Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2024/07/15 4:54 p.m.•30 views

Updated tomcat packages fix security vulnerability

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

7.5CVSS7.3AI score0.04602EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/14 5:23 a.m.•84 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.37 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.8CVSS7.9AI score0.01483EPSS
Exploits6References10
Mageia
Mageia
•added 2024/07/14 5:23 a.m.•96 views

Updated freeradius packages fix security vulnerability

This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS serv...

9CVSS7.2AI score0.14859EPSS
Exploits2References3
Mageia
Mageia
•added 2024/07/14 5:23 a.m.•57 views

Updated squid packages fix security vulnerability

Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. CVE-2024-37894...

6.3CVSS6.8AI score0.06255EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/13 7:54 a.m.•76 views

Updated kernel kmod-xtables-addons kmod-virtualbox dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.37 fix bugs and vulnerabilities. The dwarves, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

9.8CVSS7.9AI score0.01483EPSS
Exploits6References10
Mageia
Mageia
•added 2024/07/11 1:4 a.m.•55 views

Updated php packages fix security vulnerability

This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information...

5.3CVSS7.7AI score0.12117EPSS
Exploits1References4
Mageia
Mageia
•added 2024/07/11 1:4 a.m.•36 views

Updated golang packages fix security vulnerability

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...

7.5CVSS7.2AI score0.01414EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/10 6:1 p.m.•34 views

Updated poppler packages fix security vulnerability

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. CVE-2024-6239...

7.5CVSS6.6AI score0.00785EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/10 6:1 p.m.•44 views

Updated netatalk packages fix security vulnerabilities

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. CVE-2024-38439 Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation...

9.8CVSS7.5AI score0.00931EPSS
Exploits3References2
Mageia
Mageia
•added 2024/07/09 7:1 a.m.•165 views

Updated apache packages fix security vulnerabilities

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encodin...

9.8CVSS7.3AI score0.99957EPSS
Exploits2References9
Mageia
Mageia
•added 2024/07/05 4:28 p.m.•49 views

Updated python-js2py packages fix security vulnerability

CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...

5.3CVSS7.2AI score0.04548EPSS
Exploits22References2
Mageia
Mageia
•added 2024/07/05 4:28 p.m.•30 views

Updated znc packages fix security vulnerability

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. CVE-2024-39844...

9.8CVSS7.8AI score0.03862EPSS
Exploits0References2
Mageia
Mageia
•added 2024/07/04 4:48 p.m.•42 views

Updated openvpn packages fix security vulnerability

Control channel: refuse control channel messages with nonprintable characters in them. CVE-2024-5594...

9.1CVSS7.3AI score0.00805EPSS
Exploits0References3
Mageia
Mageia
•added 2024/07/04 4:48 p.m.•47 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Dawn. CVE-2024-6290, CVE-2024-6292, CVE-2024-6293 Use after free in Swiftshader. CVE-2024-6291...

8.8CVSS7.8AI score0.00546EPSS
Exploits4References2
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•87 views

Updated openssh packages fix security vulnerability

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems. CVE-2024-6387...

8.1CVSS7.3AI score0.99506EPSS
Exploits68References3
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•43 views

Updated krb5 packages fix security vulnerabilities

Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References1
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•69 views

Updated libcdio packages fix security vulnerability

Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. CVE-2024-36600...

8.4CVSS8AI score0.00363EPSS
Exploits1References2
Mageia
Mageia
•added 2024/07/03 4:36 p.m.•58 views

Updated dcmtk packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images. CVE-2024-28130 Segmentation faults due to incorrect typecast CVE-2024-34508 Segmentation fault via invalid DIMSE message CVE-2024-34509...

7.5CVSS6.7AI score0.01692EPSS
Exploits3References2
Mageia
Mageia
•added 2024/07/02 4:23 p.m.•21 views

Updated espeak-ng packages fix security vulnerabilities

It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...

5.5CVSS8.2AI score0.00405EPSS
Exploits5References2
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•17 views

Updated python-imageio packages fix security vulnerability

imageio can attempt to download shared freeimage libraries from https://github.com/imageio/imageio-binaries/tree/master/freeimage. The code fetches straight from master and provides no way of verifying whether the correct file was fetched. As a result, if the repository is attacked in the future,...

7.5AI score
Exploits0References1
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•87 views

Updated openssl packages fix security vulnerability

SSLselectnextproto buffer overread. CVE-2024-5535...

9.1CVSS7.1AI score0.05582EPSS
Exploits1References2
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•66 views

Updated ffmpeg packages fix security vulnerabilities

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the setencoderid function in /fftools/ffmpegenc.c component. CVE-2023-50010 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary...

8CVSS7.8AI score0.00479EPSS
Exploits1References2
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•44 views

Updated python-idna packages fix security vulnerability

mingw-python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode...

7.5CVSS6.8AI score0.01386EPSS
Exploits1References2
Mageia
Mageia
•added 2024/07/01 5:53 p.m.•51 views

Updated gdb packages fix security vulnerabilities

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE-2022-4285 A potential heap based buffer overflow was found in...

6.5CVSS8.1AI score0.00895EPSS
Exploits2References2
Mageia
Mageia
•added 2024/06/28 2:41 a.m.•25 views

Updated libopenmpt packages fix security vulnerabilities

Possible out-of-bounds read or write when reading malformed MED files. r19389. Null-pointer write 32bit platforms or excessive memory allocation 64bit platforms when reading close to 4GiB of data from unseekable files r20336, r20338. Write buffer overflow when reading unseekable files close to 4G...

7.8AI score
Exploits0References6
Mageia
Mageia
•added 2024/06/28 2:41 a.m.•30 views

Updated erofs-utils packages fix security vulnerabilities

Heap Buffer Overflow in the erofsfsckdirentiter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

7.8CVSS7.9AI score0.00815EPSS
Exploits2References2
Mageia
Mageia
•added 2024/06/28 2:41 a.m.•58 views

Updated libheif packages fix security vulnerabilities

Yuchuan Meng discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464...

8.8CVSS7.3AI score0.00804EPSS
Exploits4References2
Mageia
Mageia
•added 2024/06/27 5:12 p.m.•54 views

Updated wget packages fix security vulnerability

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. CVE-2024-38428...

9.1CVSS7.1AI score0.00672EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/25 4:12 p.m.•55 views

Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS7.2AI score0.00382EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/25 4:12 p.m.•17 views

Updated emacs packages fix security vulnerability

Arbitrary shell command evaluation in Org mode GNU Emacs...

7.5AI score
Exploits0References3
Mageia
Mageia
•added 2024/06/25 4:12 p.m.•32 views

Updated python-ansible-core packages fix security vulnerability

ansible-core: possible information leak in tasks that ignore ANSIBLENOLOG configuration CVE-2024-0690...

5.5CVSS7AI score0.00301EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•53 views

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 High CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel on 2024-05-31 High CVE-2024-6102: Out of bounds memory acces...

8.8CVSS7.5AI score0.01123EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•50 views

Updated python-gunicorn packages fix security vulnerability

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7AI score0.02996EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•85 views

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

7.5CVSS7AI score0.03397EPSS
Exploits0References3
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•48 views

Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6AI score0.00666EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/24 7:4 p.m.•95 views

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

8.8CVSS6.8AI score0.0178EPSS
Exploits3References4
Mageia
Mageia
•added 2024/06/22 5:32 p.m.•50 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...

8.6CVSS7.8AI score0.0107EPSS
Exploits1References3
Mageia
Mageia
•added 2024/06/20 5:46 p.m.•72 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 126.0.6478.61 release. It includes 21 security fixes. Some of them are: High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24 High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuz...

8.8CVSS8.4AI score0.00924EPSS
Exploits1References3
Mageia
Mageia
•added 2024/06/20 2:32 a.m.•38 views

Updated flatpak packages fix security vulnerability

A malicious or compromised Flatpak app could execute arbitrary code outside its sandbox...

8.4CVSS7.7AI score0.00512EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/20 2:32 a.m.•57 views

Updated python-scikit-learn packages fix security vulnerability

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS6.6AI score0.00187EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/17 5:44 p.m.•56 views

Updated libndp packages fix security vulnerabilities

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information...

8.1CVSS7AI score0.01165EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/17 5:44 p.m.•46 views

Updated cups packages fix security vulnerability

When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target...

6.7CVSS7AI score0.02421EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/17 5:44 p.m.•31 views

Updated iperf packages fix security vulnerability

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.7AI score0.01107EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/15 11:7 p.m.•47 views

Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

8.5CVSS7.5AI score0.01016EPSS
Exploits2References2
Mageia
Mageia
•added 2024/06/15 11:7 p.m.•41 views

Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

6.7CVSS7.6AI score0.00346EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/15 11:7 p.m.•53 views

Updated nss & firefox packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...

8.6CVSS7.9AI score0.0107EPSS
Exploits1References4
Mageia
Mageia
•added 2024/06/14 5:30 p.m.•51 views

Updated vte packages fix security vulnerability

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535...

4.4CVSS7.2AI score0.00238EPSS
Exploits0References3
Mageia
Mageia
•added 2024/06/14 5:30 p.m.•40 views

Updated aom packages fix security vulnerability

Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: Calling aomimgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and so...

10CVSS7.7AI score0.01254EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/14 5:30 p.m.•35 views

Updated libvpx packages fix security vulnerabilities

There exists integer overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...

9.1CVSS7.3AI score0.00814EPSS
Exploits1References2
Mageia
Mageia
•added 2024/06/14 1:31 a.m.•23 views

Updated poppler packages fix security vulnerability

Out-of-bounds array write. CVE-2024-4141...

5.5CVSS7AI score0.0018EPSS
Exploits0References2
Total number of security vulnerabilities6009