Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
added 2021/03/04 4:53 p.m.130 views

Updated openssl and compat-openssl10 packages fix security vulnerabilities

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service CVE-2021-23840. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...

7.5CVSS2.3AI score0.50732EPSS
Exploits0References3
Mageia
Mageia
added 2021/03/04 4:53 p.m.33 views

Updated gnome-autoar packages fix security vulnerability

Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution CVE-2020-36241...

5.5CVSS3.8AI score0.00639EPSS
Exploits1References2
Mageia
Mageia
added 2021/03/04 4:53 p.m.52 views

Updated openldap packages fix security vulnerabilities

It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service CVE-2020-36221. It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A...

7.5CVSS2.7AI score0.84224EPSS
Exploits1References3
Mageia
Mageia
added 2021/03/04 4:53 p.m.41 views

Updated bind packages fix security vulnerability

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, which could result in denial of service daemon crash, or potentially the execution of arbitrary code CVE-2020-8625. The default configuration is not vulnerable to...

8.1CVSS4.3AI score0.64161EPSS
Exploits0References3
Mageia
Mageia
added 2021/03/04 12:26 p.m.39 views

Updated firefox packages fix security vulnerabilities

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs CVE-2021-23968. As specified in the W3C...

8.8CVSS0.8AI score0.0153EPSS
Exploits0References3
Mageia
Mageia
added 2021/03/04 12:26 p.m.61 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.19 and fixes at least the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y, CONFIGBPF=y, CONFIGCGROUPS=y, CONFIGCGROUPBPF=y, CONFIGHARDENEDUSERCOPY...

7.8CVSS0.7AI score0.00544EPSS
Exploits1References11
Mageia
Mageia
added 2021/03/04 12:26 p.m.86 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.19 and fixes at least the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y, CONFIGBPF=y, CONFIGCGROUPS=y, CONFIGCGROUPBPF=y,...

7.8CVSS1AI score0.00544EPSS
Exploits1References7
Mageia
Mageia
added 2021/03/04 12:26 p.m.42 views

Updated thunderbird packages fix security vulnerabilities

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs CVE-2021-23968. As specified in the W3C...

8.8CVSS0.8AI score0.0153EPSS
Exploits0References3
Mageia
Mageia
added 2021/03/04 12:26 p.m.51 views

Updated libtiff packages fix security vulnerabilities

The updated libtiff packages fix security vulnerabilities: - Integer overflow in tifgetimage.c CVE-2020-35523. - Heap-based buffer overflow in TIFF2PDF tool CVE-2020-35524. - Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the “TIFFVGetField” funtion in the...

7.8CVSS7.2AI score0.01922EPSS
Exploits0References4
Mageia
Mageia
added 2021/03/04 12:26 p.m.104 views

Updated nonfree firmware packages fix security vulnerability

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes at least the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a...

3.1CVSS0.2AI score0.07709EPSS
Exploits7References1
Mageia
Mageia
added 2021/03/04 12:26 p.m.77 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.19 and fixes at least the following security issues: An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel. A userland application can read the contents of the sigpage, which can leak kernel memory...

7.8CVSS1AI score0.00544EPSS
Exploits1References5
Mageia
Mageia
added 2021/03/04 12:26 p.m.138 views

Updated nonfree firmware packages fix security vulnerability

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes at least the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a...

3.1CVSS0.1AI score0.07709EPSS
Exploits7References1
Mageia
Mageia
added 2021/03/04 12:26 p.m.87 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.19 and fixes at least the following security issues: An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An...

7.8CVSS1.1AI score0.00544EPSS
Exploits1References9
Mageia
Mageia
added 2021/03/02 10:33 p.m.70 views

Updated openjpeg2 packages fix security vulnerability

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as...

8.3CVSS4.9AI score0.01329EPSS
Exploits0References2
Mageia
Mageia
added 2021/03/02 10:33 p.m.40 views

Updated xterm package fixes security vulnerability

xterm through Patch 365 allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted UTF-8 character sequence. CVE-2021-27135...

9.8CVSS7.3AI score0.07541EPSS
Exploits1References4
Mageia
Mageia
added 2021/03/02 10:33 p.m.32 views

Updated wpa_supplicant packages fix security vulnerability

A vulnerability was discovered in how p2p/p2ppd.c in wpasupplicant before 2.10 processes P2P Wi-Fi Direct provision discovery requests. It could result in denial of service or other impact potentially execution of arbitrary code, for an attacker within radio range CVE-2021-27803...

7.5CVSS3.7AI score0.01228EPSS
Exploits0References3
Mageia
Mageia
added 2021/02/28 11:16 p.m.23 views

Updated pix packages fix a security vulnerability

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...

7.8CVSS6.8AI score0.02149EPSS
Exploits2References1
Mageia
Mageia
added 2021/02/28 11:16 p.m.55 views

Updated nodejs packages fix security vulnerabilities

Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. Upgrade from Mageia 7 to 8 problem fixed...

7.8CVSS2.6AI score0.77385EPSS
Exploits1References5
Mageia
Mageia
added 2021/02/28 11:16 p.m.38 views

Updated subversion packages fix security dos vulnerability

Subversion has been updated to fix a remote unauthenticated denial-of-service in Subversion modauthzsvn...

7.5CVSS3.7AI score0.40075EPSS
Exploits1References2
Mageia
Mageia
added 2021/02/19 10:27 a.m.36 views

Updated coturn package fixes a security vulnerability

When sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a malicious user would be able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either ::1 or :: as t...

7.2CVSS2.9AI score0.01282EPSS
Exploits3References2
Mageia
Mageia
added 2021/02/19 10:27 a.m.88 views

Updated mediawiki packages fix security vulnerability

In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colu...

7.5CVSS6.6AI score0.01573EPSS
Exploits2References4
Mageia
Mageia
added 2021/02/19 10:27 a.m.33 views

Updated privoxy package fixes security vulnerabilities

Fixed a memory leak when decompression fails "unexpectedly". CVE-2021-20216 Prevent an assertion from getting triggered by a crafted CGI request. CVE-2021-20217...

7.8CVSS2.4AI score0.02276EPSS
Exploits0References4
Mageia
Mageia
added 2021/02/19 10:27 a.m.80 views

Updated veracrypt package fixes a security vulnerability

IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 Veracrypt, all versions Truecrypt is affected by a Buffer Overflow that can lead to information disclosure of kernel stack through a locally executed code with IOCTL request to driver CVE-2019-1010208...

3.3CVSS4.8AI score0.00461EPSS
Exploits0References1
Mageia
Mageia
added 2021/02/15 7:24 p.m.14 views

Updated chromium-browser packages fix security vulnerability

The updated packages fix security vulnerabilities. One of those problems is a security issue in V8 engine that is actively exploited...

2.5AI score
Exploits0References4
Mageia
Mageia
added 2021/02/15 7:24 p.m.46 views

Updated trojita packages fix security vulnerability

Damian Poddebniak discovered a TLS verification failure in Trojitá. When sending e-mails over SMTP, all TLS errors were ignored CVE-2020-15047...

5.9CVSS3.5AI score0.00798EPSS
Exploits0References4
Mageia
Mageia
added 2021/02/15 7:24 p.m.60 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.14 and fixes at least the following security issues: nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O...

7CVSS2AI score0.01602EPSS
Exploits1References4
Mageia
Mageia
added 2021/02/15 7:24 p.m.51 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.10.14 and fixes at least the following security issues: A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AFVSOCK implementation are caused by wrong locking in net/vmwvsock/afvsock.c...

7CVSS2.8AI score0.01602EPSS
Exploits1References4
Mageia
Mageia
added 2021/02/11 8:36 p.m.34 views

Updated phpldapadmin package fixes a security vulnerability

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php CVE-2020-35132...

5.4CVSS4.6AI score0.01226EPSS
Exploits1References2
Mageia
Mageia
added 2021/02/11 8:36 p.m.31 views

Updated gssproxy package fixes a security vulnerability

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c CVE-2020-12658...

9.8CVSS2.5AI score0.01681EPSS
Exploits0References2
Mageia
Mageia
added 2021/02/10 6:41 p.m.66 views

Updated nethack packages fix security vulnerabilities

Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own...

9.8CVSS4.3AI score0.03384EPSS
Exploits0References14
Mageia
Mageia
added 2021/02/10 6:41 p.m.27 views

Updated perl-Email-MIME and perl-Email-MIME-ContentType packages fix security vulnerability

Messages with too many tiny nested MIME parts can lead to memory exhaustion on split, resulting in denial of service rhbz1835353 This update limits the number of nested MIME parts to 10 by default, to avoid a possible memory exhaustion issue with lots of tiny MIME parts...

2.3AI score
Exploits0References3
Mageia
Mageia
added 2021/02/10 6:41 p.m.37 views

Updated gstreamer1.0-plugins-bad packages fix security vulnerability

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. CVE-2021-3185...

9.8CVSS4.2AI score0.02377EPSS
Exploits0References4
Mageia
Mageia
added 2021/02/08 5:58 p.m.50 views

Updated php packages fix a security vulnerability

The php packages are updated to version 7.3.27 to fix a Null Dereference in SoapClient SOAP. CVE-2021-21702. Note also php packages version 7.4.15-1.mga7 are available in backports/updates...

7.5CVSS3.5AI score0.03179EPSS
Exploits0References2
Mageia
Mageia
added 2021/02/08 5:58 p.m.48 views

Updated phppgadmin package fixes a security vulnerability

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, database.php does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit...

9.6CVSS2.2AI score0.0364EPSS
Exploits1References1
Mageia
Mageia
added 2021/02/08 5:58 p.m.36 views

Updated wpa_supplicant packages fix a security vulnerability

A vulnerability was discovered in how wpasupplicant processing P2P Wi-Fi Direct group information from active group owners. The actual parsing of that information validates field lengths appropriately, but processing of the parsed information misses a length check when storing a copy of the...

7.9CVSS2.5AI score0.04707EPSS
Exploits1References2
Mageia
Mageia
added 2021/02/06 6:20 p.m.33 views

Updated python-py packages fix a security vulnerability

A denial of service via regular expression in the py.path.svnwc component of python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality CVE-2020-29651...

7.5CVSS6.7AI score0.04607EPSS
Exploits0References2
Mageia
Mageia
added 2021/02/06 6:20 p.m.51 views

Updated tomcat packages fix a security vulnerability

When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath which in turn was caused by the...

5.9CVSS3.3AI score0.22852EPSS
Exploits0References3
Mageia
Mageia
added 2021/02/06 6:20 p.m.38 views

Updated gdisk package fixes security vulnerabilities

A bug that could cause segfault if GPT header claimed partition entries are oversized CVE-2020-0256. A bug that could cause a crash if a badly-formatted MBR disk was read CVE-2021-0308. The gdisk package has been updated to version 1.0.6, fixing these issues and several other bugs. See the upstre...

7.2CVSS2.2AI score0.00436EPSS
Exploits0References2
Mageia
Mageia
added 2021/02/05 11:54 a.m.44 views

Updated nodejs packages fix security vulnerabilities

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

8.1CVSS2.1AI score0.16296EPSS
Exploits3References5
Mageia
Mageia
added 2021/02/05 11:54 a.m.55 views

Updated nodejs-ini package fixes a security vulnerability

It was discovered that there was an issue in nodejs-ini, where an application could be exploited by a malicious input file. This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on th...

9.8CVSS4AI score0.03612EPSS
Exploits1References2
Mageia
Mageia
added 2021/02/05 11:54 a.m.39 views

Updated mutt packages fix a security vulnerability

It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service because rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequence...

6.5CVSS3.3AI score0.02796EPSS
Exploits0References5
Mageia
Mageia
added 2021/02/04 1:40 p.m.34 views

Updated messagelib packages fix a security vulnerability

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...

4.3CVSS1AI score0.00586EPSS
Exploits1References2
Mageia
Mageia
added 2021/02/04 1:40 p.m.49 views

Updated thunderbird packages fix security vulnerabilities

Cross-origin information leakage via redirected PDF requests. CVE-2021-23953 Type confusion when using logical assignment operators in JavaScript switch statements. CVE-2021-23954 IMAP Response Injection when using STARTTLS. CVE-2020-15685 HTTPS pages could have been intercepted by a registered...

8.8CVSS1.1AI score0.01556EPSS
Exploits1References3
Mageia
Mageia
added 2021/02/04 1:40 p.m.61 views

Updated ruby-nokogiri packages fix security vulnerabilities

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename...

9.8CVSS8AI score0.05899EPSS
Exploits0References3
Mageia
Mageia
added 2021/02/04 1:40 p.m.41 views

Updated firefox packages fix security vulnerabilities

When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing CVE-2020-26976. If a user clicked into a...

8.8CVSS0.1AI score0.01556EPSS
Exploits0References3
Mageia
Mageia
added 2021/02/04 1:40 p.m.43 views

Updated python and python3 packages fix security vulnerability

A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...

9.8CVSS1.7AI score0.23293EPSS
Exploits1References2
Mageia
Mageia
added 2021/02/01 5:53 p.m.72 views

Updated kernel-linus packages fix security vulnerability

This kernel-linus update is based on upstream 5.10.12 and fixes at least the following security issue: An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel CVE-2021-3347...

7.8CVSS3.1AI score0.01377EPSS
Exploits1References2
Mageia
Mageia
added 2021/01/31 9:34 p.m.40 views

Updated php-pear packages fix a security vulnerability

The updated php-pear packages fix a security vulnerability in component Archivetar, a symlink out-of-path write vulnerability. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193...

7.5CVSS3.3AI score0.70595EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/31 9:34 p.m.73 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.12 and fixes at least the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPL...

7.8CVSS3.9AI score0.02417EPSS
Exploits1References6
Mageia
Mageia
added 2021/01/29 7:5 p.m.27 views

Updated db53 packages fix a security vulnerability

Vulnerability in the Data Store component of Oracle Berkeley DB. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in...

3.3CVSS5.3AI score0.00604EPSS
Exploits0References3
Total number of security vulnerabilities6012