option. CVE-2020-29050...

7.5CVSS3AI score0.02166EPSS
Exploits2References4
Mageia
Mageia
•added 2022/03/23 8:36 a.m.•44 views

Updated swtpm packages fix security vulnerability

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an...

6.2CVSS1.4AI score0.00404EPSS
Exploits0References2
Total number of security vulnerabilities6011