Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2021/08/15 8:38 a.m.•36 views

Updated spice packages fix security vulnerability

Updated spice packages fix security vulnerability: A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by performing many renegotiations within a single connection CVE-2021-20201...

5.3CVSS3.8AI score0.02703EPSS
Exploits1References3
Mageia
Mageia
•added 2021/08/15 8:38 a.m.•48 views

Updated qtwebengine5 packages fix security vulnerabilities

Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.5, fixing several security issues in the bundled chromium code...

9.6CVSS3.5AI score0.23406EPSS
Exploits8References2
Mageia
Mageia
•added 2021/08/15 8:38 a.m.•40 views

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash CVE-2021-29980. Instruction reordering during JIT optimization resulted in a sequence of...

8.8CVSS1.6AI score0.01451EPSS
Exploits5References3
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•62 views

Updated glibc packages fix security issue

The recent fix for CVE-2021-33574 released in MGASA-2021-0308 introduced a NULL pointer dereference because mqnotify.c mishandles certain NOTIFYREMOVED data, that will result in segmentation fault. This update adds the missing NULL pointer check to resolve this issue CVE-2021-38604...

7.5CVSS8.4AI score0.03045EPSS
Exploits1References1
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•72 views

Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to...

9.3CVSS1.5AI score0.03692EPSS
Exploits5References4
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•34 views

Updated dino packages fix security vulnerability

Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators CVE-2021-33896...

5.3CVSS4.3AI score0.01766EPSS
Exploits0References3
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•59 views

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash CVE-2021-29980. Instruction reordering during JIT optimization resulted in a sequence of instructions...

8.8CVSS1.6AI score0.01451EPSS
Exploits5References4
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•40 views

Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability: insecure sVirt label generation CVE-2021-3631...

6.3CVSS2.5AI score0.00493EPSS
Exploits1References2
Mageia
Mageia
•added 2021/08/14 2:0 p.m.•57 views

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise the MariaDB server...

7.1CVSS2.3AI score0.08216EPSS
Exploits0References2
Mageia
Mageia
•added 2021/08/07 9:31 a.m.•51 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.56 and fixes at least the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism...

5.5CVSS1.6AI score0.0046EPSS
Exploits2References7
Mageia
Mageia
•added 2021/08/07 9:31 a.m.•64 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.56 and fixes at least the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection...

5.5CVSS3.7AI score0.0046EPSS
Exploits2References5
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•36 views

Updated libsndfile packages fix security vulnerability

Updated libsndfile packages fix security vulnerability: A heap buffer overflow vulnerability in msadpcmdecodeblock of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file CVE-2021-3246...

8.8CVSS6.3AI score0.03292EPSS
Exploits1References1
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•46 views

Updated python-pillow packages fix security vulnerabilities

Updated python-pillow packages fix security vulnerabilities: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala CVE-2021-25287. An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi...

9.8CVSS1.3AI score0.03162EPSS
Exploits0References1
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•64 views

Updated nodejs packages fix security vulnerability

Updated nodejs packages fix security vulnerability: Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior CVE-2021-22930...

9.8CVSS2.3AI score0.37286EPSS
Exploits0References2
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•39 views

Updated php-pear packages fix security vulnerability

Updated php-pear packages fix security vulnerability: In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive CVE-2021-32610...

7.1CVSS2.5AI score0.73377EPSS
Exploits0References1
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•33 views

Updated fetchmail packages fix security vulnerability

Updated fetchmail packages fix security vulnerability: reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages...

7.5CVSS4.4AI score0.0256EPSS
Exploits0References2
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•124 views

Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server packages fix security vulnerabilities: RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP...

7.5CVSS3.4AI score0.01437EPSS
Exploits2References1
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•42 views

Updated bluez packages fix security vulnerability

Updated bluez packages fix security vulnerability: Adapter incorrectly restores Discoverable state after powered down CVE-2021-3658...

6.5CVSS2.4AI score0.00795EPSS
Exploits0References1
Mageia
Mageia
•added 2021/08/06 9:33 a.m.•31 views

Updated exiv2 packages fix security vulnerability

Updated exiv2 packages fix security vulnerability: A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service DOS via crafted metadata CVE-2021-31291...

5.2AI score
Exploits0References1
Mageia
Mageia
•added 2021/07/28 8:0 p.m.•41 views

Updated aspell packages fix security vulnerability

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist CVE-2019-25051...

7.8CVSS4.5AI score0.00549EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/28 8:0 p.m.•61 views

Updated varnish packages fix a security vulnerability

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS2.7AI score0.01599EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•27 views

Updated perl-Net-Netmask package fixes a security vulnerability

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses CVE-2021-29424...

7.5CVSS6AI score0.02001EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•35 views

Updated transfig package fixes a security vulnerability

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in readobjects could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as...

7.1CVSS4.1AI score0.01178EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•55 views

Updated curl packages fix security vulnerabilities

Wrong content via metalink not discarded CVE-2021-22922. Metalink download sends credentials CVE-2021-22923. Bad connection reuse due to flawed path name checks CVE-2021-22924. TELNET stack contents disclosure again CVE-2021-22925...

6.5CVSS6.5AI score0.0627EPSS
Exploits4References6
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•20 views

Updated perl-Net-CIDR-Lite package fixes a security vulnerability

It was discovered that the perl Net-CIDR-Lite module did not correctly handle IP addresses with IP octets containing leading zeros. Leading zeros were ignored, while the underlying system can treat such octets as octal numbers and interpret them differently. For example, IP address of 010.0.0.1 w...

1.8AI score
Exploits0References3
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•173 views

Updated python-urllib3 package fixes security vulnerabilities

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for...

7.5CVSS7.2AI score0.03273EPSS
Exploits0References8
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•42 views

Updated virtualbox packages fix security vulnerability

This update provides the upstream 6.1.24 maintenance release that fixes at least the following security vulnerabilities: An easily exploitable vulnerability in the Oracle VM VirtualBox component: Core prior to 6.1.24 allows high privileged attacker with logon to the infrastructure where Oracle VM...

8.2CVSS2.5AI score0.00731EPSS
Exploits0References3
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•202 views

Updated jdom/jdom2 packages fix a security vulnerability

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request CVE-2021-33813...

7.5CVSS4.5AI score0.19442EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•46 views

Updated netty packages fix security vulnerabilities

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

5.9CVSS6.5AI score0.18891EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•51 views

Updated pdfbox packages fix security vulnerabilities

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions CVE-2021-31811. In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file...

5.5CVSS3.8AI score0.03445EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•39 views

Updated filezilla packages fix security vulnerability

filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by...

5.9CVSS3.3AI score0.03146EPSS
Exploits0References6
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•18 views

Updated perl-Mojolicious package fixes security vulnerability

This update backports some significant security fixes relating to session security from the upstream 9.19 release. See upstream references for more informations...

1.8AI score
Exploits0References4
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•82 views

Updated quassel packages fix a security vulnerability

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system CVE-2021-34825. Also, the default IRC server has been changed from Freenode to Libera Chat, as upstream has moved their quassel channel there...

7.5CVSS1.6AI score0.00616EPSS
Exploits1References3
Mageia
Mageia
•added 2021/07/27 8:21 p.m.•255 views

Updated python3 packages fix security vulnerabilities

Update python3 to 3.8.11 to fix several security issues. Fixes in 3.8.10 are also included. Bundled pip and setuptools were updated in 3.8.11 so python-pip needs to be updated to 21.1.3 and python-setuptools to 56.2.0 at the same time. Also, we fix the following issue: In Python before 3.9.5, the...

9.8CVSS4AI score0.06827EPSS
Exploits1References5
Mageia
Mageia
•added 2021/07/25 2:45 p.m.•190 views

Updated python-pip packages fix security vulnerabilities

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository CVE-2021-3572. The bundled python-urllib3 was also vulnerable to: The urllib3 library 1.26.x before 1.26.4 for...

7.5CVSS7AI score0.03273EPSS
Exploits2References5
Mageia
Mageia
•added 2021/07/25 2:45 p.m.•79 views

Updated xstream packages fix security vulnerabilities

In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream CVE-2021-21341...

9.9CVSS4.1AI score0.82136EPSS
Exploits11References5
Mageia
Mageia
•added 2021/07/25 2:45 p.m.•109 views

Updated redis package fixes security vulnerabilities

An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution CVE-2021-29477. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially...

8.8CVSS5.9AI score0.31049EPSS
Exploits0References6
Mageia
Mageia
•added 2021/07/25 2:45 p.m.•64 views

Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

9.8CVSS3.9AI score0.69062EPSS
Exploits3References9
Mageia
Mageia
•added 2021/07/25 8:34 a.m.•48 views

Updated lib3mf packages fix security vulnerability

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2021-21772. A new package 'act' is...

8.1CVSS4.8AI score0.04339EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/25 8:34 a.m.•62 views

Updated golang packages fix security vulnerabilities

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method CVE-2021-27918. net/http in Go before 1.15.12 and 1.16.x before 1.16....

7.5CVSS7.7AI score0.06975EPSS
Exploits5References6
Mageia
Mageia
•added 2021/07/22 7:8 a.m.•65 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.52 and fixes at least the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root CVE-2021-3609. A vulnerability was found in the Linux kernel. Missing size validations on inbound...

7.8CVSS6.9AI score0.09729EPSS
Exploits7References7
Mageia
Mageia
•added 2021/07/22 7:8 a.m.•40 views

Updated systemd packages fix security vulnerabilities

This systemd update provides the v246.15 maintenance release and fixes at least the following security issues: An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK...

6.1CVSS6.5AI score0.0865EPSS
Exploits3References3
Mageia
Mageia
•added 2021/07/22 7:8 a.m.•74 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.52 and fixes at least the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root CVE-2021-3609. A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP...

7.8CVSS7AI score0.09729EPSS
Exploits7References7
Mageia
Mageia
•added 2021/07/21 12:18 p.m.•35 views

Updated wireshark packages fix a security vulnerability

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVE-2021-22235...

7.5CVSS3.4AI score0.03296EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/21 12:18 p.m.•44 views

Updated perl-Convert-ASN1 package fixes security vulnerability

perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected input CVE-2013-7488...

7.5CVSS6.7AI score0.04158EPSS
Exploits1References2
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•30 views

Updated rvxt-unicode, mxrvt, eterm packages fix security vulnerability

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ESC G Q. A response is terminated by a newline CVE-2021-33477...

8.8CVSS2.7AI score0.04012EPSS
Exploits1References7
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•54 views

Updated tomcat packages fix security vulnerabilities

When responding to new h2c connection requests, Apache Tomcat versions 9.0.0.M1 to 9.0.41 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request CVE-2021-25122. The fix for...

7.5CVSS7.6AI score0.18114EPSS
Exploits15References6
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•70 views

Updated glibc packages fix security vulnerability

An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input CVE-2021-35942...

9.1CVSS8.1AI score0.02678EPSS
Exploits0References2
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•50 views

Updated libuv packages fix security vulnerability

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS1AI score0.23132EPSS
Exploits1References4
Mageia
Mageia
•added 2021/07/20 10:46 a.m.•43 views

Updated zziplib packages fix security vulnerability

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzipfileread" in the function "unzzipcatfile" CVE-2020-18442...

3.3CVSS5.7AI score0.00745EPSS
Exploits1References2
Total number of security vulnerabilities6011