Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2021/06/13 9:32 p.m.•37 views

Updated gnuchess package fix a security vulnerability

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc. CVE-2021-30184...

7.8CVSS7AI score0.01769EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•30 views

Updated exif packages fix a security vulnerability

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service DoS by uploading a malicious JPEG file, causing the application to crash. CVE-2021-27815...

5.5CVSS4.5AI score0.01268EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•51 views

Updated microcode packages fix security vulnerabilities

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Incomplete cleanup in some IntelR VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2020-24489. Improper isolation ...

8.8CVSS4AI score0.00472EPSS
Exploits0References5
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•45 views

Updated python-lxml packages fix a security vulnerability

An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS3.5AI score0.04002EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•47 views

Updated docker-containerd packages fix security vulnerability

In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...

6.3CVSS2AI score0.02044EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•32 views

Updated djvulibre packages fix security vulnerabilities

Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file. CVE-2021-3500. Out of bounds write in function DJVU::filterbv via crafted djvu file. CVE-2021-32490. Integer overflow in function render in tools/ddjvu via crafted djvu file. CVE-2021-32491 Out of bounds read in...

7.8CVSS3AI score0.01001EPSS
Exploits0References4
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•49 views

Updated rust packages fix security vulnerabilities

This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit...

9.8CVSS3AI score0.0289EPSS
Exploits4References6
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•74 views

Updated python-pygments packages fix a security vulnerability

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

7.5CVSS4.2AI score0.03832EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•53 views

Updated jasper packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened CVE-2021-3443. A NULL pointer dereference fl...

5.5CVSS2.7AI score0.00762EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•17 views

Updated irssi packages fix security vulnerabilities

The irssi packages are updated to irssi 1.2.3 to fix several issues among some security vulnerabilities: memory handling issues memory leaks erroneous free crashes / freezes null pointer dereference when receiving broken JOIN record...

2.5AI score
Exploits0References3
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•43 views

Updated slurm packages fix a security vulnerability

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling CVE-2021-31215...

8.8CVSS2.1AI score0.02902EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•44 views

Updated wpa_supplicant, hostapd packages fix security vulnerability

The wpasupplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. CVE-2021-30004...

5.3CVSS2.9AI score0.01669EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•65 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.43 and fixes at least the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting to a...

7.8CVSS7.6AI score0.07604EPSS
Exploits6References4
Mageia
Mageia
•added 2021/06/13 9:32 p.m.•84 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.43 and fixes at least the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting ...

7.8CVSS7.8AI score0.07604EPSS
Exploits7References4
Mageia
Mageia
•added 2021/06/08 9:45 p.m.•35 views

Updated curl packages fix a security vulnerability

TELNET stack contents disclosure CVE-2021-22898...

3.1CVSS1.8AI score0.04385EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/08 9:45 p.m.•54 views

Updated polkit packages fix a security vulnerability

A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process CVE-2021-3560...

7.8CVSS2.4AI score0.22193EPSS
Exploits37References2
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•33 views

Updated cgal packages fix security vulnerabilities

Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...

10CVSS3AI score0.03265EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•48 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Out of bounds-read when parsing a WMCOPYDATA message. CVE-2021-29964 Memory safety bugs fixed in Thunderbird 78.11. CVE-2021-29967...

8.8CVSS4.2AI score0.01368EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•51 views

Updated exiv2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Heap-based buffer overflow in Jp2Image::readMetadata. CVE-2021-3482 Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. CVE-2021-29457 Out-of-bounds read in Exiv2::Internal::CrwMap::encode. CVE-2021-29458 Exiv2 incorrectly handled...

7.8CVSS3.5AI score0.02295EPSS
Exploits2References5
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•36 views

Updated cgal packages fix security vulnerabilities

Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...

10CVSS2.7AI score0.03265EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•32 views

Updated upx packages fix security vulnerabilities

The updated package fixes security vulnerabilities: A heap buffer overflow read was discovered in upx 4.0.0, because the check in plxelf.cpp is not perfect. CVE-2020-24119 A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or...

8.3CVSS3.2AI score0.01076EPSS
Exploits2References4
Mageia
Mageia
•added 2021/06/08 4:46 p.m.•52 views

Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls CVE-2020-25097...

8.6CVSS2.9AI score0.95785EPSS
Exploits5References11
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•34 views

Updated libpano13 packages fix a security vulnerability

Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20.rc2 and earlier can lead to read and write arbitrary memory values CVE-2021-20307...

9.8CVSS2.2AI score0.01941EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•49 views

Updated libxml2 packages fix a security vulnerability

Exponential entity expansion attack bypasses all existing protection mechanisms. CVE-2021-3541...

6.5CVSS3AI score0.01861EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•49 views

Updated tar package fix a security vulnerability

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability CVE-2021-20193...

4.3CVSS5.8AI score0.01092EPSS
Exploits0References2
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•45 views

Updated firefox packages fix a security vulnerability

Updated firefox packages fix a security vulnerability: Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with...

8.8CVSS2.8AI score0.01368EPSS
Exploits0References11
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•28 views

Updated mpv packages fix a security vulnerability

Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...

7.8CVSS6.4AI score0.02409EPSS
Exploits1References2
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•37 views

Updated graphviz packages fix a security vulnerability

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service application crash by loading a crafted file into the "lib/common/shapes.c" component. CVE-2020-18032...

7.8CVSS7.2AI score0.02618EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•37 views

Updated dnsmasq packages fix a security vulnerability

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...

4.3CVSS5.2AI score0.01988EPSS
Exploits1References3
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•40 views

Updated lz4 packages fix a security vulnerability

An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential...

9.8CVSS8.7AI score0.03216EPSS
Exploits0References3
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•18 views

Updated vlc packages fix security vulnerabilities

A remote user could create a specifically crafted file that could trigger some various issues. It is possible to trigger a remote code execution through a specifically crafted playlist, and tricking the user into interacting with that playlist elements. It is also possible to trigger read or writ...

2.4AI score
Exploits0References5
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•34 views

Updated libebml packages fix security vulnerabilities

Updated libebml packages fix security vulnerabilities: Heap use-after-free when parsing malformed file. A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml CVE-2021-3405. The mkvtoolnix,...

6.5CVSS2.6AI score0.01737EPSS
Exploits1References4
Mageia
Mageia
•added 2021/06/08 2:33 p.m.•37 views

Updated librsvg packages fix a security vulnerability

This update patches the vendored smallvec Rust crate in librsvg to fix a security vulnerability: The Iterator implementation mishandles destructors, leading to a double free CVE-2021-25900...

9.8CVSS2.8AI score0.01666EPSS
Exploits1References2
Mageia
Mageia
•added 2021/05/31 8:31 p.m.•71 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on upstream 5.10.41 and fixes at least the following security issue: kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memor...

7.8CVSS1.2AI score0.00377EPSS
Exploits0References5
Mageia
Mageia
•added 2021/05/31 8:31 p.m.•51 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.41 and fixes at least the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash...

7.8CVSS7.2AI score0.00485EPSS
Exploits1References5
Mageia
Mageia
•added 2021/05/27 1:43 p.m.•44 views

Updated ceph packages fix a security vulnerability

Updated ceph packages fix security vulnerability on rgw CVE-2021-3524 as well as CVE-2021-3509 and CVE-2021-3531 from which Mageia was not affected...

6.5CVSS2.5AI score0.01612EPSS
Exploits0References4
Mageia
Mageia
•added 2021/05/27 1:43 p.m.•51 views

Updated wireshark packages fix a security vulnerability

The MS-WSP dissector could consume excessive amounts of memory CVE-2021-22207...

6.5CVSS2.6AI score0.02023EPSS
Exploits1References4
Mageia
Mageia
•added 2021/05/23 6:45 p.m.•60 views

Updated postgresql packages fix security vulnerabilities

Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027. Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE. CVE-2021-32028. Memory disclosure in partitioned-table UPDATE ... RETURNING. CVE-2021-32029...

8.8CVSS2.3AI score0.0199EPSS
Exploits0References2
Mageia
Mageia
•added 2021/05/23 6:45 p.m.•62 views

Updated bind packages fix security vulnerabilities

A broken inbound incremental zone update IXFR can cause named to terminate unexpectedlyCVE-2021-25214. Mageia 7 version not affected. An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215. This affects both...

9.8CVSS4.5AI score0.83406EPSS
Exploits0References6
Mageia
Mageia
•added 2021/05/23 1:30 a.m.•58 views

Updated mediawiki packages fix security vulnerabilities

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword CVE-2021-20270. A deadlock vulnerability was found in...

7.5CVSS1.1AI score0.03832EPSS
Exploits5References4
Mageia
Mageia
•added 2021/05/23 1:30 a.m.•36 views

Updated libx11 packages fix a security vulnerability

XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...

9.8CVSS4.4AI score0.10634EPSS
Exploits2References4
Mageia
Mageia
•added 2021/05/21 10:47 p.m.•43 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Thunderbird stored OpenPGP secret keys without master password protection CVE-2021-29956. Partial protection of inline OpenPGP message not indicated CVE-2021-29957...

4.3CVSS3.1AI score0.0094EPSS
Exploits2References4
Mageia
Mageia
•added 2021/05/21 10:47 p.m.•49 views

Updated openjpeg2 packages fix a security vulnerability

There is a flaw in the opj2compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The...

5.5CVSS0.4AI score0.0156EPSS
Exploits1References4
Mageia
Mageia
•added 2021/05/19 7:29 p.m.•274 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.37 and fixes at least the following security issues: It was discovered that the iouring implementation of the Linux kernel did not properly enforce the MAXRWCOUNT limit in some situations. A local attacker could use this to cause a denial of...

8.8CVSS8.2AI score0.01754EPSS
Exploits4References5
Mageia
Mageia
•added 2021/05/19 7:29 p.m.•114 views

Updated libxml2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Use-after-free in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3516 Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3517 Use-after-free in xmlXIncludeDoProcess in xinclude.c. CVE-2021-3518 NULL pointer...

8.8CVSS8.3AI score0.0828EPSS
Exploits1References4
Mageia
Mageia
•added 2021/05/19 7:29 p.m.•67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.37 and fixes at least the following security issues: It was discovered that the iouring implementation of the Linux kernel did not properly enforce the MAXRWCOUNT limit in some situations. A local attacker could use this to cause a denial of service...

8.8CVSS8.2AI score0.01754EPSS
Exploits4References5
Mageia
Mageia
•added 2021/05/16 8:54 p.m.•41 views

Updated avahi packages fix a security vulnerability

Avoid infinite loop by handling HUP event in clientwork. CVE-2021-3468...

5.5CVSS1.7AI score0.0045EPSS
Exploits0References4
Mageia
Mageia
•added 2021/05/12 9:56 a.m.•30 views

Updated nagios packages fix a security vulnerability

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files CVE-2020-13977...

4.9CVSS5.4AI score0.02726EPSS
Exploits1References2
Mageia
Mageia
•added 2021/05/12 9:56 a.m.•21 views

Updated pngcheck packages fix a security vulnerability

This update fixes a divide-by-zero crash bug and probable vulnerability in interlaced images with extra compressed data beyond the nominal end of the image data. found by "chiba of topsec alpha lab" rhbz1949800...

1.3AI score
Exploits0References2
Mageia
Mageia
•added 2021/05/12 9:56 a.m.•44 views

Updated mariadb packages fix security vulnerabilities

Some severe exploitable vulnerabilities were discovered and fixed CVE-2021-2154 and CVE-2021-2166. This is a regular update, which brings the usual improvements in innodb, galera. See upstream advisory...

4.9CVSS3.2AI score0.04643EPSS
Exploits0References2
Total number of security vulnerabilities6012