Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2025/02/24 6:29 p.m.•53 views

Updated neomutt packages fix security vulnerabilities

The To and Cc email header fields are not protected by cryptographic signing. CVE-2024-49393 The In-reply-to email header field is not protected by cryptographic signing. CVE-2024-49394...

6.5CVSS7.3AI score0.00331EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/17 6:37 p.m.•52 views

Updated python-cryptography & openssl packages fix security vulnerabilities

Cryptography vulnerable to NULL-dereference when loading PKCS7 certificates. CVE-2023-49083 Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659. CVE-2023-50782 Cryptography NULL pointer deference with pkcs12.serializekeyandcertificat...

7.5CVSS7.3AI score0.01118EPSS
Exploits1References4
Mageia
Mageia
•added 2025/02/17 6:37 p.m.•36 views

Updated microcode packages fix security vulnerabilities

Improper Finite State Machines FSMs in Hardware Logic for some Intel® Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Improper access control in the EDECCSSA user leaf function for some Intel® Processors with Intel® SGX may allow an...

8.7CVSS6.9AI score0.00259EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/14 10:55 p.m.•26 views

Updated ffmpeg packages fix security vulnerabilities

A buffer overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ffbwdiffilterintrac function in the libavfilter/bwdifdsp.c:125:5 component. CVE-2023-49502 FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the...

8.8CVSS8.8AI score0.01545EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/14 10:55 p.m.•20 views

Updated python-zipp packages fix security vulnerability

Denial of Service via crafted zip file in jaraco/zipp. CVE-2024-5569...

6.2CVSS6.7AI score0.00236EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/14 8:36 p.m.•37 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation. CVE-2025-1094...

8.1CVSS7AI score0.89472EPSS
Exploits10References2
Mageia
Mageia
•added 2025/02/14 8:36 p.m.•28 views

Updated golang packages fix security vulnerability

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. CVE-2025-22866...

4CVSS7.3AI score0.00284EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/13 7:9 p.m.•33 views

Updated ofono packages fix security vulnerabilities

Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodedeliver function. CVE-2023-2794 Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodestatusreport function. CVE-2023-4232 Sms decoder stack-based buffer overflow...

8.1CVSS8.2AI score0.0124EPSS
Exploits4References3
Mageia
Mageia
•added 2025/02/13 7:9 p.m.•15 views

Updated ark packages fix security vulnerability

A security issue exists in Ark where a maliciously crafted archive containing file paths beginning with "/" allows files to be extracted to locations outside the intended directory...

5CVSS6.8AI score0.00271EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/13 7:9 p.m.•34 views

Updated perl-Net-OAuth, perl-Crypt-URandom & perl-Module-Build packages fix security vulnerability

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong. CVE-2025-22376...

5.3CVSS6.9AI score0.00595EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 9:31 p.m.•26 views

Updated python-tornado packages fix security vulnerability

Tornado has an HTTP cookie parsing DoS vulnerability. CVE-2024-52804...

7.5CVSS6.9AI score0.01051EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 9:31 p.m.•37 views

Updated php-tcpdf packages fix security vulnerabilities

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. CVE-2024-56521 An issue was discovered in...

9.8CVSS6.8AI score0.00748EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/12 6:29 p.m.•23 views

Updated subversion packages fix security vulnerability

Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. CVE-2024-46901...

4.3CVSS6.7AI score0.01943EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/12 6:29 p.m.•36 views

Updated ffmpeg packages fix security vulnerability

A buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service DoS via afdialoguenhance.c:261:5 in the destereo component. CVE-2023-49528...

8CVSS8AI score0.00396EPSS
Exploits1References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•47 views

Updated calibre packages fix security vulnerabilities

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root. CVE-2023-46303 Path traversal in Calibre = 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. CVE-2024-6781 Improper access control i...

9.8CVSS8.4AI score0.83393EPSS
Exploits11References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•48 views

Updated python-pip packages fix security vulnerability

Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...

5.5CVSS6AI score0.00476EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•24 views

Updated python-setuptools packages fix security vulnerability

Remote Code Execution in pypa/setuptools. CVE-2024-6345...

8.8CVSS7.4AI score0.01939EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•36 views

Updated python-jinja2 packages fix security vulnerability

Jinja has a sandbox breakout through an indirect reference to a format method. CVE-2024-56326...

7.8CVSS7.9AI score0.005EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•23 views

Updated nginx packages fix security vulnerability

TLS Session Resumption Vulnerability. CVE-2025-23419...

5.3CVSS5.1AI score0.02646EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•40 views

Updated python-ansible-core packages fix security vulnerabilities

Exposure of sensitive information in Ansible vault files due to improper logging. CVE-2024-8775 Ansible-core user may read/write unauthorized content. CVE-2024-9902 Unsafe tagging bypass via hostvars object in ansible-core. CVE-2024-11079...

6.3CVSS6.1AI score0.00502EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•35 views

Updated python-waitress packages fix security vulnerabilities

Waitress has a request processing race condition in HTTP pipelining with an invalid first request. CVE-2024-49768 Waitress has a denial of service leading to high CPU usage/resource exhaustion. CVE-2024-49769...

9.1CVSS8.2AI score0.01386EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/12 6:37 a.m.•109 views

Updated python-twisted packages fix security vulnerabilities

Twisted.web has disordered HTTP pipeline response. CVE-2023-46137 Twisted.web has disordered HTTP pipeline response. CVE-2024-41671 HTML injection in HTTP redirect body. CVE-2024-41810...

8.3CVSS6.5AI score0.01176EPSS
Exploits1References4
Mageia
Mageia
•added 2025/02/09 12:19 a.m.•16 views

Updated mariadb packages fix security vulnerability

Bug fix release which fixes some memory leaks and crashes...

4.9CVSS5.6AI score0.01236EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/09 12:19 a.m.•26 views

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...

9.8CVSS8AI score0.01196EPSS
Exploits0References4
Mageia
Mageia
•added 2025/02/09 12:19 a.m.•22 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...

9.8CVSS8AI score0.01331EPSS
Exploits0References3
Mageia
Mageia
•added 2025/02/09 12:19 a.m.•29 views

Updated qtbase5 & qtbase6 packages fix security vulnerabilities

network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 A buffer overflow and application crash can occur via a crafted KTX image file. CVE-2024-25580 Code to make security-relevant decisions about an established connection may execute too early, because...

9.8CVSS7.9AI score0.00986EPSS
Exploits0References3
Mageia
Mageia
•added 2025/02/08 2:23 a.m.•28 views

Updated libtasn1 packages fix security vulnerability

When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

5.3CVSS7.3AI score0.01025EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/08 2:23 a.m.•37 views

Updated xrdp packages fix security vulnerability

xrdp allows an infinite number of login attempts. CVE-2024-39917...

9.8CVSS7.3AI score0.00602EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/07 7:45 p.m.•48 views

Updated nodejs packages fix security vulnerabilities

Worker permission bypass via InternalWorker leak in diagnostics. CVE-2025-23083 GOAWAY HTTP/2 frames cause memory leak outside heap. CVE-2025-23085...

7.7CVSS6.9AI score0.01327EPSS
Exploits0References3
Mageia
Mageia
•added 2025/02/07 7:45 p.m.•52 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerability

A difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can b...

4.8CVSS6.3AI score0.00971EPSS
Exploits0References5
Mageia
Mageia
•added 2025/02/06 8:1 p.m.•26 views

Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities

GStreamer has an OOB-write in isomp4/qtdemux.c. CVE-2024-47537 GStreamer has a stack-buffer overflow in vorbishandleidentificationpacket. CVE-2024-47538 GStreamer has an OOB-write in converttos3341a. CVE-2024-47539 GStreamer uses uninitialized stack memory in Matroska/WebM demuxer. CVE-2024-47540...

9.8CVSS7.6AI score0.01324EPSS
Exploits2References8
Mageia
Mageia
•added 2025/02/05 7:51 p.m.•16 views

Updated chromium-browser-stable packages fix security vulnerability

Use after free in DevTools. CVE-2025-0762...

8.8CVSS7.4AI score0.00339EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/05 7:51 p.m.•44 views

Updated vim packages fix security vulnerability

Segmentation fault in winline in Vim 9.1.1043. CVE-2025-24014...

5.5CVSS6.8AI score0.00261EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/05 7:51 p.m.•26 views

Updated python-django packages fix security vulnerabilities

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. CVE-2024-38875 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. T...

9.8CVSS8AI score0.28637EPSS
Exploits0References10
Mageia
Mageia
•added 2025/02/05 7:51 p.m.•12 views

Updated bind packages fix security vulnerabilities

Many records in the additional section cause CPU exhaustion. CVE-2024-11187 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load. CVE-2024-12705...

7.5CVSS6.9AI score0.16984EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/04 6:56 p.m.•26 views

Updated libreoffice packages fix security vulnerabilities

Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...

6.7CVSS7AI score0.00528EPSS
Exploits0References5
Mageia
Mageia
•added 2025/02/03 11:13 p.m.•38 views

Updated libxml2 packages fix security vulnerability

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043...

8.1CVSS7.3AI score0.00257EPSS
Exploits0References2
Mageia
Mageia
•added 2025/02/03 7:58 p.m.•29 views

Updated redis packages fix security vulnerabilities

Redis' Lua library commands may lead to remote code execution. CVE-2024-46981 Redis allows denial-of-service due to malformed ACL selectors. CVE-2024-51741...

9.8CVSS8AI score0.07802EPSS
Exploits2References3
Mageia
Mageia
•added 2025/01/31 8:54 p.m.•61 views

Updated kernel, kmod-virtualbox, kmod-xtables-addons & dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.74 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS7.4AI score0.00737EPSS
Exploits3References10
Mageia
Mageia
•added 2025/01/31 8:54 p.m.•37 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.74 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7.4AI score0.00737EPSS
Exploits3References10
Mageia
Mageia
•added 2025/01/31 8:54 p.m.•14 views

Updated clamav packages fix security vulnerability

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. CVE-2025-20128...

7.5CVSS5.5AI score0.01509EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/30 6:36 p.m.•14 views

Updated git-lfs packages fix security vulnerability

Git LFS permits exfiltration of credentials via crafted HTTP URLs. CVE-2024-53263...

8.5CVSS8.2AI score0.0104EPSS
Exploits0References3
Mageia
Mageia
•added 2025/01/30 6:36 p.m.•21 views

Updated chromium-browser-stable packages fix security vulnerabilities

Object corruption in V8. CVE-2025-0611 Out of bounds memory access in V8. CVE-2025-0612...

8.2CVSS6.8AI score0.00375EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/27 8:20 p.m.•74 views

Updated virtualbox, kmod-virtualbox packages fix security vulnerabilities

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

7.3CVSS6.8AI score0.00292EPSS
Exploits0References3
Mageia
Mageia
•added 2025/01/26 3:20 a.m.•29 views

Updated openssl packages fix security vulnerability

Timing side-channel in ECDSA signature computation. CVE-2024-13176...

4.1CVSS7AI score0.00601EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/26 3:20 a.m.•21 views

Updated glibc packages fix security vulnerability

When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-0395...

6.2CVSS7.3AI score0.00349EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/25 9:32 p.m.•32 views

Updated iperf packages fix security vulnerability

It was discovered that iperf 3.17.1 contains a segmentation violation via the iperfexchangeparameters function...

7.5CVSS6.9AI score0.00908EPSS
Exploits1References2
Mageia
Mageia
•added 2025/01/24 7:46 p.m.•45 views

Updated phpmyadmin packages fix security vulnerabilities

fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...

7.3CVSS7AI score0.8833EPSS
Exploits16References2
Mageia
Mageia
•added 2025/01/24 7:46 p.m.•16 views

Updated poppler packages fix security vulnerability

libpoppler.so has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. CVE-2024-56378...

4.3CVSS6.8AI score0.0062EPSS
Exploits1References2
Mageia
Mageia
•added 2025/01/23 5:38 p.m.•19 views

Updated golang packages fix security vulnerabilities

net/http: sensitive headers incorrectly sent after cross-domain redirect, CVE-2024-45336. crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, CVE-2024-45341...

6.1CVSS7.3AI score0.00647EPSS
Exploits0References2
Total number of security vulnerabilities6009