Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2021/11/11 3:2 p.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.78 and fixes at least the following security issues: A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability CVE-2021-3760. A flaw in the SCTP stack where a blind attacker may be...

9.8CVSS7.6AI score0.57853EPSS
Exploits4References4
Mageia
Mageia
•added 2021/11/10 10:53 p.m.•24 views

Updated libesmtp packages fix security vulnerability

libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlmbuildtype2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. CVE-2019-19977...

9.8CVSS2AI score0.03056EPSS
Exploits1References3
Mageia
Mageia
•added 2021/11/10 10:53 p.m.•59 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...

10CVSS9.6AI score0.0383EPSS
Exploits0References3
Mageia
Mageia
•added 2021/11/10 10:53 p.m.•49 views

Updated libzapojit packages fix security vulnerability

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. CVE-2021-39360...

5.9CVSS3.2AI score0.00831EPSS
Exploits0References2
Mageia
Mageia
•added 2021/11/10 10:53 p.m.•60 views

Updated firefox packages fix security vulnerability

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...

10CVSS9.6AI score0.0383EPSS
Exploits0References3
Mageia
Mageia
•added 2021/11/10 10:53 p.m.•47 views

Updated sssd packages fix security vulnerability

Shell command injection in sssctl. CVE-2021-3621...

9.3CVSS1.8AI score0.02524EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/31 11:12 a.m.•50 views

Updated docker packages fix security vulnerabilities

Updated docker packages fix security vulnerabilities: A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug...

7.5CVSS3AI score0.02693EPSS
Exploits3References1
Mageia
Mageia
•added 2021/10/31 11:12 a.m.•33 views

Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody CVE-2021-28116...

5.3CVSS2.6AI score0.13005EPSS
Exploits0References4
Mageia
Mageia
•added 2021/10/31 11:12 a.m.•46 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerability: In PHP versions 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main...

7.8CVSS2.6AI score0.01337EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•29 views

Updated libcaca packages fix security vulnerability

A flaw was found in libcaca. A heap buffer overflow in export.c in function exporttga might lead to memory corruption and other potential consequences. CVE-2021-30498 A flaw was found in libcaca. A buffer overflow of export.c in function exporttroff might lead to memory corruption and other...

7.8CVSS2.9AI score0.01353EPSS
Exploits2References2
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•55 views

Updated ffmpeg packages fix security vulnerability

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. CVE-2020-20446 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service...

9.8CVSS3.9AI score0.0269EPSS
Exploits11References7
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•37 views

Updated cloud-init packages fix security vulnerability

cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....

5.5CVSS5.6AI score0.00219EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•40 views

Updated cairo packages fix security vulnerability

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized. CVE-2019-6462...

6.5CVSS1.9AI score0.02142EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/29 7:32 p.m.•61 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.34.1, fixing several security issues and other bugs. See release notes for details...

8.8CVSS3.5AI score0.13486EPSS
Exploits1References3
Mageia
Mageia
•added 2021/10/27 12:13 p.m.•56 views

Updated qtbase5 packages fix security vulnerability

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...

7.5CVSS1.9AI score0.03915EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/27 12:13 p.m.•19 views

Updated opencryptoki packages fix security vulnerability

It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack...

2.1AI score
Exploits0References3
Mageia
Mageia
•added 2021/10/27 12:13 p.m.•39 views

Updated fossil packages fix security vulnerability

Client-side TLS so that it verifies that the server hostname matches its certificate Fixed in fossil 2.14.2. A data exfiltration bug in the server Fixed in fossil 2.14.1...

7.5CVSS1AI score0.00574EPSS
Exploits0References4
Mageia
Mageia
•added 2021/10/25 3:49 p.m.•47 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.75 and fixes at least the following security issues: A memory leak in the ccprunaesgcmcmd function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service memory consumption CVE-2021-3744. A memory...

7.8CVSS6.6AI score0.00533EPSS
Exploits1References6
Mageia
Mageia
•added 2021/10/25 3:49 p.m.•60 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.75 and fixes at least the following security issues: A memory leak in the ccprunaesgcmcmd function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service memory consumption CVE-2021-3744. A memory leak...

7.8CVSS6.6AI score0.00533EPSS
Exploits1References6
Mageia
Mageia
•added 2021/10/23 5:48 p.m.•61 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.1.28 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...

7.8CVSS2.5AI score0.004EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/23 10:5 a.m.•60 views

Updated docker-containerd packages fix security vulnerability

A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set...

7.8CVSS7.1AI score0.01608EPSS
Exploits2References9
Mageia
Mageia
•added 2021/10/23 10:5 a.m.•116 views

Updated tomcat packages fix security vulnerability

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. CVE-2021-30640 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not...

7.5CVSS7AI score0.75353EPSS
Exploits1References8
Mageia
Mageia
•added 2021/10/23 10:5 a.m.•40 views

Updated ansible packages fix security vulnerability

Do not include params in exception when a call to setoptions fails. Additionally, block the exception that is returned from being displayed to stdout. CVE-2021-3620...

5.5CVSS2.1AI score0.00384EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/23 10:5 a.m.•38 views

Updated flatpak packages fix security vulnerability

Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related...

8.8CVSS0.6AI score0.00406EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•56 views

Updated vim packages fix security vulnerability

CVE-2021-3778: vim: Heap-based Buffer Overflow in utfptr2char Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo "Ywp2XTCqCi4KeQpAMA=...

8.2CVSS8AI score0.01749EPSS
Exploits2References8
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•69 views

Updated redis packages fix security vulnerability

CVE-2021-32626: Specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. CVE-2021-32627: An integer overflow bug in Redis 5.0 or...

9CVSS8.3AI score0.1578EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•35 views

Updated aom packages fix security vulnerability

aomdsp/graintable.c in libaom in AOMedia before 2021-03-30 has a use-after-free. CVE-2021-30474...

9.8CVSS3.1AI score0.01885EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/20 9:28 p.m.•52 views

Updated libslirp packages fix security vulnerability

Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootpinput function while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory fr...

3.8CVSS2.5AI score0.00326EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•34 views

Updated grilo packages fix security vulnerability

Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks...

5.9CVSS3.4AI score0.00866EPSS
Exploits0References4
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•78 views

Updated golang packages fix security vulnerability

The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

9.8CVSS8AI score0.10299EPSS
Exploits0References6
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•62 views

Updated python-flask-restx packages fix security vulnerability

Regular expression denial of service in emailregex...

7.5CVSS3.4AI score0.01804EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•53 views

Updated python-mpmath packages fix security vulnerability

Fix CVE-2021-29063 regular expression denial of service...

7.5CVSS3.4AI score0.041EPSS
Exploits1References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•36 views

Updated plib packages fix security vulnerability

Integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA function in src/ssg/ssgLoadTGA.cxx file...

9.3CVSS4.2AI score0.02921EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•43 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this...

9.8CVSS0.7AI score0.01923EPSS
Exploits0References3
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•36 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...

8.8CVSS2.6AI score0.01735EPSS
Exploits1References4
Mageia
Mageia
•added 2021/10/13 7:39 p.m.•152 views

Updated xstream/xmlpull/mxparser packages fix security vulnerability

Multiple security vulnerabilities have been discovered in XStream. See references for details...

8.8CVSS1.4AI score0.98124EPSS
Exploits16References3
Mageia
Mageia
•added 2021/10/12 6:56 a.m.•54 views

Updated libreoffice packages fix security vulnerability

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

7.5CVSS4.1AI score0.00709EPSS
Exploits0References4
Mageia
Mageia
•added 2021/10/08 7:12 p.m.•128 views

Updated apache packages fix security vulnerability

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

9.8CVSS0.6AI score0.99964EPSS
Exploits174References4
Mageia
Mageia
•added 2021/10/08 4:27 a.m.•58 views

Updated firefox packages fix security vulnerability

Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak...

9.8CVSS0.8AI score0.01923EPSS
Exploits0References4
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•17 views

Updated libss7 packages fix security vulnerability

Unsafe use of strncpy. rhbz1932066...

2.4AI score
Exploits0References2
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•70 views

Updated nodejs packages fix security vulnerability

Multiple security fixes for nodejs. See references for details...

9.8CVSS7.8AI score0.21952EPSS
Exploits3References5
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•43 views

Updated opendmarc packages fix security vulnerability

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field CVE-2019-20790. OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication...

9.8CVSS3.5AI score0.03684EPSS
Exploits3References2
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•35 views

Updated weechat packages fix security vulnerability

A crafted WebSocket frame could result in a crash in the weechat Relay plugin...

7.5CVSS1.5AI score0.01594EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•37 views

Updated cockpit packages fix security vulnerability

Restrict frame embedding to same origin...

4.3CVSS2.2AI score0.01242EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•30 views

Updated fail2ban packages fix security vulnerability

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...

8.1CVSS3.2AI score0.03621EPSS
Exploits1References4
Mageia
Mageia
•added 2021/10/06 7:41 p.m.•25 views

Updated libcryptopp packages fix security vulnerability

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

5.9CVSS1.9AI score0.01157EPSS
Exploits1References2
Mageia
Mageia
•added 2021/10/06 2:38 p.m.•81 views

Updated apache packages fix security vulnerabilities

The updated packages fix a security vulnerabilities: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in...

9.8CVSS0.6AI score0.99992EPSS
Exploits149References4
Mageia
Mageia
•added 2021/10/04 4:42 p.m.•39 views

Updated sqlite packages fix security vulnerability

The updated sqlite packages fix a security vulnerability: Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page CVE-2021-30569...

8.8CVSS2.3AI score0.01359EPSS
Exploits0References2
Mageia
Mageia
•added 2021/10/04 4:42 p.m.•74 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.70 and fixes at least the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released...

7.8CVSS7.7AI score0.01692EPSS
Exploits3References9
Mageia
Mageia
•added 2021/10/04 4:42 p.m.•59 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.70 and fixes at least the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released CVE-2020-16119...

7.8CVSS7.8AI score0.01692EPSS
Exploits3References9
Total number of security vulnerabilities6011