Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2021/01/08 1:59 p.m.•8 views

Updated dash packages fix a security vulnerability

Code was executed even if noexec "-n" was specified. bdo58288 / bsc1178978...

1.9AI score
Exploits0References5
Mageia
Mageia
•added 2021/01/08 1:59 p.m.•74 views

Updated dovecot packages fix security vulnerabilities

It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users’ email CVE-2020-24386. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could...

7.5CVSS2.7AI score0.0466EPSS
Exploits1References5
Mageia
Mageia
•added 2021/01/08 1:59 p.m.•13 views

Updated c-ares packages fix security vulnerabilities

Avoid read-heap-buffer-overflow in aresparsesoareply found during fuzzing. Avoid theoretical buffer overflow in RC4 loop comparison. Empty hquery-name could lead to invalid memory access. aresparsea,aaaareply could return a larger naddrttls than was passed in...

3AI score
Exploits0References2
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•42 views

Updated rawtherapee package fixes a security vulnerability

There is a floating point exception in dcrawcommon.cpp of libRAW. It will lead to remote denial of service attack. This code is embedded in rawtherapee CVE-2017-13735...

7.5CVSS3.3AI score0.02988EPSS
Exploits0References2
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•49 views

Updated libxml2 packages fix a security vulnerability

libxml2 v2.9.10 and earlier has a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c CVE-2020-24977...

6.5CVSS7.4AI score0.03672EPSS
Exploits1References3
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•58 views

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

7.2CVSS3.3AI score0.01109EPSS
Exploits1References3
Mageia
Mageia
•added 2021/01/04 2:42 p.m.•13 views

Updated vlc packages features security improvements

The vlc package has been updated to version 3.0.12.1, which includes security enhancements in the web interface, as well as other fixes and enhancements. See the upstream NEWS file for details...

4.2AI score
Exploits0References2
Mageia
Mageia
•added 2021/01/02 9:52 p.m.•30 views

Updated audacity package fixes security vulnerability

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there CVE-2020-11867...

3.3CVSS2.2AI score0.00469EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/31 2:32 p.m.•71 views

Updated curl packages fix security vulnerabilities

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231. A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl...

7.5CVSS6.9AI score0.09917EPSS
Exploits3References9
Mageia
Mageia
•added 2020/12/31 2:32 p.m.•52 views

Updated minidlna packages fix security vulnerabilities

It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue CVE-2020-12695. Minidlna before versions 1.3.0 allows remote code execution...

9.8CVSS1.5AI score0.15193EPSS
Exploits4References2
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•54 views

Updated libvirt packages fix security vulnerability

A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...

7.2CVSS2.4AI score0.00529EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•19 views

Updated pngcheck package fixes security vulnerability

Multiple buffer overflow flaws were found in pngcheck 2.4.0 and older rhbz1902806...

2.4AI score
Exploits0References2
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•39 views

Updated roundcubemail package fixes security vulnerability

Fixes stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. CVE-2020-35730...

6.1CVSS0.6AI score0.32823EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•14 views

Updated kdeconnect-kde packages improve security

For the pairing procedure, the GUI component only presented the friendly 'deviceName' to identify peer devices, which is completely under attacker control. Furthermore the 'deviceName' is transmitted in cleartext in UDP broadcast messages for all other nodes in the network segment to see. Therefo...

1.1AI score
Exploits0References3
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•39 views

Updated jackit packages fix security vulnerability

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure,...

8.1CVSS0.9AI score0.017EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•56 views

Updated python3 packages fix security vulnerability

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...

9.8CVSS7.9AI score0.08235EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•58 views

Updated openjpeg2 packages fix security vulnerabilities

There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability CVE-2020-27841. There's a flaw in openjpeg's t2...

7.1CVSS2.6AI score0.01682EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•38 views

Updated graphicsmagick packages fix security vulnerability

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c CVE-2020-12672...

7.5CVSS3.4AI score0.02853EPSS
Exploits1References3
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•43 views

Updated spice-vdagent package fixes security vulnerabilities

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the activexfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service CVE-2020-25650. Matthias Gerstner discovered that SPICE vdagent incorrectly...

6.4CVSS2.6AI score0.0049EPSS
Exploits4References3
Mageia
Mageia
•added 2020/12/29 11:57 a.m.•28 views

Updated flac packages fix security vulnerability

In FLACbitreaderreadricesignedblock of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation CVE-2020-0499...

4.3CVSS3.2AI score0.03964EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/28 7:9 p.m.•40 views

Updated libmaxminddb packages fix security vulnerability

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dumpentrydatalist in maxminddb.c CVE-2020-28241...

6.5CVSS2.3AI score0.02133EPSS
Exploits1References4
Mageia
Mageia
•added 2020/12/25 9:45 p.m.•44 views

Updated erlang-rebar3 package fixes security vulnerability

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification CVE-2020-13802...

10CVSS4.9AI score0.0675EPSS
Exploits3References1
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•59 views

Updated openssl packages fix security vulnerability

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

5.9CVSS6.1AI score0.06968EPSS
Exploits3References4
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•62 views

Updated virtualbox packages fix security vulnerabilities

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability which can lead to execute code in the context of the hypervisor. CVE-2020-14872. An...

8.2CVSS2.8AI score0.00714EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•27 views

Updated mbedtls packages fix security vulnerabilities

This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•66 views

Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

7.8CVSS3AI score0.83433EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/21 9:47 p.m.•115 views

Updated compat-openssl10 packages fix security vulnerabilities

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

5.9CVSS6.3AI score0.06968EPSS
Exploits3References6
Mageia
Mageia
•added 2020/12/20 2:43 p.m.•46 views

Updated openjpeg2 packages fix security vulnerabilities

A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution CVE-2020-27814. A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker ...

7.8CVSS3.6AI score0.02008EPSS
Exploits1References3
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•53 views

Updated bitcoin packages fix security vulnerabilities

Multiple vulnerabilities have been discovered in Bitcoin. In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their privat...

7.5CVSS2.7AI score0.03389EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•60 views

Updated firefox packages fix security vulnerabilities

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read CVE-2020-16042. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow in WebGL on some video drivers CVE-2020-26971. Certain inpu...

8.8CVSS1.1AI score0.01876EPSS
Exploits0References4
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•70 views

Updated jupyter-notebook packages fix a security vulnerability

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for know...

6.1CVSS2.7AI score0.01213EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•51 views

Updated jasper packages fix security vulnerability

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability CVE-2020-27828...

7.8CVSS5.3AI score0.01371EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•118 views

Updated sam2p package fixes security vulnerabilities

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file inpcx.cpp. CVE-2017-14628. In sam2p 0.49.3, the inxpmreader function in inxpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. CVE-2017-14629. In...

9.8CVSS2.7AI score0.02498EPSS
Exploits11References5
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•38 views

Updated x11-server packages fix security vulnerabilities

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability CVE-2020-14360. A flaw was found in...

7.8CVSS2AI score0.00393EPSS
Exploits0References5
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•28 views

Updated dpic package fixes a security vulnerability

dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat function in main.c. CVE-2019-13989...

7.8CVSS3.5AI score0.00982EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/17 1:10 p.m.•49 views

Updated thunderbird packages fix security vulnerabilities

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read CVE-2020-16042. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow in WebGL on some video drivers CVE-2020-26971. Certain inpu...

8.8CVSS1.2AI score0.01876EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/09 5:39 p.m.•12 views

Updated chromium-browser-stable packages fix security vulnerabilities

The updated packages fix some problems found in version 86 and security vulnerabilities...

3.4AI score
Exploits0References5
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•39 views

Updated x11vnc package fixes a security vulnerability

scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user. CVE-2020-29074...

8.8CVSS4.8AI score0.01723EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•102 views

Updated python and python3 packages fix security vulnerabilities

It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service CVE-2019-9674. It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this...

7.5CVSS7.3AI score0.12826EPSS
Exploits3References8
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•33 views

Updated oniguruma packages fix security vulnerability

In Oniguruma, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concatoptexactstr in src/regcomp.c CVE-2020-26159...

4.3AI score
Exploits1References4
Mageia
Mageia
•added 2020/12/08 10:40 a.m.•40 views

Updated php-pear packages fix security vulnerabilities

Filename manipulation vulnerabilities CVE-2020-28948 / CVE-2020-28949 Updated also ArchiveTar to 1.4.11...

7.8CVSS1.7AI score0.84554EPSS
Exploits5References4
Mageia
Mageia
•added 2020/12/05 7:46 p.m.•14 views

Updated privoxy package fixes security vulnerabilities

Privoxy has been updated to version 3.0.29 to fix 8 security issues...

3.8AI score
Exploits0References2
Mageia
Mageia
•added 2020/12/05 7:46 p.m.•35 views

Updated mutt packages fix a security vulnerability

Mutt before 2.0.2 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted...

5.3CVSS2.7AI score0.02323EPSS
Exploits0References2
Mageia
Mageia
•added 2020/12/05 7:46 p.m.•34 views

Updated pdfresurrect package fixes security vulnerability

In PDFResurrect before 0.20, lack of header validation checks causes a heap-buffer-overflow in pdfgetversion CVE-2020-20740...

7.8CVSS1.4AI score0.01046EPSS
Exploits1References3
Mageia
Mageia
•added 2020/12/05 7:46 p.m.•34 views

Updated thunderbird packages fix security vulnerability

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable CVE-2020-26970...

9.3CVSS1.7AI score0.01222EPSS
Exploits0References3
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•16 views

Updated pngcheck packages fix a security vulnerability

This update fixes a potential global buffer overflow in the checkchunkname function via a crafted png file...

3.9AI score
Exploits0References2
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•26 views

Updated xdg-utils package fixes a security vulnerability

Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information CVE-2020-27748...

6.5CVSS1.9AI score0.01443EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•17 views

Updated tor package fixes security vulnerabilities

When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel...

2.8AI score
Exploits0References3
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•25 views

Updated cimg packages fix a security vulnerability

Multiple heap buffer overflows. CVE-2020-25693...

8.1CVSS1.9AI score0.01467EPSS
Exploits1References2
Mageia
Mageia
•added 2020/12/03 9:54 a.m.•35 views

Updated poppler packages fix a security vulnerability

buffer overflow in pdftohtml could result in a DoS CVE-2020-27778...

7.5CVSS2.5AI score0.02174EPSS
Exploits1References2
Total number of security vulnerabilities6012