Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/03/23 8:36 a.m.•66 views

Updated cyrus-sasl packages fix security vulnerability

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407...

8.8CVSS1.7AI score0.04123EPSS
Exploits0References3
Mageia
Mageia
•added 2022/03/23 8:36 a.m.•60 views

Updated openssl packages fix security vulnerability

Infinite loop in BNmodsqrt reachable when parsing certificates. CVE-2022-0778...

7.5CVSS3.1AI score0.70561EPSS
Exploits2References3
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•103 views

Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

8.6CVSS3.9AI score0.15014EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•48 views

Updated 389-ds-base packages fix security vulnerability

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091...

7.5CVSS2.5AI score0.01983EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•52 views

Updated bind packages fix security vulnerability

DNS forwarders - cache poisoning vulnerability. CVE-2021-25220...

6.8CVSS7.4AI score0.0325EPSS
Exploits0References3
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•47 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 99.0.4844.74 version that fixes multiples security vulnerabilities. 1299422 Critical CVE-2022-0971: Use after free in Blink Layout. 1301320 High CVE-2022-0972: Use after free in Extensions. 1297498 High CVE-2022-0973: Use after free in...

9.6CVSS0.6AI score0.01089EPSS
Exploits10References2
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•103 views

Updated apache packages fix security vulnerability

SECURITY: CVE-2022-23943: modsed: Read/write beyond bounds. Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. Credits: Ronald Crane Zippenhop LLC SECURITY: CVE-2022-22721: core: Possible buffer...

9.8CVSS9.4AI score0.69803EPSS
Exploits0References4
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•27 views

Updated stunnel packages fix security vulnerability

Update to 5.62 including new features and bugfixes: Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests bsc1182529. - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service bsc1181400. New features - Added new...

1.9AI score
Exploits0References3
Mageia
Mageia
•added 2022/03/21 8:18 p.m.•52 views

Updated python-django/python-asgiref packages fix security vulnerability

The % debug % template tag didn't properly encode the current context posing an XSS attack vector CVE-2022-22818. Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service CVE-2022-23833. The python-django update necessitated a...

7.5CVSS2.7AI score0.49246EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/14 4:51 p.m.•70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

9.1CVSS7.2AI score0.04919EPSS
Exploits0References7
Mageia
Mageia
•added 2022/03/14 4:51 p.m.•16 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 99.0.4844.51 version that fixes multiples security vulnerabilities...

3.3AI score
Exploits0References4
Mageia
Mageia
•added 2022/03/14 4:51 p.m.•68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

9.1CVSS7.3AI score0.04919EPSS
Exploits0References6
Mageia
Mageia
•added 2022/03/14 4:51 p.m.•45 views

Updated ruby packages fix security vulnerability

Command injection in ruby bundler. CVE-2021-43809...

9.3CVSS2.5AI score0.02796EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/12 3:7 a.m.•43 views

Updated gnutls packages fix security vulnerability

Null pointer dereference in MDUPDATE. CVE-2021-4209...

6.5CVSS2.5AI score0.01383EPSS
Exploits0References3
Mageia
Mageia
•added 2022/03/11 8:51 a.m.•22 views

Updated shapelib packages fix security vulnerability

Double-free vulnerability in contrib/shpsort.c. CVE-2022-0699...

9.8CVSS2AI score0.01239EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/11 8:51 a.m.•54 views

Updated thunderbird packages fix security vulnerabilities

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash CVE-2022-26381. When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification CVE-2022-26383. If an attacker coul...

9.6CVSS1.5AI score0.00931EPSS
Exploits4References3
Mageia
Mageia
•added 2022/03/09 5:3 p.m.•89 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.26 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is ORDONLY, immutable or on...

7.8CVSS1.7AI score0.88106EPSS
Exploits107References4
Mageia
Mageia
•added 2022/03/08 6:56 p.m.•47 views

Updated thunderbird packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free CVE-2022-26485. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape CVE-2022-26486...

9.6CVSS1.5AI score0.14261EPSS
Exploits2References3
Mageia
Mageia
•added 2022/03/08 6:10 p.m.•46 views

Updated firefox packages fix security vulnerabilities

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash CVE-2022-26381. When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification CVE-2022-26383. If an attacker coul...

9.6CVSS0.8AI score0.00931EPSS
Exploits4References2
Mageia
Mageia
•added 2022/03/07 11:10 p.m.•50 views

Updated webmin packages fix security vulnerability

Less privileged Webmin users who do not have any File Manager module restrictions configured can access files with root privileges, if using the default Authentic theme CVE-2022-0824, CVE-2022-0829...

9CVSS4.5AI score0.96977EPSS
Exploits14References3
Mageia
Mageia
•added 2022/03/07 11:10 p.m.•92 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.25 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is ORDONLY, immutable or on a...

7.8CVSS1.8AI score0.88106EPSS
Exploits107References3
Mageia
Mageia
•added 2022/03/07 11:10 p.m.•387 views

Updated golang packages fix security vulnerability

Overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption CVE-2022-23772 Incorrect access control in cmd/go CVE-2022-23773 Incorrect returned value in crypto/elliptic IsOnCurve CVE-2022-23806 The following non-security bugs were fixed: - go50978 crypto/elliptic: IsOnCurve...

9.1CVSS0.9AI score0.03015EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•24 views

Updated mc packages fix security vulnerability

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. CVE-2021-36370...

7.5CVSS1.7AI score0.02216EPSS
Exploits1References2
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•56 views

Updated docker-containerd packages fix security vulnerability

A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS1AI score0.27392EPSS
Exploits4References3
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•59 views

Updated libtiff packages fix security vulnerability

Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. CVE-2022-0561 Null source pointer passed as an argument to memcpy function within TIFFReadDirector...

5.5CVSS4.1AI score0.0125EPSS
Exploits2References2
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•103 views

Updated libxml2 packages fix security vulnerability

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308...

7.5CVSS2.9AI score0.0601EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•51 views

Updated flac packages fix security vulnerability

In appendtoverifyfifointerleaved of streamencoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. CVE-2021-0561...

5.5CVSS2.5AI score0.00465EPSS
Exploits0References2
Mageia
Mageia
•added 2022/03/06 10:40 a.m.•42 views

Updated firefox packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free CVE-2022-26485. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape CVE-2022-26486...

9.6CVSS1.1AI score0.14261EPSS
Exploits2References3
Mageia
Mageia
•added 2022/03/02 4:52 p.m.•20 views

Updated php packages fix security vulnerability

Security update for php. See changelog for details...

1.4AI score
Exploits0References2
Mageia
Mageia
•added 2022/02/22 9:25 p.m.•54 views

Updated htmldoc packages fix security vulnerability

A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gifgetcode and occurs when opening a malicious GIF file, which can result in a crash segmentation fault. CVE-2022-0534...

5.5CVSS1.8AI score0.0094EPSS
Exploits1References2
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•68 views

Updated nodejs packages fix security vulnerability

Improper handling of URI Subject Alternative Names Medium. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often n...

8.2CVSS2AI score0.21514EPSS
Exploits2References5
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•95 views

Updated expat packages fix security vulnerability

Passing malformed 2- and 3-byte UTF-8 sequences e.g. from start tag names to the XML processing application on top of Expat can cause arbitrary damage e.g. code execution depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with co...

9.8CVSS2.3AI score0.34174EPSS
Exploits1References3
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•72 views

Updated polkit packages fix security vulnerability

There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion. CVE-2021-4115...

5.5CVSS1.3AI score0.0053EPSS
Exploits1References6
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•34 views

Updated cpanminus packages fix security vulnerability

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. CVE-2020-16154...

7.8CVSS3.1AI score0.00713EPSS
Exploits1References2
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•61 views

Updated util-linux packages fix security vulnerability

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic...

5.5CVSS6.7AI score0.00661EPSS
Exploits5References10
Mageia
Mageia
•added 2022/02/22 8:15 p.m.•51 views

Updated varnish packages fix security vulnerability

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. CVE-2022-23959...

9.1CVSS7.1AI score0.01973EPSS
Exploits0References4
Mageia
Mageia
•added 2022/02/18 10:15 a.m.•59 views

Updated webkit2 packages fix security vulnerability

Fix accessibility not working when the Bubblewrap sandbox is enabled. Fix rendering of scrollbars when overlay scrollbars are disabled. Fix the build when the X11 support is disabled. Fix the build in a number of situations where the main OpenGL library is not called libGL or libgl, as is the cas...

8.8CVSS1.7AI score0.16342EPSS
Exploits0References3
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•40 views

Updated docker-containerd packages fix security vulnerability

Unprivileged pod may bind mount any privileged regular file on disk CVE-2021-43816...

9.1CVSS3.1AI score0.0169EPSS
Exploits1References2
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•31 views

Updated thunderbird packages fix security vulnerability

Crafted email could trigger an out-of-bounds write. CVE-2022-0566...

8.8CVSS2.4AI score0.00701EPSS
Exploits0References3
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•31 views

Updated zxing-cpp packages fix security vulnerability

Buffer overflow vulnerability in function stbiextendreceive in stbimage.h in stb 2.26 via a crafted JPEG file. CVE-2021-28021 An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An...

7.8CVSS2.3AI score0.0136EPSS
Exploits2References2
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•25 views

Updated nas packages fix security vulnerability

Stack-based buffer overflow in auphone.c that can be triggered by an environment variable. Also, the x11-util-cf-files package has been patched to allow building nas...

3.9AI score
Exploits0References4
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•45 views

Updated wireshark packages fix security vulnerability

Kafka dissector infinite loop CVE-2021-4190. RTMPT dissector infinite loop wnpa-sec-2022-01. Large loops in multiple dissectors wnpa-sec-2022-02. PVFS dissector crash wnpa-sec-2022-03. CSN.1 dissector crash wnpa-sec-2022-04. CMS dissector crash wnpa-sec-2022-05...

7.5CVSS2.8AI score0.031EPSS
Exploits1References9
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•26 views

Updated rlwrap packages fix security vulnerability

rlwrap update fixes use of /tmp/rlwrap.debug causing a denial of service for other users on the same system...

4.1AI score
Exploits0References3
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•67 views

Updated phoronix-test-suite packages fix security vulnerability

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. CVE-2022-0157 phoronix-test-suite is vulnerable to Cross-Site Request Forgery CSRF. CVE-2022-0196, CVE-2022-0197, CVE-2022-0238...

8.8CVSS2AI score0.01081EPSS
Exploits4References2
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•37 views

Updated zsh packages fix security vulnerability

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion. CVE-2021-45444...

7.8CVSS5.4AI score0.0198EPSS
Exploits0References3
Mageia
Mageia
•added 2022/02/18 12:14 a.m.•58 views

Updated mariadb packages fix security vulnerability

InnoDB - --skip-symbolic-links does not disallow .isl file creation MDEV-26870 - Indexed CHAR columns are broken with NOPAD collations MDEV-25440 - insert-intention lock conflicts with waiting ORDINARY lock MDEV-27025 - Crash recovery improvements MDEV-26784, MDEV-27022, MDEV-27183, MDEV-27610...

7.8CVSS0.8AI score0.00645EPSS
Exploits6References3
Mageia
Mageia
•added 2022/02/15 8:50 p.m.•57 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.23 and fixes at least the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64...

9CVSS0.6AI score0.67994EPSS
Exploits14References7
Mageia
Mageia
•added 2022/02/15 8:50 p.m.•90 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.23 and fixes at least the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than th...

9CVSS1AI score0.67994EPSS
Exploits16References7
Mageia
Mageia
•added 2022/02/15 8:50 p.m.•70 views

Updated microcode packages fix security vulnerabilities

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Insufficient control flow management in some IntelR Processors may allow an authenticated user to potentially enable a denial of service via local access CVE-2021-0127 / SA-00532...

6.8CVSS3.1AI score0.01017EPSS
Exploits0References6
Mageia
Mageia
•added 2022/02/15 8:50 p.m.•42 views

Updated nonfree firmware packages fix security vulnerabilities

This update provides new and updated nonfree firmwares and fixes at least the following security issues: Improper input validation in firmware for IntelR PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access CVE-2021-0066 / SA-00539...

8.4CVSS7.1AI score0.00515EPSS
Exploits0References3
Total number of security vulnerabilities6011