Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2021/06/30 11:58 p.m.•49 views

Updated thunar packages fix a security vulnerability

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program based on the file type without user confirmation. This could be used to achieve code execution CVE-2021-32563...

9.8CVSS2AI score0.03076EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•101 views

Updated systemd packages fix a security vulnerability

A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw...

6.7CVSS3.3AI score0.00464EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•61 views

Updated glibc packages fix security vulnerability

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

9.8CVSS8.8AI score0.02898EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•216 views

Updated sqlite3 packages fix security vulnerabilities

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations CVE-2020-9327. SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed window-function...

7.5CVSS3.7AI score0.04856EPSS
Exploits5References12
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•24 views

Updated p7zip package fixes security vulnerabilities

In p7zip-17.03, the function NCompress::CCopyCoder::Code in CPP/7zip/Common/StreamObjects.cpp will call outStream-Write where a memcpy uses a NULL pointer as destination address, leading to a crash CVE-2021-3465. Null pointer dereference in function Reserve found in p7zip 16.02 rhbz1951218. Null...

3.5AI score
Exploits0References4
Mageia
Mageia
•added 2021/06/30 11:58 p.m.•41 views

Updated dhcp packages fix a security vulnerability

A flaw was found in the Dynamic Host Configuration Protocol DHCP. There is a discrepancy between the code that handles encapsulated option information inleases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. This flaw allo...

7.4CVSS1.6AI score0.06118EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/29 5:31 p.m.•28 views

Updated re2c package fixes a security vulnerability

re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags CVE-2018-21232...

5.5CVSS4.9AI score0.01432EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/29 5:31 p.m.•69 views

Updated nginx package fixes a security vulnerability

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...

7.7CVSS8.4AI score0.53461EPSS
Exploits10References3
Mageia
Mageia
•added 2021/06/29 5:31 p.m.•47 views

Updated nettle packages fix security vulnerabilities

Remote crash in RSA decryption via manipulated ciphertext CVE-2021-3580. A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with...

8.1CVSS7.3AI score0.02686EPSS
Exploits0References5
Mageia
Mageia
•added 2021/06/29 5:31 p.m.•53 views

Updated openvpn packages fix a security vulnerability

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks CVE-2020-15078...

7.5CVSS5.6AI score0.05107EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/28 10:51 p.m.•60 views

Updated trousers packages fix security vulnerabilities

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed CVE-2020-24330. An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with...

7.8CVSS6.8AI score0.00553EPSS
Exploits3References3
Mageia
Mageia
•added 2021/06/28 10:51 p.m.•80 views

Updated java-openjdk packages fix security vulnerabilities

For java-1.8.0 Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing -...

5.9CVSS6.4AI score0.03566EPSS
Exploits0References5
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•40 views

Updated bash packages fix a security vulnerability

A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...

7.8CVSS2AI score0.02608EPSS
Exploits5References2
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•55 views

Updated gnutls packages fix security vulnerabilities

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences CVE-2021-20231. A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other...

9.8CVSS2.3AI score0.03751EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•76 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

5.5CVSS6.1AI score0.00922EPSS
Exploits4References2
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•49 views

Updated openjpeg2 packages fix a security vulnerability

A heap-based buffer overflow was found in openjpeg. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg CVE-2021-3575...

7.8CVSS5AI score0.01536EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•41 views

Updated libgcrypt packages fix a security vulnerability

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately CVE-2021-33560...

7.5CVSS7AI score0.02342EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•37 views

Updated leptonica packages fix security vulnerabilities

Leptonica before 1.80.0 allows a denial of service application crash via an incorrect left shift in pixConvert2To8 in pixconv.c CVE-2020-36277. Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c CVE-2020-36278. Leptonica before 1.80.0 allows a heap-bas...

7.5CVSS4.2AI score0.02871EPSS
Exploits5References3
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•83 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

5.5CVSS6.1AI score0.00922EPSS
Exploits4References2
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•70 views

Updated glibc packages fix a security vulnerability

A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence CVE-2016-10228...

5.9CVSS3.4AI score0.04006EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/28 9:16 p.m.•33 views

Updated tor package fixes security vulnerabilities

Don't allow relays to spoof RELAYEND or RELAYRESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it CVE-2021-34548. hashtable-based CPU denial-of-service atta...

7.5CVSS0.8AI score0.02721EPSS
Exploits0References4
Mageia
Mageia
•added 2021/06/25 2:43 p.m.•55 views

Updated samba and ldb packages fix security vulnerabilities

A flaw was found in samba. Spaces used in a string around a domain name DN, while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability...

7.5CVSS7.6AI score0.04328EPSS
Exploits0References5
Mageia
Mageia
•added 2021/06/25 2:43 p.m.•22 views

Updated graphicsmagick packages fix security vulnerabilities

Updated graphicsmagick packages fix security vulnerabilities: The graphicsmagick package has been updated to version 1.3.36, fixing several security issues and other bugs. See the upstream NEWS file for details...

3.1AI score
Exploits0References2
Mageia
Mageia
•added 2021/06/25 2:43 p.m.•42 views

Updated matio packages fix a security vulnerability

A memory leak was discovered in MatVarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case CVE-2019-20052...

6.5CVSS2.1AI score0.01082EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•40 views

Updated gnome-autoar packages fix a security vulnerability

gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations CVE-2021-28650. Also the previous update Bug 28454 introduced a regression, fixed here...

5.5CVSS3.9AI score0.00528EPSS
Exploits0References4
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•13 views

Updated kernel packages fix security and other issues

The kernel update in MGASA-2021-0257 contained some security fixes that caused regressions in at least some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes. For more info...

2.1AI score
Exploits0References3
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•18 views

Updated kernel-linus packages fix security and other issues

The kernel-linus update in MGASA-2021-0258 contained some security fixes that caused regressions in at least some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes. For more...

1.9AI score
Exploits0References3
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•65 views

Updated bluez packages fix security vulnerability

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.3CVSS6.5AI score0.00872EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•35 views

Updated qtwebsockets5 packages fix a security vulnerability

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption CVE-2018-21035...

8.6CVSS5AI score0.02281EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•46 views

Updated bind packages fix a security vulnerability

Incremental zone transfers IXFR provide a way of transferring changed portions of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in...

6.5CVSS2.6AI score0.0594EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•44 views

Updated ffmpeg packages fix a security vulnerability

An out-of-bounds write in decodeframe in libavcodec/exr.c because of errors in calculations of when to perform memset zero operations CVE-2020-35965...

7.5CVSS3.5AI score0.02263EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•76 views

Updated guacd packages fix security vulnerabilities

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

7.5CVSS0.7AI score0.021EPSS
Exploits0References6
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•28 views

Updated cifs-utils packages fix a security vulnerability

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity CVE-2021-20208...

6.1CVSS3.8AI score0.00642EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•45 views

Updated wireshark packages fix a security vulnerability

The DVB-S2-BB dissector could go into an infinite loop...

7.5CVSS1.8AI score0.01789EPSS
Exploits0References5
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•46 views

Updated apache-mod_auth_openidc package fixes a security vulnerability

modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of- service DoS condition via unspecified vectors CVE-2021-20718...

7.5CVSS6.9AI score0.03395EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•31 views

Updated tunnel packages fix security vulnerability

Updated stunnel package fixes security vulnerability: Client certificate not correctly verified when redirect and verifyChain options are used CVE-2021-20230...

7.5CVSS2.6AI score0.01179EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•32 views

Updated wavpack packages fix a security vulnerability

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument CVE-2020-35738...

6.1CVSS3.8AI score0.01196EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•24 views

Updated slic3r package fixes a security vulnerability

An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

8.6CVSS4.7AI score0.01897EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/23 5:11 p.m.•53 views

Updated xscreensaver packages fix security vulnerability

An issue allowing to cause crash and locked screen bypass CVE-2021-34557...

4.6CVSS2AI score0.0048EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/18 7:24 p.m.•35 views

Updated python-eventlet packages fix security vulnerability

Updated python-eventlet packages fix a security vulnerability: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data...

5.3CVSS1.2AI score0.01807EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/18 7:24 p.m.•36 views

Updated python-pikepdf packages fix security vulnerability

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries CVE-2021-29421...

7.5CVSS5.5AI score0.01713EPSS
Exploits0References1
Mageia
Mageia
•added 2021/06/18 7:24 p.m.•34 views

Updated python-babel packages fix a security vulnerability

Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code CVE-2021-20095...

6.1AI score
Exploits0References3
Mageia
Mageia
•added 2021/06/18 7:24 p.m.•49 views

Updated puddletag packages fix security vulnerability

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized CVE-2021-23358...

7.2CVSS4AI score0.04087EPSS
Exploits2References1
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•68 views

Updated python-bleach packages fix a security vulnerability

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp"...

6.1CVSS1.5AI score0.00483EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•69 views

Updated openssh packages fix a security vulnerability

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host CVE-2021-28041...

7.1CVSS1.6AI score0.03422EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•72 views

Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

9.8CVSS6.8AI score0.68067EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•15 views

Updated libgd packages fix a security vulnerability

A potential integer overflow is fixed in version 2.3.1...

5.8AI score
Exploits0References3
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•156 views

Updated gsoap packages fix security vulnerabilities

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability CVE-2020-13574. A denial-of-service vulnerability exists in...

9.8CVSS1.4AI score0.0586EPSS
Exploits5References7
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•39 views

Updated qt4 and qtsvg5 packages fix a security vulnerability

An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue CVE-2021-3481...

7.1CVSS1.7AI score0.00511EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/16 8:22 p.m.•49 views

Updated perl-Image-ExifTool package fixes a security vulnerability

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image CVE-2021-22204...

7.8CVSS8.3AI score0.99981EPSS
Exploits39References5
Total number of security vulnerabilities6012