Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2025/01/22 6:29 p.m.•20 views

Updated chromium-browser-stable packages fix security vulnerabilities

Lot of CVEs were fixed by upstream since our current version; please see the links...

9.6CVSS7.2AI score0.06295EPSS
Exploits5References14
Mageia
Mageia
•added 2025/01/22 3:19 a.m.•28 views

Updated rsync packages fix security vulnerabilities

Heap buffer overflow in rsync due to improper checksum length handling. CVE-2024-12084 Info leak via uninitialized stack contents. CVE-2024-12085 Rsync server leaks arbitrary client files. CVE-2024-12086 Path traversal vulnerability in rsync. CVE-2024-12087 Rsync --safe-links option bypass leads ...

9.8CVSS7.6AI score0.72059EPSS
Exploits8References5
Mageia
Mageia
•added 2025/01/20 8:1 p.m.•26 views

Updated raptor2 packages fix security vulnerability

In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath...

9.3CVSS7.3AI score0.00315EPSS
Exploits1References2
Mageia
Mageia
•added 2025/01/20 8:1 p.m.•43 views

Updated dcmtk packages fix security vulnerabilities

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...

8.4CVSS7.1AI score0.0061EPSS
Exploits2References2
Mageia
Mageia
•added 2025/01/20 6:21 p.m.•27 views

Updated git packages fix security vulnerabilities

Git does not sanitize URLs when asking for credentials interactively. CVE-2024-50349 Newline confusion in credential helpers can lead to credential exfiltration in git. CVE-2024-52006...

7.5CVSS6.9AI score0.01019EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/20 6:21 p.m.•27 views

Updated proftpd packages fix security vulnerability

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...

7.5CVSS6.8AI score0.02204EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/18 6:0 p.m.•22 views

Updated vim packages fix security vulnerability

Heap-buffer-overflow with visual mode in Vim 9.1.1003. CVE-2025-22134...

5.5CVSS6.8AI score0.00367EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/18 1:31 a.m.•70 views

Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...

8.4CVSS7.3AI score0.00563EPSS
Exploits0References1
Mageia
Mageia
•added 2025/01/16 7:14 a.m.•36 views

Updated openjpeg2 packages fix security vulnerabilities

Heap buffer overflow in bin/common/color.c. CVE-2024-56826 Heap buffer overflow in lib/openjp2/j2k.c. CVE-2024-56827...

5.6CVSS7.8AI score0.00309EPSS
Exploits0References3
Mageia
Mageia
•added 2025/01/14 12:9 a.m.•13 views

Updated ceph packages fix security vulnerability

Authentication bypass in CEPH RadosGW. CVE-2024-48916...

8.1CVSS7AI score0.00192EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/14 12:9 a.m.•23 views

Updated firefox packages fix security vulnerabilities

WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...

7.7CVSS7.6AI score0.1307EPSS
Exploits0References3
Mageia
Mageia
•added 2025/01/14 12:9 a.m.•17 views

Updated thunderbird packages fix security vulnerabilities

WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...

7.7CVSS7.6AI score0.1307EPSS
Exploits0References3
Mageia
Mageia
•added 2025/01/12 6:41 a.m.•47 views

Updated radare2 packages fix security vulnerability

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parsedie function. CVE-2024-29645...

7.8CVSS7.8AI score0.00242EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/12 6:41 a.m.•19 views

Updated rizin packages fix security vulnerability

Command injection via RzBinInfo bclass due legacy code. CVE-2022-1207...

6.6CVSS7.4AI score0.00907EPSS
Exploits1References3
Mageia
Mageia
•added 2025/01/12 6:41 a.m.•26 views

Updated libjxl packages fix security vulnerabilities

Out of Bounds Memory Read/Write in libjxl. CVE-2024-11403 Resource exhaustion via Stack overflow in libjxl. CVE-2024-11498...

9.8CVSS7.2AI score0.0063EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/12 6:41 a.m.•30 views

Updated avahi packages fix security vulnerabilities

Avahi wide-area dns uses constant source port. CVE-2024-52615 Avahi wide-area dns predictable transaction ids. CVE-2024-52616...

5.3CVSS6.9AI score0.00681EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/10 7:54 p.m.•13 views

Updated opencontainers-runc packages fix security vulnerability

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...

3.6CVSS6.8AI score0.00317EPSS
Exploits0References2
Mageia
Mageia
•added 2025/01/10 7:54 p.m.•22 views

Updated tinyproxy packages fix security vulnerabilities

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function.. CVE-2022-40468 A use-after-free vulnerability exists in the HTTP Connection Headers...

9.8CVSS8.1AI score0.63076EPSS
Exploits3References6
Mageia
Mageia
•added 2025/01/04 9:9 p.m.•36 views

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Vulnerabilities were found in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are prior to 7.0.22 and prior to 7.1.2. A difficult to exploit vulnerability allows a high privileged attacker with logon to the infrastructure where Oracl...

7.5CVSS6.9AI score0.005EPSS
Exploits0References3
Mageia
Mageia
•added 2025/01/04 9:9 p.m.•42 views

Updated ruby packages fix security vulnerabilities

The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . CVE-2024-39908 The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . CVE-2024-41123 The REXML gem...

8.7CVSS7.3AI score0.02064EPSS
Exploits1References9
Mageia
Mageia
•added 2024/12/24 8:6 a.m.•15 views

Updated emacs packages fix security vulnerability

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user choose...

7.8CVSS7.6AI score0.00526EPSS
Exploits0References2
Mageia
Mageia
•added 2024/12/21 8:16 p.m.•18 views

Updated mozjs78 packages fix security vulnerability

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602...

5.9CVSS6.8AI score0.0104EPSS
Exploits0References2
Mageia
Mageia
•added 2024/12/21 8:16 p.m.•29 views

Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...

9.8CVSS6.9AI score0.43663EPSS
Exploits13References4
Mageia
Mageia
•added 2024/12/21 8:16 p.m.•20 views

Updated thunderbird packages fix security vulnerability

Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...

5.3CVSS6.9AI score0.00835EPSS
Exploits0References3
Mageia
Mageia
•added 2024/12/18 6:2 p.m.•138 views

Updated kernel, kmod-xtables-addons, kmod-virtualbox & dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.65 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS7.3AI score0.00254EPSS
Exploits1References5
Mageia
Mageia
•added 2024/12/18 6:2 p.m.•117 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.65 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7.3AI score0.00254EPSS
Exploits1References5
Mageia
Mageia
•added 2024/12/17 7:42 p.m.•23 views

Updated curl packages fix security vulnerability

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

3.4CVSS7AI score0.01378EPSS
Exploits1References2
Mageia
Mageia
•added 2024/12/17 7:42 p.m.•31 views

Updated socat packages fix security vulnerability

CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh...

9.8CVSS7.1AI score0.00794EPSS
Exploits0References2
Mageia
Mageia
•added 2024/12/06 5:9 p.m.•36 views

Updated kubernetes packages fix security vulnerabilities

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

8.1CVSS7AI score0.03001EPSS
Exploits1References4
Mageia
Mageia
•added 2024/12/04 4:58 p.m.•34 views

Updated python-aiohttp packages fix security vulnerabilities

When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'followsymlinks' is set to True,...

7.5CVSS7.4AI score0.76875EPSS
Exploits15References3
Mageia
Mageia
•added 2024/12/04 4:58 p.m.•35 views

Updated qemu packages fix security vulnerabilities

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...

8.8CVSS7.9AI score0.01891EPSS
Exploits3References6
Mageia
Mageia
•added 2024/12/02 5:45 p.m.•22 views

Updated glib2.0 packages fix security vulnerability

Buffer overflow in socks proxy code in glib 2.82.1. CVE-2024-52533...

9.8CVSS7.3AI score0.01263EPSS
Exploits1References2
Mageia
Mageia
•added 2024/12/02 5:17 p.m.•26 views

Updated thunderbird packages fix security vulnerabilities

Select list elements could be shown over another site. CVE-2024-11692 CSP Bypass and XSS Exposure via Web Compatibility Shims. CVE-2024-11694 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. CVE-2024-11695 Unhandled Exception in Add-on Signature Verification. CVE-2024-11696...

8.8CVSS7.1AI score0.00762EPSS
Exploits0References3
Mageia
Mageia
•added 2024/12/02 5:17 p.m.•25 views

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Select list elements could be shown over another site. CVE-2024-11692 CSP Bypass and XSS Exposure via Web Compatibility Shims. CVE-2024-11694 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. CVE-2024-11695 Unhandled Exception in Add-on Signature Verification. CVE-2024-11696...

8.8CVSS7.1AI score0.00762EPSS
Exploits0References4
Mageia
Mageia
•added 2024/12/02 5:17 p.m.•29 views

Updated krb5 packages fix security vulnerability

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...

9CVSS7.1AI score0.14859EPSS
Exploits2References2
Mageia
Mageia
•added 2024/11/29 11:36 p.m.•25 views

Updated libsoup3 & libsoup packages fix security vulnerabilities

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup before 3.6.1...

8.4CVSS7.7AI score0.00933EPSS
Exploits2References5
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•23 views

Updated zbar packages fix security vulnerabilities

A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

9.8CVSS8AI score0.01787EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•26 views

Updated golang packages fix security vulnerabilities

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Calling Parse o...

7.5CVSS7.4AI score0.01127EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•19 views

Updated microcode packages fix security vulnerabilities

Improper Finite State Machines FSMs in the Hardware logic in some 4th and 5th Generation Intel® Xeon® Processors may allow an authorized user to potentially enable denial of service via local access. CVE-2024-21853 Improper conditions check in some Intel® Xeon® processor memory controller...

8.8CVSS7.5AI score0.00256EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•22 views

Updated wget packages fix security vulnerability

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524...

6.5CVSS7.4AI score0.0111EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•25 views

Updated dcmtk packages fix security vulnerability

A buffer overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. CVE-2024-27628...

8.1CVSS8.5AI score0.00729EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•26 views

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...

8.8CVSS8AI score0.04422EPSS
Exploits1References3
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•20 views

Updated php packages fix security vulnerabilities

Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update...

9.8CVSS7.7AI score0.02286EPSS
Exploits4References1
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•17 views

Updated iptraf-ng packages fix security vulnerability

The updated package fixes a security vulnerability: CVE-2024-52949...

7.5CVSS7AI score0.00727EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•19 views

Updated rapidjson packages fix security vulnerability

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...

7.8CVSS7.3AI score0.00375EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•16 views

Updated libsndfile packages fix security vulnerability

libsndfile suffers from an out-of-bounds read in oggvorbis.c vorbisanalysiswrote...

5.5CVSS7.2AI score0.00308EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/27 7:59 p.m.•31 views

Updated tomcat packages fix security vulnerabilities

Authentication bypass when using Jakarta Authentication API. CVE-2024-52316 Incorrect JSP tag recycling leads to XSS. CVE-2024-52318...

9.8CVSS7.4AI score0.06287EPSS
Exploits2References3
Mageia
Mageia
•added 2024/11/22 7:25 a.m.•50 views

Updated kernel, kmod-xtables-addons, kmod-virtualbox & bluez packages fix security vulnerabilities

Upstream kernel version 6.6.61 fixes bugs and vulnerabilities. The bluez, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS8.2AI score0.00529EPSS
Exploits1References4
Mageia
Mageia
•added 2024/11/22 7:25 a.m.•23 views

Updated opendmarc packages fix security vulnerability

Fix null pointer dereference in opendmarcpolicy.c. CVE-2024-25768...

7.5CVSS7AI score0.00728EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/22 7:25 a.m.•20 views

Updated radare2 packages fix security vulnerability

An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the bfdiv function. CVE-2024-48241...

5.5CVSS6.5AI score0.00198EPSS
Exploits0References2
Total number of security vulnerabilities6009