Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added yesterday•2 views

Updated vips packages fix security vulnerabilities

This update fixes several security issues: A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack need...

7.8CVSS5.6AI score0.00209EPSS
Exploits3References2
Mageia
Mageia
•added yesterday•3 views

Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

6CVSS7.3AI score0.00521EPSS
Exploits0References4
Mageia
Mageia
•added 5 days ago•8 views

Updated mariadb packages fix security vulnerabilities

This update to the latest LTS version fixes some severe security vulnerabilities...

9.9CVSS5.9AI score0.00797EPSS
Exploits0References2
Mageia
Mageia
•added 5 days ago•5 views

Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.6AI score0.00555EPSS
Exploits1References4
Mageia
Mageia
•added 2026/06/27 5:16 p.m.•8 views

Updated krb5 packages fix security vulnerabilities

CVE-2025-3576, A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity...

7.5CVSS5.8AI score0.00461EPSS
Exploits2References6
Mageia
Mageia
•added 2026/06/25 12:27 a.m.•5 views

Updated nats-server packages fix security vulnerabilities

nats-server and its dependencies are updated to fix CVE-2025-30215 Missing access controls for JS API in multi-tenancy...

9.6CVSS5.8AI score0.00561EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/24 5:41 a.m.•5 views

Updated podofo packages fix security vulnerabilities

Podofo v0.9.8 shares some of the vulnerable code that was discovered in Podofo v0.10.0. This package fixes that. CVE-2023-31567 Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. CVE-2023-31568 Podofo v0.10.0 was discovered ...

8.8CVSS6.1AI score0.00749EPSS
Exploits2References5
Mageia
Mageia
•added 2026/06/24 5:41 a.m.•5 views

Updated perl-Archive-Tar package fixes security vulnerabilities

The updated package fixes security vulnerabilities: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the...

9.1CVSS5.8AI score0.00437EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/24 5:41 a.m.•5 views

Updated opensc packages fix security vulnerabilities

These packages fix security vulnerabilities: CVE-2026-10275, A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is...

7.8CVSS5.2AI score0.00296EPSS
Exploits0References3
Mageia
Mageia
•added 2026/06/23 6:4 a.m.•7 views

Updated sslh packages fix security vulnerabilities

CVE-2025-46806, A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures CVE-2025-46807, A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny...

9.3CVSS5.8AI score0.00404EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/23 6:4 a.m.•19 views

Updated mumble packages fix security vulnerability

Mumble is prone to an out-of-bounds array access, which may result in denial of service client crash...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/18 9:28 p.m.•8 views

Updated opensc packages fix security vulnerabilities

CVE-2025-66038 Memory corruption via improper compact-TLV length validation CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses CVE-2025-66037 Out-of-bounds read via...

6.8CVSS5.2AI score0.00282EPSS
Exploits2References3
Mageia
Mageia
•added 2026/06/18 9:28 p.m.•13 views

Updated luajit packages fix security vulnerabilities

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. CVE-2019-19391 LuaJIT through 2.1.0-beta3 h...

9.8CVSS7.1AI score0.01469EPSS
Exploits4References3
Mageia
Mageia
•added 2026/06/18 9:28 p.m.•11 views

Updated libupnp packages fix security vulnerability

Port truncation via atoi cast in parseuri allows SSRF port confusion. CVE-2026-41682...

6.9CVSS5.2AI score0.00346EPSS
Exploits0References3
Mageia
Mageia
•added 2026/06/18 9:28 p.m.•10 views

Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5AI score0.00475EPSS
Exploits2References13
Mageia
Mageia
•added 2026/06/18 6:4 p.m.•7 views

Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities

CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...

8.8CVSS7.6AI score0.00867EPSS
Exploits0References3
Mageia
Mageia
•added 2026/06/18 7:22 a.m.•12 views

Updated python-pillow packages fix security vulnerabilities

Integer overflow when processing fonts. CVE-2026-42308 PDF Parsing Trailer Infinite Loop DoS. CVE-2026-42310...

5.5CVSS7.3AI score0.00126EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/18 7:22 a.m.•14 views

Updated perl packages fix security vulnerabilities

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. CVE-2026-8376...

9.8CVSS5.6AI score0.00398EPSS
Exploits1References3
Mageia
Mageia
•added 2026/06/18 7:22 a.m.•14 views

Updated libcap packages fix security vulnerabilities

CVE-2026-4878. A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By...

7CVSS5.2AI score0.00188EPSS
Exploits1References3
Mageia
Mageia
•added 2026/06/17 6:43 a.m.•7 views

Updated coturn packages fix security vulnerabilities

CVE-2026-40613 Coturn: Misaligned Memory Access in coturn STUN Attribute Parser Remote DoS on ARM64...

7.5CVSS5.3AI score0.01123EPSS
Exploits1References3
Mageia
Mageia
•added 2026/06/17 6:43 a.m.•9 views

Updated python-tornado packages fix security vulnerabilities

Tornado has a DoS due to too many multipart parts. CVE-2026-31958 In Tornado, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

8.7CVSS5.4AI score0.00375EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/17 6:43 a.m.•6 views

Updated log4cxx packages fix security vulnerability

CVE-2026-40023, Apache Log4cxx, Apache Log4cxx Conan, Apache Log4cxx Brew: Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters...

6.3CVSS5.3AI score0.00499EPSS
Exploits0References3
Mageia
Mageia
•added 2026/06/16 4:58 a.m.•10 views

Updated emacs packages fix security vulnerability

Memory corruption vulnerability when processing svg css. CVE-2026-6861...

7.1CVSS5.5AI score0.00108EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/16 4:58 a.m.•8 views

Updated lcms2 packages fix security vulnerability

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...

7.5CVSS5.4AI score0.00365EPSS
Exploits1References5
Mageia
Mageia
•added 2026/06/16 4:58 a.m.•74 views

Updated libsndfile packages fix security vulnerabilities

CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption a...

8.2CVSS6AI score0.00585EPSS
Exploits3References1
Mageia
Mageia
•added 2026/06/15 3:56 p.m.•11 views

Updated libgcrypt packages fix security vulnerability

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989...

6.7CVSS5.5AI score0.0018EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/15 3:56 p.m.•13 views

Updated sudo packages fix security vulnerability

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. CVE-2026-35535...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/15 3:56 p.m.•12 views

Updated libinput packages fix security vulnerability

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution...

9.8CVSS5.9AI score0.00498EPSS
Exploits0References3
Mageia
Mageia
•added 2026/06/15 3:56 p.m.•12 views

Updated evince, atril & xreader packages fix security vulnerability

Evince/Atril/Xreader command injection. CVE-2026-46529...

8.4CVSS5.2AI score0.00529EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/15 3:56 p.m.•11 views

Updated putty packages fix security vulnerabilities

ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsaverify signature verification. CVE-2026-4115...

6.3CVSS4.8AI score0.00534EPSS
Exploits1References6
Mageia
Mageia
•added 2026/06/13 1:38 a.m.•19 views

Updated libpng packages fix security vulnerabilities

LIBPNG has a use-after-free in pngsetPLTE, pngsettRNS and pngsethIST leading to corrupted chunk data and potential heap information disclosure. CVE-2026-34757 Chunk smuggling in push-mode APNG parser via unconsumed chunk body. CVE-2026-40930...

5.4CVSS5.4AI score0.00202EPSS
Exploits0References5
Mageia
Mageia
•added 2026/06/13 1:38 a.m.•17 views

Updated openimageio packages fix security vulnerability

AcademySoftwareFoundation OpenImageIO DDS Image ddsinput.cpp out-of-bounds write. CVE-2026-7582...

5.3CVSS5.5AI score0.00112EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/13 1:38 a.m.•12 views

Updated packages fix security vulnerabilities

CVE-2026-49261 MariaDB server has unsafe parameter handling in wsrepnotifycmd CVE-2026-48165 MariaDB: unsafe usage of wsrepsstreceiveaddress values on the joiner side CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side rsync...

10CVSS5.3AI score0.00998EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/12 11:28 p.m.•20 views

Updated proftpd packages fix security vulnerabilities

CVE-2026-42167 modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM. CVE-2026-44331 a SQL injection vulnerabili...

8.1CVSS6.4AI score0.04282EPSS
Exploits7References2
Mageia
Mageia
•added 2026/06/12 11:28 p.m.•12 views

Updated cups packages fix security vulnerabilities

CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in ppdCreateFromIPP causes root cupsd crash via negative job-password-supported CVE-2026-39316, Use-after-free in cupsdDeleteTemporaryPrinters via dangling subscription pointer...

7.8CVSS5.7AI score0.00502EPSS
Exploits7References11
Mageia
Mageia
•added 2026/06/12 11:28 p.m.•14 views

Updated libssh packages fix security vulnerabilities

CVE-2026-0964 Improper sanitation of paths received from SCP servers CVE-2026-0965 The libssh can attempt to read non-regular files when misconfigured, which could cause resource exhaustion or blocking. CVE-2026-0966 Providing 0-length input for the sshgethexa causes 1-byte buffer underflow on...

8.2CVSS5.7AI score0.00582EPSS
Exploits0References7
Mageia
Mageia
•added 2026/06/12 11:28 p.m.•16 views

Updated expat packages fix security vulnerabilities

CVE-2026-45186 the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.2AI score0.00428EPSS
Exploits1References4
Mageia
Mageia
•added 2026/06/12 11:28 p.m.•15 views

Updated memcached packages fix security vulnerabilities

CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side...

8.1CVSS5.4AI score0.01312EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/12 4:20 p.m.•10 views

Updated nghttp2 packages fix security vulnerability

Denial of service: Assertion failure due to missing state validation. CVE-2026-27135...

7.5CVSS7.4AI score0.00775EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/12 4:20 p.m.•77 views

Updated radare2 packages fix security vulnerability

CVE-2026-40499, Command Injection via PDB Parser printgvars...

8.4CVSS5.3AI score0.01184EPSS
Exploits1References2
Mageia
Mageia
•added 2026/06/11 4:55 p.m.•10 views

Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

7.5CVSS5.4AI score0.00576EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/11 4:55 p.m.•11 views

Updated gnupg2 packages fix security vulnerabilities

CVE-2025-68973, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. CVE-2026-24882, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC key...

8.4CVSS7.3AI score0.00447EPSS
Exploits2References5
Mageia
Mageia
•added 2026/06/11 4:55 p.m.•10 views

Updated sqlite3 packages fix bug & security vulnerability

sqlite3 shipped in Mageia 9 lacks ICU support. This update brings sqlite3-icu to allow ICU support be loaded as an optional extension. This update fixes CVE-2025-70873, an information disclosure issue. The zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows...

7.5CVSS5.4AI score0.00301EPSS
Exploits1References3
Mageia
Mageia
•added 2026/06/11 1:40 a.m.•14 views

Updated roundcubemail packages fix security vulnerabilities

Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection...

8.1CVSS5.6AI score0.00764EPSS
Exploits1References5
Mageia
Mageia
•added 2026/06/10 5:11 p.m.•11 views

Updated postfix packages fix security vulnerability

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number. CVE-2026-43964...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/10 5:11 p.m.•8 views

Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

8.1CVSS6AI score0.00419EPSS
Exploits0References4
Mageia
Mageia
•added 2026/06/10 5:7 a.m.•9 views

Updated libxpm packages fix security vulnerability

libXpm Out-of-bounds read in xpmNextWord. CVE-2026-4367...

5.5CVSS5.3AI score0.00129EPSS
Exploits0References3
Mageia
Mageia
•added 2026/06/10 5:7 a.m.•16 views

Updated golang-x-net packages fix security vulnerability

CVE-2024-45338 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.5AI score0.00856EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/10 5:7 a.m.•13 views

Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

8.8CVSS6.2AI score0.02394EPSS
Exploits0References2
Mageia
Mageia
•added 2026/06/10 5:7 a.m.•12 views

Updated tor packages fix security issues

This update provides lots of security issues fixed by upstream since our current version. Please see the links for details...

9.1CVSS5.4AI score0.0045EPSS
Exploits0References3
Total number of security vulnerabilities6009