Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2024/11/22 7:25 a.m.•20 views

Updated radare2 packages fix security vulnerability

An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the bfdiv function. CVE-2024-48241...

5.5CVSS6.5AI score0.00198EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/22 7:25 a.m.•26 views

Updated kanboard packages fix security vulnerability

In versions prior to 1.2.31 an authenticated user is able to perform a SQL injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations the code improperly uses the PicoDB library to update/insert new information...

8.8CVSS7.5AI score0.00923EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/20 5:23 p.m.•18 views

Updated thunderbird packages fix security vulnerability

Potential disclosure of plaintext in OpenPGP encrypted message. CVE-2024-11159...

5.3CVSS6.8AI score0.003EPSS
Exploits0References4
Mageia
Mageia
•added 2024/11/13 6:48 p.m.•27 views

Updated libarchive packages fix security vulnerability

A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. CVE-2024-20696...

7.3CVSS7.5AI score0.03154EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/13 6:48 p.m.•31 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk packages fix security vulnerabilities

giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function. CVE-2023-48161 Array indexing integer overflow. CVE-2024-21210 HTTP client improper handling of maxHeaderSize. CVE-2024-21208 Unbounded allocation leads to out-of-memory error. CVE-2024-21217 Integer conversion error lea...

7.1CVSS7.1AI score0.01157EPSS
Exploits1References5
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•18 views

Updated curl packages fix security vulnerability

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

6.5CVSS7.1AI score0.0197EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•19 views

Updated expat packages fix security vulnerability

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602...

5.9CVSS6.8AI score0.0104EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•49 views

Updated php-tcpdf packages fix security vulnerability

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file. CVE-2024-22641...

7.5CVSS6.8AI score0.01113EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•16 views

Updated mpg123 packages fix security vulnerability

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this fla...

6.7CVSS8AI score0.00348EPSS
Exploits0References5
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•12 views

Updated qbittorrent packages fix security vulnerabilities

qBittorrent, on all platforms, did not verify any SSL certificates in its DownloadManager class from 2010 until October 2024. If it failed to verify a cert, it simply logged an error and proceeded...

7.2AI score
Exploits0References3
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•14 views

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerability

Due to an improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially-crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges...

7.8CVSS7.3AI score0.00894EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•19 views

Updated openssl packages fix security vulnerability

Low-level invalid GF2^m parameters lead to OOB memory accesses. CVE-2024-9143...

4.3CVSS6.9AI score0.05966EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/12 7:53 p.m.•18 views

Updated networkmanager-libreswan packages fix security vulnerability

A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading t...

7.8CVSS7.5AI score0.00452EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•54 views

Updated htmldoc packages fix security vulnerabilities

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. CVE-2024-45508 HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681. CVE-2024-46478...

9.8CVSS7.9AI score0.00706EPSS
Exploits2References2
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•26 views

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parsing multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

7.5CVSS7.2AI score0.01093EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•16 views

Updated thunderbird packages fix security vulnerabilities

Permission leak via embed or object elements. CVE-2024-10458 Use-after-free in layout with accessibility. CVE-2024-10459 Confusing display of origin for external protocol handler prompt. CVE-2024-10460 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response...

9.8CVSS7.2AI score0.00809EPSS
Exploits0References4
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•22 views

Updated nspr, nss, firefox & rust packages fix security vulnerabilities

Permission leak via embed or object elements. CVE-2024-10458 Use-after-free in layout with accessibility. CVE-2024-10459 Confusing display of origin for external protocol handler prompt. CVE-2024-10460 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response...

9.8CVSS7.2AI score0.00809EPSS
Exploits0References4
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•23 views

Updated libheif packages fix security vulnerability

In Libheif, insufficient checks in ImageOverlay::parse while decoding a HEIF file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. CVE-2024-41311...

8.1CVSS7.2AI score0.00825EPSS
Exploits1References2
Mageia
Mageia
•added 2024/11/09 5:17 a.m.•39 views

Updated quictls packages fix security vulnerability

Invalid low-level GF2^m parameters can lead to an OOB memory access. CVE-2024-9143...

4.3CVSS7.3AI score0.05966EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/08 10:9 p.m.•31 views

Updated python-urllib3 packages fix security vulnerability

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

6.5CVSS7.3AI score0.01141EPSS
Exploits1References1
Mageia
Mageia
•added 2024/11/08 10:9 p.m.•22 views

Updated ruby-webrick packages fix security vulnerability

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. CVE-2024-47220...

6.9AI score0.00393EPSS
Exploits0References2
Mageia
Mageia
•added 2024/11/06 7:57 p.m.•28 views

Updated libarchive packages fix security vulnerabilities

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a...

7.8CVSS6.8AI score0.00551EPSS
Exploits2References1
Mageia
Mageia
•added 2024/11/02 4:56 p.m.•112 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.1CVSS7.3AI score0.01367EPSS
Exploits2References7
Mageia
Mageia
•added 2024/11/02 4:56 p.m.•121 views

Updated kernel, kmod-xtables-addons. kmod-virtualbox, kernel-firmware & kernel-firmware-nonfree radeon-firmware packages fix security vulnerabilities

Upstream kernel version 6.6.58 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

9.1CVSS7.3AI score0.01367EPSS
Exploits2References7
Mageia
Mageia
•added 2024/11/01 5:26 p.m.•19 views

Updated bind packages fix security vulnerabilities

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. CVE-2024-0760 Resolver caches and authoritative zone databases that...

7.5CVSS7.1AI score0.0468EPSS
Exploits0References3
Mageia
Mageia
•added 2024/11/01 5:26 p.m.•37 views

Updated buildah, podman, skopeo packages fix security vulnerabilities

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

8.6CVSS7.2AI score0.02085EPSS
Exploits0References9
Mageia
Mageia
•added 2024/10/29 4:11 p.m.•43 views

Updated chromium-browser-stable packages fix security vulnerabilities

Integer overflow in Layout. CVE-2024-7025 Insufficient data validation in Mojo. CVE-2024-9369 Inappropriate implementation in V8. CVE-2024-9370 Type Confusion in V8. CVE-2024-9602 Type Confusion in V8. CVE-2024-9603...

9.6CVSS7.2AI score0.00773EPSS
Exploits2References3
Mageia
Mageia
•added 2024/10/27 2:37 a.m.•25 views

Updated thunderbird packages fix security vulnerabilities

The updated packages provide Thunderbird 128 for all mandatory arches of Mageia x8664, i586 and aarch64 and fix several bugs, including a security vulnerability:...

9.8CVSS7.4AI score0.32568EPSS
Exploits1References5
Mageia
Mageia
•added 2024/10/27 2:37 a.m.•22 views

Updated libgsf packages fix security vulnerabilities

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...

8.4CVSS7.7AI score0.00457EPSS
Exploits0References3
Mageia
Mageia
•added 2024/10/27 2:37 a.m.•18 views

Updated cpanminus packages fix security vulnerability

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. CVE-2024-45321...

9.8CVSS7.5AI score0.00737EPSS
Exploits1References2
Mageia
Mageia
•added 2024/10/27 2:37 a.m.•29 views

Updated mozjs78 packages fix security vulnerabilities

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

9.8CVSS7.4AI score0.01686EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/27 2:37 a.m.•53 views

Updated redis packages fix security vulnerabilities

An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. CVE-2024-31227 Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported...

8.8CVSS8.2AI score0.04488EPSS
Exploits1References2
Mageia
Mageia
•added 2024/10/25 6:8 a.m.•22 views

Updated oath-toolkit packages fix security vulnerability

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191...

7.1CVSS7.3AI score0.00341EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/24 4:43 p.m.•35 views

Updated firefox packages fix security vulnerabilities

The updated package provides Firefox 128 for all mandatory arches of Mageia x8664, i586 and aarch64, fixing several bugs, including security vulnerabilities, for i586 and aarch64: Fullscreen notification dialog can be obscured by document content. CVE-2024-7518 Out of bounds memory access in...

9.8CVSS8.3AI score0.32568EPSS
Exploits2References1
Mageia
Mageia
•added 2024/10/16 1:32 a.m.•29 views

Updated unbound packages fix security vulnerabilities

NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression ...

5.3CVSS7.2AI score0.00806EPSS
Exploits0References1
Mageia
Mageia
•added 2024/10/14 6:46 p.m.•31 views

Updated thunderbird packages fix security vulnerabilities

The current version has reached EOL and several security vulnerabilities were fixed by Mozilla. We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x8664...

9.8CVSS7.7AI score0.04395EPSS
Exploits1References11
Mageia
Mageia
•added 2024/10/14 6:46 p.m.•30 views

Updated firefox firefox-l10n packages fix security vulnerabilities

The updated packages fix a security vulnerability: Use-after-free in Animation timeline. CVE-2024-9680 We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x8664...

9.8CVSS7.1AI score0.32568EPSS
Exploits1References3
Mageia
Mageia
•added 2024/10/11 12:59 a.m.•35 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities...

9.1CVSS7.4AI score0.05582EPSS
Exploits1References2
Mageia
Mageia
•added 2024/10/11 12:59 a.m.•29 views

Updated vim packages fix security vulnerability

Use-after-free when closing buffers in Vim v9.1.0764. CVE-2024-47814...

4.7CVSS6.8AI score0.00291EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/11 12:59 a.m.•33 views

Updated php packages fix security vulnerabilities

HTTPREDIRECTSTATUS might be controlled via user request FPM log output might be modified by an attacker HTTP POST can be modified by an attacker For other bug fixes consult references...

7.5CVSS6.9AI score0.01077EPSS
Exploits2References2
Mageia
Mageia
•added 2024/10/07 5:39 p.m.•25 views

Updated cups & cups-filters packages fix security vulnerabilities

The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. CVE-2024-47076 Th...

9.8CVSS8.9AI score0.76959EPSS
Exploits17References4
Mageia
Mageia
•added 2024/10/05 10:55 p.m.•29 views

Updated rootcerts nss firefox firefox-l10n packages fix security vulnerabilities

The current versions have reached EOL and several security vulnerabilities were fixed by Mozilla. We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x8664...

9.8CVSS7.7AI score0.04395EPSS
Exploits1References11
Mageia
Mageia
•added 2024/10/05 10:55 p.m.•19 views

Updated ghostscript packages fix security vulnerabilities

Amongst other general bug fixes, this release addresses: CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956...

8.4CVSS6.9AI score0.0055EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/04 5:27 a.m.•92 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Downloads. CVE-2024-6988 Use after free in Loader. CVE-2024-6989 Use after free in Dawn. CVE-2024-6991 Heap buffer overflow in Layout. CVE-2024-6994 Inappropriate implementation in Fullscreen. CVE-2024-6995 Race in Frames. CVE-2024-6996 Use after free in Tabs. CVE-2024-6997 Use...

9.6CVSS7.2AI score0.19272EPSS
Exploits15References11
Mageia
Mageia
•added 2024/10/04 5:27 a.m.•27 views

Updated openjpeg2 packages fix security vulnerability

Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. CVE-2023-39327...

4.3CVSS7.2AI score0.00528EPSS
Exploits0References2
Mageia
Mageia
•added 2024/10/04 5:27 a.m.•16 views

Updated cjson packages fix security vulnerability

cJSON was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSONSetValuestring at cJSON.c. CVE-2024-31755...

7.6CVSS7.7AI score0.00648EPSS
Exploits1References2
Mageia
Mageia
•added 2024/10/04 5:27 a.m.•28 views

Updated hostapd & wpa_supplicant packages fix security vulnerability

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive th...

7.4CVSS7.2AI score0.00716EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/28 9:34 p.m.•25 views

Updated libreoffice package fixes security vulnerability

The Certificate Validation user interface in LibreOffice allows a potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the mac...

7.8CVSS6.8AI score0.00238EPSS
Exploits0References4
Mageia
Mageia
•added 2024/09/27 5:21 p.m.•51 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities

Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...

7.4CVSS7.2AI score0.01257EPSS
Exploits0References5
Mageia
Mageia
•added 2024/09/27 1:30 a.m.•28 views

Updated gnome-shell packages fix security vulnerability

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

6.5CVSS6.6AI score0.00299EPSS
Exploits0References3
Total number of security vulnerabilities6009