Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
added 2021/10/02 6:57 p.m.37 views

Updated icu packages fix security vulnerability

Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30535...

8.8CVSS2.1AI score0.01128EPSS
Exploits1References2
Mageia
Mageia
added 2021/10/02 6:57 p.m.23 views

Updated libspf2 packages fix security vulnerability

Updated libspf2 packages fix buffer overflow...

9.8CVSS3.5AI score0.0281EPSS
Exploits0References3
Mageia
Mageia
added 2021/10/02 6:57 p.m.35 views

Updated c-ares packages fix security vulnerability

Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...

6.8CVSS6.5AI score0.02617EPSS
Exploits1References6
Mageia
Mageia
added 2021/10/02 6:57 p.m.135 views

Updated python-rsa packages fix security vulnerability

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. CVE-2020-25658...

7.5CVSS3.7AI score0.01631EPSS
Exploits1References2
Mageia
Mageia
added 2021/10/02 6:57 p.m.34 views

Updated perl-DBI packages fix security vulnerability

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. CVE-2014-10402...

6.1CVSS6.5AI score0.00488EPSS
Exploits1References2
Mageia
Mageia
added 2021/10/02 6:57 p.m.10 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to 94.0.4606.61 version that fixes multiples security vulnerabilities. From 90.0.4430.72 released on April 14, 2021 to 94.0.4606.61 version, see upstream advisories...

3.6AI score
Exploits0References18
Mageia
Mageia
added 2021/10/02 6:57 p.m.55 views

Updated apache-mod_auth_openidc packages fix security vulnerability

In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. CVE-2021-32786 In modauthopenidc before version 2.4.9, the AES GCM encrypti...

7.5CVSS2.6AI score0.02731EPSS
Exploits1References4
Mageia
Mageia
added 2021/10/02 6:57 p.m.64 views

Updated python packages fix security vulnerability

Denial of service when identifying crafted invalid RFCs Security fix for CVE-2021-3737: python client can enter an infinite loop on a 100 Continue response from the server...

6.5CVSS2.6AI score0.04675EPSS
Exploits1References2
Mageia
Mageia
added 2021/09/29 5:22 p.m.14 views

Updated gstreamer packages fix security issues

GStreamer has been updated to 1.18.5 to fix various bugs and some security issues...

1.9AI score
Exploits0References2
Mageia
Mageia
added 2021/09/29 5:22 p.m.41 views

Updated mosquitto packages fix security vulnerability

Mosquitto is updated to 2.0.12 to fix security vulnerability: In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client...

5.3CVSS2.3AI score0.01367EPSS
Exploits1References2
Mageia
Mageia
added 2021/09/29 5:22 p.m.48 views

Updated webkit2 packages fix security vulnerability

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.32.4, fixing various bugs and the following security issue: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30858...

8.8CVSS5AI score0.13486EPSS
Exploits0References3
Mageia
Mageia
added 2021/09/29 5:22 p.m.61 views

Updated python-pillow packages fix security vulnerability

Updated python-pillow packages fix security vulnerability: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function CVE-2021-23437...

7.5CVSS4.2AI score0.03154EPSS
Exploits1References1
Mageia
Mageia
added 2021/09/29 5:22 p.m.13 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: - Integer overflow in mysqlirealescapestring - Symlinks are followed when creating PHAR archive - shmop can't read beyond 2147483647 bytes - Integer overflow on substrreplace - Heap buffer overflow via strrepeat - Integer Overflow when...

1.9AI score
Exploits0References3
Mageia
Mageia
added 2021/09/29 5:22 p.m.11 views

Updated qtwebengine5 packages fix security vulnerability

Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.6, fixing several security issues in the bundled chromium code...

3.4AI score
Exploits0References2
Mageia
Mageia
added 2021/09/29 5:22 p.m.49 views

Updated libgcrypt packages fix security vulnerability

The updated packages fix a security vulnerability: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defin...

5.9CVSS1.6AI score0.01423EPSS
Exploits1References2
Mageia
Mageia
added 2021/09/29 5:22 p.m.30 views

Updated libgd packages fix security vulnerability

The updated packages fix a security vulnerability: The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks CVE-2021-40812...

6.5CVSS2.4AI score0.01659EPSS
Exploits0References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.33 views

Updated nextcloud-client packages fix security vulnerability

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. CVE-2021-22895 In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to...

6.5CVSS3.8AI score0.01031EPSS
Exploits2References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.83 views

Updated postgresql packages fix security vulnerability

Memory disclosure in certain queries. CVE-2021-3677...

6.5CVSS2AI score0.0142EPSS
Exploits0References3
Mageia
Mageia
added 2021/09/23 4:49 a.m.44 views

Updated apr packages fix security vulnerability

An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...

7.1CVSS3.1AI score0.01185EPSS
Exploits0References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.32 views

Updated libgd packages fix security vulnerability

readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file. CVE-2021-38115 gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. CVE-2021-40145...

7.5CVSS6.7AI score0.02051EPSS
Exploits2References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.20 views

Updated gifsicle packages fix security vulnerability

Fixes a security vulnerability on certain resize operations with '--resize-method=box'...

2.3AI score
Exploits0References3
Mageia
Mageia
added 2021/09/23 4:49 a.m.80 views

Updated python3 packages fix security vulnerability

bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS. bpo-43124...

7.5CVSS1.7AI score0.11586EPSS
Exploits2References3
Mageia
Mageia
added 2021/09/23 4:49 a.m.59 views

Updated curl packages fix security vulnerability

UAF and double-free in MQTT sending. CVE-2021-22945 Protocol downgrade required TLS bypassed. CVE-2021-22946 STARTTLS protocol injection via MITM. CVE-2021-22947...

9.1CVSS3.5AI score0.06216EPSS
Exploits3References6
Mageia
Mageia
added 2021/09/23 4:49 a.m.33 views

Updated 389-ds-base packages fix security vulnerability

Fixed crypt handling of locked accounts. CVE-2021-3652...

6.5CVSS1.7AI score0.01428EPSS
Exploits0References4
Mageia
Mageia
added 2021/09/23 4:49 a.m.41 views

Updated libssh packages fix security vulnerability

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS1.9AI score0.04683EPSS
Exploits0References5
Mageia
Mageia
added 2021/09/23 4:49 a.m.37 views

Updated lynx packages fix security vulnerability

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. CVE-2021-38165...

5.3CVSS5AI score0.04455EPSS
Exploits0References3
Mageia
Mageia
added 2021/09/23 4:49 a.m.16 views

Updated libarchive packages fix security vulnerability

Fix handling of symbolic link ACLs on Linux. Never follow symlinks when setting file flags on Linux. Do not follow symlinks when processing the fixup list...

1AI score
Exploits0References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.72 views

Updated openssl packages fix security vulnerability

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS8.5AI score0.87816EPSS
Exploits1References4
Mageia
Mageia
added 2021/09/23 4:49 a.m.37 views

Updated vim packages fix security vulnerability

Using retab with large value may lead to heap buffer overflow...

8.6CVSS2AI score0.00735EPSS
Exploits1References3
Mageia
Mageia
added 2021/09/23 4:49 a.m.48 views

Updated ghostscript packages fix security vulnerability

Trivial -dSAFER bypass in 9.55. CVE-2021-3781...

9.9CVSS2.1AI score0.83913EPSS
Exploits0References6
Mageia
Mageia
added 2021/09/23 4:49 a.m.80 views

Updated apache packages fix security vulnerability

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...

9.8CVSS9.3AI score0.99999EPSS
Exploits6References4
Mageia
Mageia
added 2021/09/23 4:49 a.m.32 views

Updated gpac packages fix security vulnerability

A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. CVE-2021-21834 A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause a...

8.8CVSS3.6AI score0.02019EPSS
Exploits24References2
Mageia
Mageia
added 2021/09/23 4:49 a.m.63 views

Updated ansible packages fix security vulnerability

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

7.1CVSS2.8AI score0.00854EPSS
Exploits0References4
Mageia
Mageia
added 2021/09/23 4:49 a.m.45 views

Updated cpio packages fix security vulnerability

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...

7.8CVSS8.4AI score0.0415EPSS
Exploits1References4
Mageia
Mageia
added 2021/09/23 4:49 a.m.36 views

Updated firefox packages fix security vulnerability

Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The firefox...

8.8CVSS1.7AI score0.01205EPSS
Exploits0References7
Mageia
Mageia
added 2021/09/23 4:49 a.m.19 views

Updated proftpd packages fix security vulnerability

Fixes memory disclosure to RADIUS servers by modradius. Ftp clients like filezilla fail to detect locale with in log : "Status: Server does not support non-ASCII characters." This comes from proftpd MultilineRFC2228 directive enabled by default. Without this directive Filezilla is able to enable...

3AI score
Exploits0References4
Mageia
Mageia
added 2021/09/23 4:49 a.m.37 views

Updated thunderbird packages fix security vulnerability

Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Thunderbird ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The...

8.8CVSS2AI score0.01205EPSS
Exploits0References10
Mageia
Mageia
added 2021/09/23 4:49 a.m.33 views

Updated tor packages fix security vulnerability

Henry de Valence reported a flaw in the signature verification code in Tor, a connection-based low-latency anonymous communication system. A remote attacker can take advantage of this flaw to cause an assertion failure, resulting in denial of service...

7.5CVSS2.6AI score0.01685EPSS
Exploits1References3
Mageia
Mageia
added 2021/09/08 9:23 a.m.48 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.62 and fixes at least the following security issues: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel...

7.1CVSS6.8AI score0.0072EPSS
Exploits4References4
Mageia
Mageia
added 2021/09/08 9:23 a.m.68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.62 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over...

7.1CVSS6.5AI score0.0072EPSS
Exploits3References3
Mageia
Mageia
added 2021/09/04 5:1 p.m.37 views

Updated libspf2 packages fix security vulnerability

A stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages CVE-2021-20314...

9.8CVSS6AI score0.0281EPSS
Exploits0References2
Mageia
Mageia
added 2021/09/04 5:1 p.m.37 views

Updated ruby-addressable packages fix security vulnerability

A security flaw was found on rubygem-addressable that a crafted template may cause a Denial of Service CVE-2021-32740...

7.5CVSS2.3AI score0.02199EPSS
Exploits0References2
Mageia
Mageia
added 2021/09/04 5:1 p.m.48 views

Updated golang packages fix security vulnerability

The updated golang packages fix a security vulnerability: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort CVE-2021-36221...

5.9CVSS7AI score0.03128EPSS
Exploits0References6
Mageia
Mageia
added 2021/09/04 5:1 p.m.43 views

Updated exiv2 packages fix security vulnerabilities

The updated exiv2 packages fix security vulnerabilities: An assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a...

5.5CVSS3.3AI score0.01109EPSS
Exploits0References3
Mageia
Mageia
added 2021/08/27 3:29 p.m.54 views

Updated opencontainers-runc packages fix security vulnerability

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS5.8AI score0.06604EPSS
Exploits0References3
Mageia
Mageia
added 2021/08/27 3:29 p.m.22 views

Updated libass packages fix security vulnerability

Updated libass packages fix security vulnerability: libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction CVE-2020-36430...

7.8CVSS3.6AI score0.01075EPSS
Exploits0References2
Mageia
Mageia
added 2021/08/25 5:36 p.m.26 views

Updated gpsd packages fix security vulnerability and other bugs

It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31. This update provides upstream version 3.23 that has this and several other upstream issues fixed. It also fixes issues that prevents it to start properl...

1.3AI score
Exploits0References2
Mageia
Mageia
added 2021/08/23 5:28 a.m.46 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.60 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the a...

8.8CVSS6.8AI score0.00658EPSS
Exploits1References5
Mageia
Mageia
added 2021/08/23 5:28 a.m.83 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.60 and fixes at least the following security issues: A missing validation of the "intctl" VMCB field allows a malicious L1 guest to enable AVIC support Advanced Virtual Interrupt Controller for the L2 guest. The L2 guest is able to write to a...

8.8CVSS6.8AI score0.00658EPSS
Exploits1References5
Mageia
Mageia
added 2021/08/15 8:38 a.m.67 views

Updated sylpheed and claws-mail packages fix security vulnerability

Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...

6.1CVSS1.8AI score0.01155EPSS
Exploits0References2
Total number of security vulnerabilities6011