Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2024/09/27 1:30 a.m.•119 views

Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.52 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS8.2AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
•added 2024/09/27 1:30 a.m.•22 views

Updated apache-mod_jk packages fix security vulnerability

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to information disclosure and/or denial of service. CVE-2024-46544...

5.9CVSS6.5AI score0.00326EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/27 1:30 a.m.•66 views

Updated kernel-linus packages fixes security vulnerabilities

Vanilla upstream kernel version 6.6.52 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS8.1AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
•added 2024/09/27 1:30 a.m.•28 views

Updated gnome-shell packages fix security vulnerability

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

6.5CVSS6.6AI score0.00299EPSS
Exploits0References3
Mageia
Mageia
•added 2024/09/25 6:8 p.m.•22 views

Updated gtk+2.0 and gtk+3.0 packages fix security vulnerability

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. CVE-2024-6655...

7CVSS6.6AI score0.00464EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/25 6:8 p.m.•26 views

Updated glib2.0 packages fix security vulnerability

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...

5.2CVSS6.8AI score0.00756EPSS
Exploits1References4
Mageia
Mageia
•added 2024/09/25 6:8 p.m.•19 views

Updated python-astropy packages fix security vulnerability

Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a command or a script file as a value to the savelayout argument, which will be placed as the first value in a...

8.4CVSS7.7AI score0.01124EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/19 6:4 p.m.•180 views

Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.50 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

8.8CVSS7.9AI score0.00879EPSS
Exploits8References8
Mageia
Mageia
•added 2024/09/19 6:4 p.m.•42 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.50 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

8.8CVSS8AI score0.00879EPSS
Exploits8References8
Mageia
Mageia
•added 2024/09/17 2:41 a.m.•37 views

Updated suricata packages fix security vulnerabilities

CVE-2024-37151 Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535, CVE-2024-38536 Suricata can...

7.5CVSS7.2AI score0.01172EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/17 2:41 a.m.•25 views

Updated clamav packages fix security vulnerabilities

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service DoS condition. CVE-2024-20505 Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam'...

7.5CVSS7.1AI score0.00555EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/17 2:41 a.m.•21 views

Updated python3-webob package fix security vulnerability

When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and then trea...

6.1CVSS7.2AI score0.00497EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•26 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS8.2AI score0.01565EPSS
Exploits0References3
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•16 views

Updated microcode packages fix security vulnerabilities

Observable discrepancy in RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2024-23984 Improper finite state machines FSMs in hardware logic in some Intel® Processors may allow an privileged user to potentially...

6.8CVSS6.9AI score0.00209EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•18 views

Updated wireshark packages fix security vulnerability

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.2.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. CVE-2024-8250...

7.8CVSS7.5AI score0.00317EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•22 views

Updated tgt packages fix security vulnerability

tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. CVE-2024-45751...

5.9CVSS7.3AI score0.00547EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/16 5:44 p.m.•30 views

Updated tcpreplay package fix security vulnerability

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...

7.8CVSS7.2AI score0.00437EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/13 5:15 p.m.•20 views

Updated botan2 packages fix security vulnerability

An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at mos...

7.5CVSS6.8AI score0.005EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/13 5:15 p.m.•34 views

Updated assimp packages fix security vulnerability

Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program...

8.4CVSS7.8AI score0.00281EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/13 5:15 p.m.•23 views

Updated python-tqdm package fixes security vulnerability

Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable...

4.8CVSS7.6AI score0.00432EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/13 5:15 p.m.•16 views

Updated radare2 packages fix security vulnerability

radare2 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian...

7.5CVSS6.8AI score0.01183EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/11 8:42 p.m.•30 views

Updated expat packages fix security vulnerabilities

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

9.8CVSS7.6AI score0.01686EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/11 8:42 p.m.•33 views

Updated microcode package fix security vulnerabilities

Improper isolation in the IntelR CoreTM Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-42667 Improper isolation in some IntelR Processors stream cache mechanism may allow an authenticated user to...

7.8CVSS7.4AI score0.00285EPSS
Exploits0References3
Mageia
Mageia
•added 2024/09/11 8:42 p.m.•36 views

Updated libpcap packages fix security vulnerabilities

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

4.4CVSS7.4AI score0.00227EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•43 views

Nginx has been updated to the latest stable release to fix CVE

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

5.7CVSS6.7AI score0.0032EPSS
Exploits0References3
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•26 views

Updated libtiff packages fix security vulnerability

A null pointer dereference flaw was found in Libtiff via tifdirinfo.c. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash,...

7.5CVSS6.7AI score0.01516EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•19 views

Updated orc packages fix security vulnerability

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

7CVSS7.6AI score0.00379EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•27 views

Updated zziplib packages fix security vulnerability

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the zzipfetchdisktrailer function at /zzip/zip.c. CVE-2024-39134...

7.5CVSS6.8AI score0.00604EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•28 views

Updated webmin package fixes security vulnerability

CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources...

7.5CVSS7AI score0.05397EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•19 views

Updated openssl packages fix security vulnerability

Possible denial of service in X.509 name checks. CVE-2024-6119...

7.5CVSS6.8AI score0.66594EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•19 views

Updated apr packages fix security vulnerability

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. CVE-2023-49582...

5.5CVSS6.6AI score0.00332EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/10 4:40 p.m.•21 views

Updated unbound packages fix security vulnerability

Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167...

2.8CVSS6.9AI score0.00363EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/09 7:0 p.m.•27 views

Updated ntfs-3g packages fix security vulnerability

NTFS-3G before 75dcdc2 has a use-after-free in ntfsuppercasembs in libntfs-3g/unistr.c. CVE-2023-52890...

4.5CVSS7AI score0.00159EPSS
Exploits0References2
Mageia
Mageia
•added 2024/09/09 7:0 p.m.•44 views

Updated ffmpeg packages fix security vulnerabilities

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t...

8.8CVSS7AI score0.01132EPSS
Exploits1References2
Mageia
Mageia
•added 2024/09/09 7:0 p.m.•33 views

Updated vim packages fix security vulnerabilities

Use-after-free in tagstackclearentry in Vim v9.1.0647. CVE-2024-41957 Use-after-free in alistadd in Vim v9.1.0678. CVE-2024-43374...

5.3CVSS6.8AI score0.00363EPSS
Exploits0References7
Mageia
Mageia
•added 2024/08/28 5:11 p.m.•32 views

Updated nodejs & yarnpkg packages fix security vulnerabilities

Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...

8.1CVSS7.1AI score0.01104EPSS
Exploits0References10
Mageia
Mageia
•added 2024/08/19 7:12 p.m.•60 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities...

9.1CVSS7.5AI score0.54026EPSS
Exploits1References2
Mageia
Mageia
•added 2024/08/17 4:55 p.m.•21 views

Updated packages fix security vulnerabilities

CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email...

7.5CVSS7AI score0.01284EPSS
Exploits2References2
Mageia
Mageia
•added 2024/08/15 5:48 p.m.•34 views

Updated roundcubemail packages fix security vulnerabilities

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

9.3CVSS6.2AI score0.83387EPSS
Exploits9References2
Mageia
Mageia
•added 2024/08/07 5:49 a.m.•180 views

Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.43 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS7AI score0.00478EPSS
Exploits0References7
Mageia
Mageia
•added 2024/08/07 5:49 a.m.•166 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.43 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7AI score0.00478EPSS
Exploits0References7
Mageia
Mageia
•added 2024/07/31 7:34 p.m.•37 views

Updated emacs packages improve Wayland support and fix a security vulnerability

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. CVE-2024-39331...

9.8CVSS6.8AI score0.01323EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/29 6:26 p.m.•126 views

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change. Successf...

8.2CVSS6.8AI score0.00457EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/21 2:28 a.m.•48 views

Updated thunderbird packages fix security vulnerabilities

Memory corruption in WebGL API. CVE-2024-6600 Race condition in permission assignment. CVE-2024-6601 Memory corruption in thread creation. CVE-2024-6603 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. CVE-2024-6604...

7.5CVSS7.9AI score0.0054EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/20 9:22 p.m.•44 views

Updated chromium-browser-stable packages fix security vulnerabilities

Inappropriate implementation in V8. CVE-2024-6772 Type Confusion in V8. CVE-2024-6773 Use after free in Screen Capture. CVE-2024-6774 Use after free in Media Stream. CVE-2024-6775 Use after free in Audio. CVE-2024-6776 Use after free in Navigation. CVE-2024-6777 Race in DevTools. CVE-2024-6778 Ou...

9.6CVSS7.8AI score0.00781EPSS
Exploits10References2
Mageia
Mageia
•added 2024/07/20 9:22 p.m.•69 views

Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

9.1CVSS7.1AI score0.04134EPSS
Exploits5References2
Mageia
Mageia
•added 2024/07/20 12:8 a.m.•18 views

Updated libfm & libfm-qt packages fix security vulnerability

Fixed a vulnerability about trusted locations...

7.3AI score
Exploits0References2
Mageia
Mageia
•added 2024/07/16 3:21 a.m.•41 views

Updated sendmail packages fix security vulnerability

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS7.3AI score0.01073EPSS
Exploits2References3
Mageia
Mageia
•added 2024/07/16 3:21 a.m.•46 views

Updated nss & firefox packages fix security vulnerabilities

Memory corruption in WebGL API. CVE-2024-6600 Race condition in permission assignment. CVE-2024-6601 Memory corruption in NSS. CVE-2024-6602 Memory corruption in thread creation. CVE-2024-6603 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. CVE-2024-6604...

9.8CVSS8.1AI score0.00977EPSS
Exploits0References4
Mageia
Mageia
•added 2024/07/15 4:54 p.m.•41 views

Updated libreoffice packages fix security vulnerability

TLS certificates are not properly verified when utilizing LibreOfficeKit. CVE-2024-5261...

10CVSS7.3AI score0.00428EPSS
Exploits0References3
Total number of security vulnerabilities6009