Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
added 2021/01/29 7:5 p.m.66 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.11 and fixes at least the following security issue: SCSI “EXTENDED COPY” XCOPY requests sent to a Linux SCSI target LIO allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to o...

8.1CVSS3.3AI score0.06563EPSS
Exploits0References7
Mageia
Mageia
added 2021/01/29 7:5 p.m.58 views

Updated dnsmasq packages fix security vulnerability

Multiples vulnerabilities have been discovered in dnsmasq up to version 2.82: - subtle errors in dnsmasq's protections against cache-poisoning attacks CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686 - buffer overflow in dnsmasq's DNSSEC code CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and...

8.3CVSS4.3AI score0.86692EPSS
Exploits2References3
Mageia
Mageia
added 2021/01/27 12:40 a.m.50 views

Updated sudo packages fix security vulnerability

A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is no...

7.8CVSS3.9AI score0.99295EPSS
Exploits81References2
Mageia
Mageia
added 2021/01/25 3:25 p.m.82 views

Updated python-pip packages fix security vulnerabilities

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack CVE-2019-20916. urllib3 before 1.25.9 allows CRLF...

7.5CVSS7.8AI score0.03028EPSS
Exploits1References4
Mageia
Mageia
added 2021/01/25 3:25 p.m.95 views

Updated python-urllib3 packages fix security vulnerability

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest CVE-2020-26137...

6.5CVSS7.6AI score0.02269EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/24 12:36 a.m.59 views

Updated glibc packages fix security vulnerability

Security fixes: - fix buffer overrun in EUC-KR conversion module bz 2497 CVE-2019-25013 - arm: CVE-2020-6096: Fix multiarch memcpy for negative length BZ 25620 - arm: CVE-2020-6096: fix memcpy and memmove for negative length BZ 25620 - iconv: Fix incorrect UCS4 inner loop bounds BZ 26923...

8.1CVSS1.4AI score0.05223EPSS
Exploits1References2
Mageia
Mageia
added 2021/01/22 11:50 p.m.17 views

Updated php-oojs-oojs-ui packages fix security vulnerabilities

The php-oojs-oojs-ui package has been updated to version 0.41.0 to pick up all of the latest fixes from upstream mediawiki...

4.1AI score
Exploits0References2
Mageia
Mageia
added 2021/01/22 11:50 p.m.53 views

Updated undertow packages fix security vulnerability

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling CVE-2020-10719...

6.5CVSS2.3AI score0.01005EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/22 11:50 p.m.61 views

Updated blosc packages fix a security vulnerability

A heap-based buffer overflow vulnerability was found in the blosc library. Depending on how the library is used, if there is a lack of space to write compressed data, an attacker might exploit this flaw to crash the program or potentially execute arbitrary code CVE-2020-29367...

9.3CVSS3.7AI score0.01176EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/22 11:50 p.m.33 views

Updated perl-DBI packages fix security vulnerabilities

An issue was discovered in the DBI module before 1.643 for Perl. The hvfetch documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOKprofile, causing a NULL pointer dereference. CVE-2019-20919. An untrusted pointer dereference flaw was found in...

7.1CVSS1.8AI score0.00602EPSS
Exploits0References5
Mageia
Mageia
added 2021/01/22 11:50 p.m.34 views

Updated crmsh packages fix security vulnerability

The crm configure and hbreport commands failed to sanitize sensitive information by default bsc1163581. An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm histor...

7.5CVSS2.9AI score0.00954EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/20 10:45 p.m.59 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.10.8 and fixes at least the following security issue: SCSI “EXTENDED COPY” XCOPY requests sent to a Linux SCSI target LIO allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to one LUN...

8.1CVSS1AI score0.06563EPSS
Exploits0References4
Mageia
Mageia
added 2021/01/19 3:40 p.m.37 views

Updated openldap packages fix security vulnerabilities

It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service CVE-2020-25709, CVE-2020-25710...

7.5CVSS2.2AI score0.02858EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/19 3:40 p.m.15 views

Updated resource-agents packages fix security vulnerabilities

Multiple vulnerabilities related to unsafe tempfile usage bsc1146690, bsc1146691, bsc1146692, bsc1146766, bsc1146776, bsc1146784, bsc1146785, bsc1146787. Issues where the ocfmon user was created with a default password bsc1021689, bsc1146687. The resource-agents package has been updated to versio...

1.8AI score
Exploits0References2
Mageia
Mageia
added 2021/01/17 4:7 p.m.51 views

Updated opensc packages fix security vulnerabilities

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in scoberthurreadfile CVE-2020-26570. The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit CVE-2020-26571. The TCOS...

5.5CVSS3.3AI score0.00401EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/17 4:7 p.m.49 views

Updated p11-kit packages fix security vulnerabilities

Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc CVE-2020-29361. A heap-based buffer over-read has been discovered in the RPC protocol used by the p11-ki...

7.5CVSS2.5AI score0.03515EPSS
Exploits0References6
Mageia
Mageia
added 2021/01/17 4:7 p.m.14 views

Updated caribou packages fix a security vulnerability

An issue in caribou, that was exposed by a CVE fix in X.org server, permits a screensaver-lock bypass. It is possible to crash the screensaver and unlock the desktop via the virtual keyboard...

2.3AI score
Exploits0References3
Mageia
Mageia
added 2021/01/17 4:7 p.m.106 views

Updated edk2 packages fix multiples security vulnerabilities

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12179. Insufficient memory write check in SMM service for EDK II may allow an authenticated...

9.8CVSS4AI score0.01366EPSS
Exploits0References7
Mageia
Mageia
added 2021/01/17 4:7 p.m.73 views

Updated unzip package fixes a security vulnerability

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue CVE-2019-13232...

3.3CVSS2.6AI score0.00495EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/17 4:7 p.m.54 views

Updated bind packages fix security vulnerability

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability CVE-2020-8622. A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are...

6.5CVSS6.5AI score0.05545EPSS
Exploits0References4
Mageia
Mageia
added 2021/01/17 4:7 p.m.31 views

Updated resteasy packages fix a security vulnerability

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed CVE-2020-1695...

7.5CVSS1.3AI score0.02023EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/17 4:7 p.m.41 views

Updated synergy packages fix a security vulnerability

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS2.4AI score0.02494EPSS
Exploits0References6
Mageia
Mageia
added 2021/01/17 4:7 p.m.38 views

Updated sudo packages fix security vulnerabilities

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239. selinuxeditcopytfiles in sudoedit in...

7.8CVSS3AI score0.01066EPSS
Exploits2References3
Mageia
Mageia
added 2021/01/17 4:7 p.m.11 views

Updated chromium-browser-stable packages fix security vulnerabilities

The updated packages fix security vulnerabilities. See upstream releasenotes...

2.3AI score
Exploits0References2
Mageia
Mageia
added 2021/01/17 4:7 p.m.33 views

Updated policycoreutils packages fix a security vulnerability

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state...

4.4CVSS1.8AI score0.00394EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/17 4:7 p.m.264 views

Updated dom4j packages fix a security vulnerability

A flaw was found in the dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE CVE-2020-10683...

9.8CVSS3.2AI score0.07269EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/17 4:7 p.m.51 views

Updated python-lxml packages fix a security vulnerability

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. CVE-2020-27783...

6.1CVSS4.3AI score0.03934EPSS
Exploits1References5
Mageia
Mageia
added 2021/01/15 12:31 p.m.114 views

Updated kernel-linus packages fix security vulnerabilities

This update provides an upgrade to the new upstream 5.10 longterm branch, currently based on 5.10.6, adding new features and new and improved hardware support. This update also fixes at least the following security issues: In binderreleasework of binder.c, there is a possible use-after-free due t...

7.8CVSS7.7AI score0.06692EPSS
Exploits18References10
Mageia
Mageia
added 2021/01/15 12:31 p.m.130 views

Updated kernel packages fix security vulnerabilities

This update provides an upgrade to the new upstream 5.10 longterm branch, currently based on 5.10.6, adding new features and new and improved hardware support. This update also fixes at least the following security issues: In binderreleasework of binder.c, there is a possible use-after-free due t...

7.8CVSS7.9AI score0.06692EPSS
Exploits18References10
Mageia
Mageia
added 2021/01/14 8:10 p.m.27 views

Updated nvidia-current packages fix security vulnerabilities

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer nvidia.ko IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure CVE‑2021‑1052. NVIDIA GPU Display Driver for...

7.8CVSS3.3AI score0.01777EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/14 3:13 p.m.41 views

Updated bison packages fix a security vulnerability

It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash CVE-2020-14150...

5.5CVSS4.7AI score0.00401EPSS
Exploits0References1
Mageia
Mageia
added 2021/01/14 3:13 p.m.47 views

Updated cairo packages fix a security vulnerability

LibreOffice slideshow aborts with stack smashing in cairo’s compositeboxes CVE-2020-35492...

7.8CVSS3.1AI score0.01112EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/14 3:13 p.m.49 views

Updated krb5 packages fix a security vulnerability

MIT Kerberos 5 aka krb5 before 1.17.2 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit CVE-2020-28196...

7.5CVSS7.8AI score0.04365EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/14 3:13 p.m.40 views

Updated php packages fix security vulnerability

FILTERVALIDATEURL accepts URLs with invalid userinfo CVE-2020-7071. streamgetcontents fails with maxlength=-1 or default. See upstream releasenotes for other changes...

5.3CVSS1.8AI score0.02983EPSS
Exploits1References2
Mageia
Mageia
added 2021/01/14 3:13 p.m.44 views

Updated thunderbird packages fix a security vulnerability

Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. CVE-2020-16044 See upstream releasenotes for other changes...

8.8CVSS0.8AI score0.01304EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/14 3:13 p.m.55 views

Updated awstats package fixes a security vulnerability

It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present CVE-2020-29600...

9.8CVSS5AI score0.02909EPSS
Exploits1References3
Mageia
Mageia
added 2021/01/14 3:13 p.m.30 views

Updated nvidia390 packages fix security vulnerabilities

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer nvidia.ko IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure CVE‑2021‑1052. NVIDIA GPU Display Driver for...

7.8CVSS3.3AI score0.01777EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/10 7:46 p.m.37 views

Updated cherokee packages fix security vulnerability

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

7.5CVSS1.4AI score0.03204EPSS
Exploits1References1
Mageia
Mageia
added 2021/01/10 7:46 p.m.43 views

Updated tomcat packages fix security vulnerability

While investigating Apache issue 64830 it was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of t...

7.5CVSS0.7AI score0.24622EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/10 7:46 p.m.377 views

Updated guava packages fix security vulnerability

A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir. The permissions granted to the directory created default...

3.3CVSS4.5AI score0.00964EPSS
Exploits1References2
Mageia
Mageia
added 2021/01/10 7:46 p.m.38 views

Updated openexr packages fix security vulnerabilities

An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference CVE-2020-15304. An issue was discovered in OpenEXR before 2.5.2. Invalid...

5.5CVSS2.3AI score0.01239EPSS
Exploits3References4
Mageia
Mageia
added 2021/01/10 7:46 p.m.16 views

Updated imagemagick packages fix security vulnerabilities

The imagemagick package has been updated to version 7.0.10-55, fixing several security issues. The abydos, converseen, libopenshot, mgba, pfstools, php-imagick, sk1, synfig, transcode, uniconvertor, and xine-lib1.2 packages have been rebuilt against the updated libmagick library...

3.6AI score
Exploits0References2
Mageia
Mageia
added 2021/01/10 7:46 p.m.28 views

Updated alpine and c-client packages fix security vulnerability

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...

7.5CVSS2.4AI score0.01823EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/10 7:46 p.m.26 views

Updated xrdp packages fix security vulnerability

Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credential...

7.8CVSS1.9AI score0.02404EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/10 7:46 p.m.13 views

Updated libass packages fix security vulnerability

In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow. CVE-2020-26682...

8.8CVSS3.3AI score0.01789EPSS
Exploits1References3
Mageia
Mageia
added 2021/01/10 7:46 p.m.60 views

Updated golang packages fix security vulnerabilities

An input validation vulnerability was found in go. From a generated go file from the cgo tool it is possible to modify symbols within that object file and specify code instead. An attacker could potentially use this flaw by creating a repository which included malicious pre-built object files tha...

7.5CVSS8.2AI score0.02369EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/08 3:34 p.m.127 views

Updated busybox packages fix a security vulnerability

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file"...

8.1CVSS2AI score0.02462EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/08 3:34 p.m.39 views

Updated squirrelmail packages fix security vulnerabilities

XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of for example a NOEMBED,...

6.1CVSS0.6AI score0.01819EPSS
Exploits2References3
Mageia
Mageia
added 2021/01/08 3:34 p.m.48 views

Updated firefox packages fix security vulnerability

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. CVE-2020-16044...

8.8CVSS2.6AI score0.01304EPSS
Exploits0References3
Mageia
Mageia
added 2021/01/08 3:34 p.m.39 views

Updated binutils packages fix security vulnerabilities

It was discovered that mingw-binutils and binutils suffered from two vulnerabilities which might lead to DoS. Null Pointer Dereference in debuggetrealtype could result in DoS CVE-2020-16598. Use-after-free in bfdhashlookup could result in DoS CVE-2020-16592...

5.5CVSS6.7AI score0.01046EPSS
Exploits1References2
Total number of security vulnerabilities6012