Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
added 2024/04/10 4:3 a.m.47 views

Updated libreoffice packages fix security vulnerabilities

Improper input validation enabling arbitrary Gstreamer pipeline injection. CVE-2023-6185 Link targets allow arbitrary script execution. CVE-2023-6186...

8.8CVSS8AI score0.01017EPSS
Exploits0References4
Mageia
Mageia
added 2024/04/10 4:3 a.m.34 views

Updated gstreamer1.0 packages fix vulnerability

Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9 It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation...

8.8CVSS8.4AI score0.01559EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/10 4:3 a.m.61 views

Updated xen packages fix security vulnerabilities

x86: shadow stack vs exceptions from emulation stubs. CVE-2023-46841 x86: Register File Data Sampling. CVE-2023-28746 GhostRace: Speculative Race Conditions. CVE-2024-2193...

6.5CVSS7.3AI score0.01231EPSS
Exploits0References4
Mageia
Mageia
added 2024/04/06 10:16 p.m.44 views

Updated libreswan packages fix security vulnerabilities

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

6.5CVSS6.8AI score0.00944EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/06 10:16 p.m.48 views

Updated libvirt packages fix security vulnerability

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

6.2CVSS7AI score0.00364EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/06 7:53 p.m.62 views

Updated util-linux packages fix security vulnerability

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

3.3CVSS6.8AI score0.02242EPSS
Exploits3References3
Mageia
Mageia
added 2024/04/05 10:26 p.m.39 views

Updated dav1d packages fix security vulnerability

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. CVE-2024-1580...

8.8CVSS7.7AI score0.01835EPSS
Exploits0References2
Mageia
Mageia
added 2024/04/05 6:24 p.m.49 views

Updated texlive-20220321 packages fix security vulnerabilities

LuaTeX before 1.17.0 allows a document compiled with the default settings to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

8.1CVSS7.8AI score0.00902EPSS
Exploits1References2
Mageia
Mageia
added 2024/04/05 6:24 p.m.48 views

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 123.0.6312.105 release. Since the last update 120.0.6099.224, 66 vulnerabilities are fixed, including: High CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao @Kipreyyy on 2024-03-12 High CVE-2024-3158: Use aft...

8.8CVSS7.5AI score0.01599EPSS
Exploits0References13
Mageia
Mageia
added 2024/04/05 6:24 p.m.72 views

Updated nodejs packages fix security vulnerabilities

Nodejs 20.12.1 release fixes 2 CVE: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::Http2Session leads to HTTP/2 server crash- High CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - Medium...

8.2CVSS7.7AI score0.87211EPSS
Exploits1References2
Mageia
Mageia
added 2024/04/04 8:26 p.m.58 views

Updated python-pygments packages fix security vulnerability

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

5.5CVSS6.9AI score0.00503EPSS
Exploits1References2
Mageia
Mageia
added 2024/04/01 7:50 p.m.54 views

Updated w3m packages fix security vulnerabilities

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. CVE-2023-38252 An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an...

5.5CVSS6.6AI score0.00355EPSS
Exploits4References2
Mageia
Mageia
added 2024/04/01 7:50 p.m.35 views

Updated unixODBC packages fix security vulnerability

It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash...

7.8CVSS8AI score0.00284EPSS
Exploits0References2
Mageia
Mageia
added 2024/03/31 3:27 a.m.53 views

Updated microcode packages fix security vulnerabilities

Protection mechanism failure in some 3rd and 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-22655 Information exposure through microarchitectural state after transient...

6.5CVSS7.8AI score0.0075EPSS
Exploits0References3
Mageia
Mageia
added 2024/03/31 3:27 a.m.125 views

Updated squid packages fix security vulnerabilities

Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squ...

8.6CVSS7.3AI score0.88864EPSS
Exploits1References3
Mageia
Mageia
added 2024/03/31 3:27 a.m.45 views

Updated opensc packages fix security vulnerability

Side-channel leaks while stripping encryption PKCS1.5 padding in OpenSC. CVE-2023-5992...

5.9CVSS7.3AI score0.01156EPSS
Exploits1References3
Mageia
Mageia
added 2024/03/31 3:27 a.m.46 views

Updated emacs packages fix security vulnerabilities

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. CVE-2024-30202 In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

7.8CVSS7.7AI score0.01108EPSS
Exploits0References3
Mageia
Mageia
added 2024/03/31 3:27 a.m.39 views

Updated aide & mhash packages fix security vulnerability

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow. CVE-2021-45417...

7.8CVSS7.2AI score0.00493EPSS
Exploits1References5
Mageia
Mageia
added 2024/03/29 3:49 a.m.61 views

Updated curl packages fix security vulnerabilities

CVE-2024-2004: Usage of disabled protocol If all protocols are disabled at run-time with none being added, curl/libcurl would still allow communication with the default set of allowed protocols, including some that are unencrypted. CVE-2024-2398: HTTP/2 push headers memory-leak A memory leak coul...

8.6CVSS7.2AI score0.36081EPSS
Exploits4References3
Mageia
Mageia
added 2024/03/28 3:52 a.m.69 views

Updated python3, python packages fix security vulnerabilities

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 The zipfile module is...

7.8CVSS6.6AI score0.00333EPSS
Exploits0References3
Mageia
Mageia
added 2024/03/28 3:52 a.m.23 views

Updated kernel-linus packages fix bugs and provide mitigations

Upstream kernel version 6.6.22 contains bug fixes and mitigations. For information about the mitigations see the changelog...

5.8AI score
Exploits0References5
Mageia
Mageia
added 2024/03/28 3:52 a.m.39 views

Updated tcpreplay packages fix security vulnerabilities

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpeditdltcleanup function within plugins/dltplugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a...

6.5CVSS6.5AI score0.00673EPSS
Exploits2References2
Mageia
Mageia
added 2024/03/28 3:52 a.m.61 views

Updated grub2 packages fix security vulnerabilities

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...

7.8CVSS8.1AI score0.00542EPSS
Exploits2References2
Mageia
Mageia
added 2024/03/27 7:40 p.m.68 views

Updated thunderbird packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS8.4AI score0.01285EPSS
Exploits4References3
Mageia
Mageia
added 2024/03/27 7:24 p.m.38 views

Updated clojure packages fix security vulnerability

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 function. CVE-2024-22871...

7.5CVSS6.7AI score0.01533EPSS
Exploits1References2
Mageia
Mageia
added 2024/03/27 7:24 p.m.78 views

Updated nss firefox, nss packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS8.5AI score0.047EPSS
Exploits4References6
Mageia
Mageia
added 2024/03/27 3:9 a.m.29 views

Updated kernel,kmod-xtables-addons,kmod-virtualbox packages fix bugs and provide mitigations

Upstream kernel version 6.6.22 contain bug fixes and mitigations. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the mitigations see the changelog...

7AI score
Exploits0References5
Mageia
Mageia
added 2024/03/26 10:2 p.m.77 views

Updated tomcat packages fix security vulnerabilities

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. CVE-2024-23672 Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apach...

7.5CVSS7.3AI score0.23072EPSS
Exploits1References3
Mageia
Mageia
added 2024/03/26 8:0 a.m.47 views

Updated gnutls packages fix security vulnerabilities

The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits,...

5.3CVSS6.6AI score0.00718EPSS
Exploits0References2
Mageia
Mageia
added 2024/03/25 9:37 p.m.38 views

Updated curaengine & blender packages fix security vulnerability

stbimage.h v2.27 was discovered to contain an integer overflow via the function stbijpegdecodeblockprogdc. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2022-28041...

6.5CVSS7.7AI score0.02069EPSS
Exploits1References4
Mageia
Mageia
added 2024/03/24 4:57 a.m.81 views

Updated libreswan packages fix security vulnerabilities

The updated package fixes security vulnerabilities: pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via unauthenticated IKEv1 Aggressive Mode packets. CVE-2023-30570 An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY...

7.5CVSS7.3AI score0.01175EPSS
Exploits0References7
Mageia
Mageia
added 2024/03/24 4:57 a.m.47 views

Updated freeimage packages fix security vulnerabilities

Buffer Overflow vulnerability in FreeImageAllocateBitmap. CVE-2023-47995 Infinite loop exits in Load in PluginTIFF.cpp. CVE-2023-47997...

6.5CVSS6.9AI score0.00883EPSS
Exploits1References2
Mageia
Mageia
added 2024/03/24 4:57 a.m.49 views

Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

7.5CVSS6.8AI score0.01028EPSS
Exploits0References4
Mageia
Mageia
added 2024/03/23 1:0 a.m.105 views

Updated python python3 packages fix security vulnerabilities

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

9.8CVSS7.4AI score0.20459EPSS
Exploits8References8
Mageia
Mageia
added 2024/03/22 12:19 a.m.47 views

Updated apache-mod_auth_openidc packages fix security vulnerability

Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...

7.5CVSS6.9AI score0.01261EPSS
Exploits1References3
Mageia
Mageia
added 2024/03/22 12:19 a.m.56 views

Updated fontforge packages fix security vulnerabilities

Splinefont in FontForge through 20230101 allows command injection via crafted filenames. CVE-2024-25081 Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. CVE-2024-25082...

6.5CVSS7.5AI score0.0187EPSS
Exploits2References4
Mageia
Mageia
added 2024/03/22 12:19 a.m.67 views

Updated ffmpeg packages fix security vulnerability

Out of array access in avformat/rtsp. CVE-2023-47342...

7.1AI score
Exploits0References2
Mageia
Mageia
added 2024/03/22 12:19 a.m.57 views

Updated nodejs-tough-cookie packages fix security vulnerability

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. CVE-2023-26136...

9.8CVSS6.8AI score0.02542EPSS
Exploits2References2
Mageia
Mageia
added 2024/03/22 12:19 a.m.47 views

Updated libuv packages fix security vulnerability

It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...

7.3CVSS7AI score0.02003EPSS
Exploits1References4
Mageia
Mageia
added 2024/03/21 4:56 a.m.46 views

Updated python-scipy packages fix security vulnerability

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in PyFindObjects function. CVE-2023-25399...

5.5CVSS7.2AI score0.00378EPSS
Exploits1References2
Mageia
Mageia
added 2024/03/20 9:19 p.m.48 views

Updated libtiff packages fix security vulnerabilities

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service application crash or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVE-2023-40745 A vulnerability was found in libtiff due to...

6.5CVSS8AI score0.01131EPSS
Exploits0References2
Mageia
Mageia
added 2024/03/20 3:35 a.m.73 views

Updated sqlite3 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Heap buffer overflow in sqlite. CVE-2023-2137 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make...

8.8CVSS7.6AI score0.01249EPSS
Exploits1References3
Mageia
Mageia
added 2024/03/20 3:35 a.m.59 views

Updated cherrytree packages fix security vulnerability

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. CVE-2022-35133...

6.1CVSS5.8AI score0.00421EPSS
Exploits0References1
Mageia
Mageia
added 2024/03/20 3:35 a.m.55 views

Updated python-django package fixes a security vulnerability

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. CVE-2024-27351...

5.3CVSS6.7AI score0.01854EPSS
Exploits0References1
Mageia
Mageia
added 2024/03/20 3:35 a.m.44 views

Updated qpdf packages fix security vulnerability

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h. CVE-2024-24246...

5.5CVSS6.9AI score0.00436EPSS
Exploits1References2
Mageia
Mageia
added 2024/03/18 4:12 p.m.73 views

Updated multipath-tools packages fix security vulnerabilities

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

7.8CVSS7.3AI score0.00658EPSS
Exploits5References7
Mageia
Mageia
added 2024/03/18 4:12 p.m.92 views

Updated apache-mod_security-crs packages fix security vulnerabilities

A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function name such as "if" and b is the SQL statement to be executed. CVE-2018-16384 Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 h...

9.8CVSS8.6AI score0.02542EPSS
Exploits3References6
Mageia
Mageia
added 2024/03/18 4:12 p.m.54 views

Updated expat packages fix security vulnerabilities

It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. CVE-2023-52425, CVE-2024-28757...

7.5CVSS7.4AI score0.02006EPSS
Exploits2References2
Mageia
Mageia
added 2024/03/16 4:28 p.m.82 views

Updated jackson-databind packages fix security vulnerabilities

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value...

7.5CVSS7.1AI score0.0486EPSS
Exploits4References9
Mageia
Mageia
added 2024/03/16 4:28 p.m.52 views

Updated batik packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. CVE-2022-38398 Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacke...

7.5CVSS7.5AI score0.05791EPSS
Exploits1References8
Total number of security vulnerabilities6009