Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2025/03/31 3:54 p.m.•41 views

Updated elfutils packages fix security vulnerabilities

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef function at readelf.c. CVE-2024-25260 GNU elfutils eu-readelf readelf.c printstringsection buffer overflow. CVE-2025-1372 GNU elfutils eu-strip strip.c gelfgetsymshndx denial of service. CVE-2025-1377...

7.8CVSS7.3AI score0.00327EPSS
Exploits3References2
Mageia
Mageia
•added 2025/03/31 3:54 p.m.•26 views

Updated mercurial packages fix security vulnerability

Mercurial SCM Web Interface cross site scripting. CVE-2025-2361...

5.3CVSS6.4AI score0.00486EPSS
Exploits0References4
Mageia
Mageia
•added 2025/03/27 4:14 p.m.•31 views

Updated chromium-browser-stable packages fix security vulnerability

Use after free in Lens. CVE-2025-2476...

8.8CVSS7.4AI score0.00791EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/26 3:43 a.m.•32 views

Updated radare2 packages fix security vulnerabilities

Buffer overflow in the HFS parser from grub2. CVE-2024-56737 Out-of-bounds Write in radare2. CVE-2025-1744 Buffer Overflow and Potential Code Execution in Radare2. CVE-2025-1864...

10CVSS8.1AI score0.00721EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/26 3:43 a.m.•40 views

Updated dcmtk packages fix security vulnerability

DCMTK dcmjpls JPEG-LS Decoder memory corruption. CVE-2025-2357...

7.5CVSS7.3AI score0.00391EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/26 3:43 a.m.•31 views

Updated ffmpeg packages fix security vulnerability

FFmpeg NULL Pointer Dereference. CVE-2024-12361...

7.3AI score
Exploits0References2
Mageia
Mageia
•added 2025/03/26 3:43 a.m.•43 views

Updated bluez packages fix security vulnerabilities

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2023-44431 BlueZ Audio Profile AVRCP avrcpparseattributelist Out-Of-Bounds Read Information Disclosure Vulnerability. CVE-2023-51580 BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read...

8CVSS7.9AI score0.01563EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/24 5:27 p.m.•16 views

Updated wpa_supplicant & hostapd packages fix security vulnerability

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. CVE-2025-24912...

3.7CVSS7.2AI score0.00716EPSS
Exploits0References1
Mageia
Mageia
•added 2025/03/24 5:27 p.m.•19 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.83 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7.3AI score0.00227EPSS
Exploits0References1
Mageia
Mageia
•added 2025/03/24 5:27 p.m.•29 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.83 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS7.3AI score0.00227EPSS
Exploits0References1
Mageia
Mageia
•added 2025/03/22 5:53 p.m.•32 views

Updated libxslt packages fix security vulnerabilities

xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes CVE-2024-55549. numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValu...

7.8CVSS6.8AI score0.00324EPSS
Exploits4References2
Mageia
Mageia
•added 2025/03/22 5:53 p.m.•40 views

Updated expat packages fix security vulnerability

Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 NOTE: upstream deemed this fix incomplete after it was initially pushed. The complete fix was submitted along with the fix for CVE-2025-59375...

7.5CVSS7.1AI score0.01569EPSS
Exploits0References4
Mageia
Mageia
•added 2025/03/21 12:32 a.m.•28 views

Updated freerdp packages fix security vulnerabilities

FreeRDP rdpwritelogoninfov1 NULL access. CVE-2024-32661...

7.5CVSS7.7AI score0.01224EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/19 11:44 p.m.•57 views

Updated tomcat packages fix security vulnerabilities

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...

10CVSS7.5AI score0.99945EPSS
Exploits46References2
Mageia
Mageia
•added 2025/03/19 11:44 p.m.•37 views

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2025-1920: Type Confusion in V8. High CVE-2025-2135: Type Confusion in V8. Medium CVE-2025-2136: Use after free in Inspector. Medium CVE-2025-2137: Out of bounds read in V8...

8.8CVSS7.3AI score0.06387EPSS
Exploits1References2
Mageia
Mageia
•added 2025/03/19 11:44 p.m.•20 views

Updated vim packages fix security vulnerability

Vim vulnerable to potential data loss with zip.vim and special crafted zip files. CVE-2025-29768...

4.4CVSS6.8AI score0.00342EPSS
Exploits0References3
Mageia
Mageia
•added 2025/03/19 11:44 p.m.•30 views

Updated mosquitto packages fix security vulnerability

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS7.1AI score0.01107EPSS
Exploits0References1
Mageia
Mageia
•added 2025/03/18 12:4 a.m.•22 views

Updated libreoffice packages fix security vulnerability

Macro URL arbitrary script execution. CVE-2025-1080...

7.8CVSS7.2AI score0.00291EPSS
Exploits0References3
Mageia
Mageia
•added 2025/03/17 4:33 p.m.•11 views

Updated quictls packages fix security vulnerability

Timing side-channel in ECDSA signature computation. CVE-2024-13176...

4.1CVSS6.9AI score0.00601EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/17 4:33 p.m.•31 views

Updated php packages fix security vulnerabilities

Bugs and security with streams have been fixed...

9.8CVSS7.2AI score0.00821EPSS
Exploits2References7
Mageia
Mageia
•added 2025/03/17 4:33 p.m.•20 views

Updated libarchive packages fix security vulnerability

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

7.8CVSS7.2AI score0.00337EPSS
Exploits1References2
Mageia
Mageia
•added 2025/03/16 5:9 a.m.•34 views

Updated freetype2 packages fix security vulnerability

An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may result in arbitrary code execution...

8.1CVSS8AI score0.26049EPSS
Exploits1References3
Mageia
Mageia
•added 2025/03/15 1:40 a.m.•18 views

Updated man2html packages fix security vulnerability

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In versions before GLIBC version 2.29 and if aligned correctly, ...

5.5CVSS6.2AI score0.00314EPSS
Exploits1References2
Mageia
Mageia
•added 2025/03/15 1:40 a.m.•82 views

Updated ghostscript packages fix security vulnerabilities

This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834 The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator...

9.8CVSS7.1AI score0.00806EPSS
Exploits0References1
Mageia
Mageia
•added 2025/03/13 6:25 p.m.•30 views

Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS4.7AI score0.00355EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/12 7:0 a.m.•26 views

Updated python-django packages fix security vulnerability

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. CVE-2025-26699...

7.5CVSS6.8AI score0.00748EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/12 7:0 a.m.•38 views

Updated firefox & nss packages fix security vulnerabilities

CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC...

8.1CVSS6.7AI score0.00519EPSS
Exploits1References4
Mageia
Mageia
•added 2025/03/12 7:0 a.m.•27 views

Updated thunderbird, thunderbird-l10n packages fix security vulnerabilities

CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC...

8.1CVSS6.7AI score0.00519EPSS
Exploits1References3
Mageia
Mageia
•added 2025/03/12 7:0 a.m.•25 views

Updated python-jinja2 packages fix security vulnerability

Jinja sandbox breakout through attr filter selecting format method. CVE-2025-27516...

8.8CVSS7AI score0.00465EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/08 3:29 a.m.•67 views

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Medium CVE-2025-1918: Out of bounds read...

8.8CVSS7.6AI score0.00657EPSS
Exploits0References6
Mageia
Mageia
•added 2025/03/08 1:26 a.m.•51 views

Updated gpac packages fix security vulnerabilities

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-5520 Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0321 Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0322...

9.8CVSS7.3AI score0.01043EPSS
Exploits3References2
Mageia
Mageia
•added 2025/03/06 5:56 p.m.•30 views

Updated ffmpeg packages fix security vulnerability

FFmpeg n7.0 is affected by a Double Free via the rkmppretrieveframe function within libavcodec/rkmppdec.c. CVE-2024-35368...

9.8CVSS7.3AI score0.00715EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/06 5:56 p.m.•27 views

Updated erlang packages fix security vulnerability

SSH SFTP packet size not verified properly in Erlang OTP. CVE-2025-26618...

7CVSS7.3AI score0.0046EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/06 5:56 p.m.•29 views

Updated vim packages fix security vulnerability

Potential code execution with tar.vim and special crafted tar files...

7.1CVSS7.9AI score0.20775EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/03 9:39 p.m.•39 views

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities

Use-after-free of the root cursor. CVE-2025-26594 Buffer overflow in XkbVModMaskText. CVE-2025-26595 Heap overflow in XkbWriteKeySyms. CVE-2025-26596 Buffer overflow in XkbChangeTypesOfKey. CVE-2025-26597 Out-of-bounds write in CreatePointerBarrierClient. CVE-2025-26598 Use of uninitialized point...

7.8CVSS7.4AI score0.00485EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/02 7:18 a.m.•58 views

Updated ffmpeg packages fix security vulnerabilities

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS via opening a crafted AAC file. CVE-2025-22919 A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplyin...

6.5CVSS7.6AI score0.00393EPSS
Exploits0References2
Mageia
Mageia
•added 2025/03/02 7:18 a.m.•44 views

Updated binutils packages fix security vulnerabilities

nm =2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: nm --without-symbol-version function. CVE-2024-57360 GNU Binutils objdump.c disassemblebytes stack-based overflow. CVE-2025-0840...

7.5CVSS6.9AI score0.00732EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/28 7:28 a.m.•25 views

Updated radare2 packages fix security vulnerabilities

A vulnerability, which was classified as problematic, was found in radare2. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public a...

4.8CVSS6.9AI score0.00295EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/26 8:10 p.m.•15 views

Updated proftpd packages fix security vulnerability

A buffer overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a denial of service DoS on the FTP service by sending a maliciously crafted message to the ProFTPD service port. CVE-2024-57392...

7.5CVSS8AI score0.01142EPSS
Exploits0References3
Mageia
Mageia
•added 2025/02/26 8:10 p.m.•23 views

Updated openssh packages fix security vulnerability

Machine-in-the-middle attack vulnerability if verifyhostkeydns is enabled. CVE-2025-26465...

6.8CVSS7.1AI score0.06997EPSS
Exploits4References7
Mageia
Mageia
•added 2025/02/26 8:10 p.m.•17 views

Updated libcap packages fix security vulnerability

pamcap: Fix potential configuration parsing error. CVE-2025-1390...

6.1CVSS6.4AI score0.00149EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/26 6:28 a.m.•17 views

Updated iniparser packages fix security vulnerability

A heap-based buffer overflow vulnerability in iniparserdumpsectionini in iniparser allows an attacker to read out-of-bounds memory. CVE-2025-0633...

5.1CVSS6.8AI score0.00215EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/26 6:28 a.m.•68 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.79 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS8AI score0.00571EPSS
Exploits1References6
Mageia
Mageia
•added 2025/02/26 6:28 a.m.•48 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.79 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7.9AI score0.00571EPSS
Exploits1References6
Mageia
Mageia
•added 2025/02/25 9:40 p.m.•36 views

Updated dcmtk packages fix security vulnerabilities

A buffer overflow in DCMTK allows attackers to cause a Denial of Service DoS via a crafted DCM file CVE-2025-25472. DCMTK was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h CVE-2025-25474. A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK allo...

7.5CVSS7.5AI score0.00527EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/25 4:58 p.m.•20 views

Updated vim packages fix security vulnerability

A heap use-after-free was found in strtoreg in Vim 9.1.1115. CVE-2025-26603...

4.2CVSS7.3AI score0.00223EPSS
Exploits0References3
Mageia
Mageia
•added 2025/02/25 4:58 p.m.•20 views

Updated krb5 packages fix security vulnerability

Overflow when calculating ulog block size. CVE-2025-24528...

7.1CVSS7.4AI score0.00606EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/25 4:58 p.m.•32 views

Updated emacs packages fix a security vulnerability

A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

8.8CVSS8.7AI score0.02657EPSS
Exploits0References4
Mageia
Mageia
•added 2025/02/25 4:58 p.m.•18 views

Updated gnutls packages fix security vulnerability

Gnutls impacted by inefficient DER decoding in libtasn1 leading to remote DoS. CVE-2024-12243...

5.3CVSS7.3AI score0.01193EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/25 4:58 p.m.•18 views

Updated libxml2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Use-after-free in xmlSchemaIDCFillNodeTables. CVE-2024-56171 Stack-buffer-overflow in xmlSnprintfElements. CVE-2025-24928 Null-deref in xmlPatMatch. CVE-2025-27113...

9.8CVSS7.4AI score0.0113EPSS
Exploits1References2
Total number of security vulnerabilities6009