Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2024/06/14 1:31 a.m.•66 views

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

9.8CVSS6.3AI score0.01952EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/12 4:9 p.m.•38 views

Updated strongswan packages fix security vulnerability

Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2 improvements...

9.8CVSS7.8AI score0.0229EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/08 4:34 p.m.•44 views

Updated 0-plugins-base packages fix security vulnerability

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS8AI score0.01565EPSS
Exploits0References3
Mageia
Mageia
•added 2024/06/07 5:31 p.m.•35 views

Updated plasma-workspace packages fix security vulnerability

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...

7.8CVSS7.5AI score0.00293EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/07 6:1 a.m.•40 views

Updated libtiff packages fix security vulnerability

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. CVE-2023-3164...

5.5CVSS5.8AI score0.00317EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/06 3:48 p.m.•27 views

Updated amavisd-new packages fix security vulnerability

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...

7.4CVSS6.9AI score0.00826EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/06 3:48 p.m.•30 views

Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459...

7.5CVSS7.2AI score0.02298EPSS
Exploits1References3
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•24 views

Updated libreoffice packages fix security vulnerability

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

6.5CVSS6.4AI score0.01008EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•47 views

Updated python-requests packages fix security vulnerability

CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify bsc1224788...

5.6CVSS6.3AI score0.0034EPSS
Exploits0References6
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•61 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2024-05-11 High CVE-2024-5494: Use after free in Dawn. Reported by wgslfu...

8.8CVSS7.5AI score0.00892EPSS
Exploits7References2
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•38 views

Updated webkit2 packages fix security vulnerabilities

The updated packages fix a security vulnerability and other issues...

8.1CVSS6.4AI score0.00603EPSS
Exploits0References4
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•37 views

Updated wireshark packages fix security vulnerabilities

Memory handling issue in editcap could cause denial of service via crafted capture file. CVE-2024-4853 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file. CVE-2024-485...

7.5CVSS7AI score0.00811EPSS
Exploits2References2
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•67 views

Updated git packages fix security vulnerabilities

Updated Git to version 2.41.1 to fix CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465...

9CVSS6.3AI score0.25334EPSS
Exploits34References3
Mageia
Mageia
•added 2024/06/03 6:30 p.m.•43 views

Updated microcode packages fix security vulnerabilities

The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some IntelR Processors may allow an authenticated user to potentially enable partial information disclosure via local access. CVE-2023-45733 Sequence of processor instructions leads to unexpected behavi...

8.2CVSS6.3AI score0.00379EPSS
Exploits0References3
Mageia
Mageia
•added 2024/06/02 3:29 a.m.•67 views

Updated unbound packages fix security vulnerability

Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a DNSBomb...

7.5CVSS6.7AI score0.01729EPSS
Exploits0References2
Mageia
Mageia
•added 2024/06/02 3:29 a.m.•18 views

Updated gifsicle packages fix security vulnerability

gifsicle-1.94 was found to have a floating point exception FPE vulnerability via resizestream at src/xform.c. CVE-2023-46009...

7.8CVSS6.8AI score0.00346EPSS
Exploits1References2
Mageia
Mageia
•added 2024/05/31 3:15 p.m.•33 views

Updated netatalk packages fix security vulnerability

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

10CVSS7.1AI score0.02656EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/31 3:15 p.m.•137 views

Updated python-jinja2 packages fix security vulnerabilities

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...

6.1CVSS6.3AI score0.00979EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/31 3:15 p.m.•52 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent checking DSA keys and parameters. CVE-2024-4603 Use After Free with SSLfreebuffers. CVE-2024-4741...

7.5CVSS7.1AI score0.02945EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/29 6:8 p.m.•39 views

Updated perl-Email-MIME packages fix security vulnerabilities

An excessive memory use issue CWE-770 exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set from 2020 and 2024 limits excessive depth and the total number of parts. CVE-2024-4140...

7.5CVSS7.3AI score0.01132EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/29 6:8 p.m.•34 views

Updated qtnetworkauth5 & qtnetworkauth6 packages fix security vulnerability

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...

9.8CVSS7.2AI score0.0097EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/27 9:11 p.m.•51 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.112 release. It includes 1 security fix. High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20 Google is aware that an explo...

9.6CVSS7.3AI score0.1002EPSS
Exploits3References2
Mageia
Mageia
•added 2024/05/25 11:39 p.m.•27 views

Updated roundcubemail packages fix security vulnerabilities

This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting XSS vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting XSS vulnerability in handling list columns from user preferences...

6.8AI score
Exploits0References2
Mageia
Mageia
•added 2024/05/25 11:39 p.m.•41 views

Updated mariadb packages fix security vulnerability and bugs

Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor site...

4.9CVSS7.3AI score0.00424EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/25 11:39 p.m.•47 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.76 release. It includes 6 security fixes Please, do note, that since some versions ago, only x8664 is supported. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for th...

8.8CVSS8.3AI score0.00772EPSS
Exploits4References1
Mageia
Mageia
•added 2024/05/23 4:22 a.m.•61 views

Updated ghostscript packages fix security vulnerabilities

Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed...

8.8CVSS7.9AI score0.27974EPSS
Exploits6References2
Mageia
Mageia
•added 2024/05/21 11:38 p.m.•53 views

Updated thunderbird packages fix security vulnerabilities

Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...

8.8CVSS8AI score0.72648EPSS
Exploits18References3
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•49 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.60 release. It includes 9 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium...

9.6CVSS7.9AI score0.15111EPSS
Exploits5References2
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•36 views

Updated python-sqlparse packages fix security vulnerability

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

7.5CVSS7.2AI score0.0321EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•28 views

Updated stb packages fix security vulnerabilities

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

9.8CVSS8.1AI score0.0141EPSS
Exploits1References2
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•62 views

Updated nss & firefox packages fix security vulnerabilities

Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...

8.8CVSS8AI score0.72648EPSS
Exploits18References4
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•46 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...

7.8CVSS7.9AI score0.00415EPSS
Exploits1References3
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•55 views

Updated djvulibre packages fix security vulnerabilities

An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero...

6.5CVSS7.1AI score0.00869EPSS
Exploits2References2
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•31 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. CVE-2024-4317...

4.3CVSS7.3AI score0.00722EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•27 views

Updated vim packages fix security vulnerability

Buffer overflow in xxd with colored output...

7.6AI score
Exploits0References2
Mageia
Mageia
•added 2024/05/21 11:17 p.m.•43 views

Updated python-pymongo packages fix security vulnerability

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

7.3AI score
Exploits0References2
Mageia
Mageia
•added 2024/05/17 6:43 p.m.•39 views

Updated golang packages fix security vulnerability

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. CVE-2024-24788...

5.9CVSS6.3AI score0.01001EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/16 5:29 p.m.•37 views

Updated ghostscript packages fix security vulnerability

An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722...

5.5CVSS7.3AI score0.0033EPSS
Exploits0References3
Mageia
Mageia
•added 2024/05/16 5:29 p.m.•56 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 124.0.6367.207 release. It includes 4 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...

9.6CVSS8.5AI score0.11007EPSS
Exploits4References4
Mageia
Mageia
•added 2024/05/16 5:29 p.m.•89 views

Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities

Long Exception message leading to crash. CVE-2024-21011 HTTP/2 client improper reverse DNS lookup. CVE-2024-21012 Integer overflow in C1 compiler address generation. CVE-2024-21068 Pack200 excessive memory allocation. CVE-2024-21085 C2 compilation fails with "Exceeded noderegs array". CVE-2024-21...

3.7CVSS7.5AI score0.01361EPSS
Exploits0References5
Mageia
Mageia
•added 2024/05/15 5:32 a.m.•35 views

Updated tcpdump packages fix security vulnerability

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. CVE-2024-2397...

6.2CVSS7.1AI score0.00289EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/15 5:32 a.m.•35 views

Updated sssd packages fix security vulnerability

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758...

7.1CVSS7AI score0.01033EPSS
Exploits1References3
Mageia
Mageia
•added 2024/05/13 2:23 p.m.•35 views

Updated mutt packages fix security vulnerabilities

Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 1.5.2 2.2.12. CVE-2023-4875...

6.5CVSS7.2AI score0.00719EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/10 4:9 p.m.•40 views

Updated libnbd packages fix security vulnerability

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 the NBD spec states the size is a 64-bit unsigned value. This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbdgetsize function...

6.5CVSS7.1AI score0.00746EPSS
Exploits1References2
Mageia
Mageia
•added 2024/05/10 4:9 p.m.•69 views

Updated glibc packages fix security vulnerabilities

Stack-based buffer overflow in netgroup cache: If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. CVE-2024-33599 Null pointer crashes after notfound response: If t...

8.1CVSS7.9AI score0.0131EPSS
Exploits0References1
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•64 views

Updated ruby packages fix security vulnerabilities

Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...

9.8CVSS6.8AI score0.02364EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•51 views

Updated libtiff packages fix security vulnerability

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. CVE-2023-6228...

5.5CVSS6AI score0.00399EPSS
Exploits0References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•38 views

Updated zziplib packages fix security vulnerability

An issue was discovered in function zzipdiskentrytofileheader in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. CVE-2020-18770...

5.5CVSS7.2AI score0.00317EPSS
Exploits1References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•31 views

Updated exfatprogs packages fix security vulnerability

exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in readfiledentryset. CVE-2023-45897...

5.5CVSS7.3AI score0.00381EPSS
Exploits1References2
Mageia
Mageia
•added 2024/05/09 2:40 a.m.•48 views

Updated php-tcpdf packages fix security vulnerability

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color. CVE-2024-22640...

7.5CVSS7AI score0.01325EPSS
Exploits1References2
Total number of security vulnerabilities6009