Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2024/03/16 1:42 a.m.•66 views

Updated jupyter-notebook packages fix security vulnerabilities

Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...

7.5CVSS7.2AI score0.05664EPSS
Exploits1References4
Mageia
Mageia
•added 2024/03/15 10:51 p.m.•73 views

Updated imagemagick packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation...

7.5CVSS7.1AI score0.0272EPSS
Exploits2References2
Mageia
Mageia
•added 2024/03/15 10:51 p.m.•45 views

Updated ncurses packages fix security vulnerability

The updated packages fix a security vulnerability: Local users can trigger security-relevant memory corruption via malformed data. CVE-2023-29491...

7.8CVSS7.5AI score0.00923EPSS
Exploits1References5
Mageia
Mageia
•added 2024/03/15 10:51 p.m.•60 views

Updated yajl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminatin...

7.5CVSS6.8AI score0.03735EPSS
Exploits2References3
Mageia
Mageia
•added 2024/03/15 4:49 p.m.•35 views

Updated irssi packages fix security vulnerabilities

The updated packages fix a security vulnerability: Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. CVE-2023-29132...

5.3CVSS7.5AI score0.00808EPSS
Exploits0References3
Mageia
Mageia
•added 2024/03/15 2:49 a.m.•58 views

Updated mplayer packages fix security vulnerabilities

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config of llibmpcodecs/vfscale.c. CVE-2022-38850 Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function readmetarecord of mplayer/libmpdemux/asfheader.c. This affects...

5.5CVSS7.1AI score0.00344EPSS
Exploits9References1
Mageia
Mageia
•added 2024/03/15 2:49 a.m.•92 views

Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. CVE-2024-20918 RSA padding issue and timing side-channel attack against TLS. CVE-2024-20952 Arbitrary Java code execution in Nashorn. CVE-2024-20926 JVM class file verifier fla...

7.4CVSS7.8AI score0.01026EPSS
Exploits0References4
Mageia
Mageia
•added 2024/03/14 7:34 p.m.•31 views

Updated fonttools packages fix security vulnerabilities

As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...

7.5CVSS7.2AI score0.01228EPSS
Exploits1References3
Mageia
Mageia
•added 2024/03/14 5:25 p.m.•50 views

Updated libgit2 packages fix security vulnerabilities

When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. CVE-2023-22742 Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. CVE-2024-24577...

9.8CVSS8.3AI score0.01546EPSS
Exploits0References5
Mageia
Mageia
•added 2024/03/14 5:25 p.m.•59 views

Updated open-vm-tools packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. CVE-2023-20867 SAML token signature bypass. CVE-2023-34058 File descriptor hijack vulnerability in the vmware-user-suid-wrapper. CVE-2023-34059...

7.5CVSS7.5AI score0.13638EPSS
Exploits0References6
Mageia
Mageia
•added 2024/03/13 11:14 p.m.•30 views

Updated screen packages fix security vulnerability

The updated package fixes a security vulnerability: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the...

6.5CVSS6.6AI score0.0054EPSS
Exploits3References2
Mageia
Mageia
•added 2024/03/13 11:14 p.m.•110 views

Updated java-17-openjdk packages fix security vulnerabilities

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

7.5CVSS7.5AI score0.014EPSS
Exploits0References3
Mageia
Mageia
•added 2024/03/12 12:30 a.m.•55 views

Updated thunderbird packages fix security vulnerability and make improvements

Mozilla fixed some bugs and security vulnerability CVE-2024-1936...

7.5CVSS7.5AI score0.00682EPSS
Exploits1References3
Mageia
Mageia
•added 2024/03/12 12:30 a.m.•69 views

Updated libtiff packages fix security vulnerability

A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356...

7.5CVSS7.1AI score0.02187EPSS
Exploits0References3
Mageia
Mageia
•added 2024/03/06 4:53 p.m.•55 views

Updated wpa_supplicant packages fix security vulnerabilities

The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...

6.5CVSS7.4AI score0.01177EPSS
Exploits0References4
Mageia
Mageia
•added 2024/02/29 5:41 p.m.•31 views

Updated sympa packages fix security vulnerabilities

Sympa 6.2.72 fixes many bugs, including the security one related in CVE-2021-32850 It is required to manually run sympa upgrade after get this update...

6.1CVSS7.3AI score0.00802EPSS
Exploits1References3
Mageia
Mageia
•added 2024/02/28 5:47 a.m.•53 views

Updated c-ares packages fix security vulnerabilities

The updated packages fix a security vulnerability: Out of bounds read in aresreadline. CVE-2024-25629...

5.5CVSS6.7AI score0.00349EPSS
Exploits0References1
Mageia
Mageia
•added 2024/02/27 1:21 a.m.•50 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by select element. CVE-2024-1548 Custom cursor could obscure the...

8.1CVSS7.4AI score0.00937EPSS
Exploits1References3
Mageia
Mageia
•added 2024/02/27 1:8 a.m.•69 views

Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References4
Mageia
Mageia
•added 2024/02/24 10:51 p.m.•55 views

Updated clamav packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A possible heap overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. CVE-2024-20290 A possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. CVE-2024-20328...

7.5CVSS8.1AI score0.84841EPSS
Exploits0References2
Mageia
Mageia
•added 2024/02/24 10:51 p.m.•55 views

Updated xen, qemu and libvirt packages fix security vulnerabilities

This update fixes several security issues and also improves stability...

7.1CVSS7.6AI score0.00805EPSS
Exploits0References4
Mageia
Mageia
•added 2024/02/22 10:20 p.m.•66 views

Updated nodejs yarnpkg packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...

7.8CVSS8AI score0.03168EPSS
Exploits0References6
Mageia
Mageia
•added 2024/02/20 6:28 a.m.•63 views

Updated wireshark packages fix security vulnerabilities

The updated packages fix security vulnerabilities: RTPS dissector memory leak. CVE-2023-5371 SSH dissector invalid read of memory blocks. CVE-2023-6174 NetScreen File Parsing Heap-based Buffer Overflow. CVE-2023-6175 GVCP dissector crash via packet injection or crafted capture file. CVE-2024-0208...

7.8CVSS7.3AI score0.03456EPSS
Exploits2References2
Mageia
Mageia
•added 2024/02/19 6:16 p.m.•57 views

Updated radare2 packages fix security vulnerabilities

This update fixes two security issues: CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c...

9.8CVSS7.4AI score0.00926EPSS
Exploits2References2
Mageia
Mageia
•added 2024/02/19 5:35 p.m.•53 views

Updated ruby-rack fixes a vulnerability and some bugs

This update to 2.2.8 fixes CVE-2023-27539 and some bugs...

5.3CVSS7.4AI score0.01063EPSS
Exploits0References3
Mageia
Mageia
•added 2024/02/19 5:35 p.m.•37 views

Updated postgresql15 and postgresql13 packages fix a security vulnerability

The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...

8CVSS7.5AI score0.01465EPSS
Exploits0References2
Mageia
Mageia
•added 2024/02/18 1:49 a.m.•99 views

Updated dnsmasq packages fix security vulnerabilities

This updated dnsmasq package fixes security issues: Certain DNSSEC aspects of the DNS protocol allow a remote attacker to trigger a denial of service via extreme consumption of resource caused by DNSSEC query or response: - KeyTrap - Extreme CPU consumption in DNSSEC validator. CVE-2023-50387 -...

7.5CVSS7.2AI score0.99995EPSS
Exploits1References2
Mageia
Mageia
•added 2024/02/17 12:55 a.m.•41 views

Updated vim packages fix a security vulnerability

The updated packages fix a security vulnerability: Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667...

7.8CVSS7.8AI score0.00563EPSS
Exploits1References2
Mageia
Mageia
•added 2024/02/17 12:55 a.m.•74 views

Updated unbound packages fix security vulnerabilities

Unbound is updated to version 1.9.1 to fix security issues CVE-2023-50387 and CVE-2023-50868...

7.5CVSS7.5AI score0.99995EPSS
Exploits1References3
Mageia
Mageia
•added 2024/02/15 6:36 p.m.•111 views

Updated bind packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. CVE-2023-4408 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. CVE-2023-5517 Enabling both DNS64 and serve-stale may cause an assertion...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References7
Mageia
Mageia
•added 2024/02/14 11:2 p.m.•88 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

6.5CVSS7.4AI score0.04459EPSS
Exploits0References6
Mageia
Mageia
•added 2024/02/14 11:2 p.m.•25 views

Updated mbedtls packages fix security vulnerabilities

This update brings the mbedtls packages from 2.28.3 to the latest 2.28.7 release in the LTS branch, fixing a number of bugs as well the following security vulnerabilities: - Buffer overread in TLS stream cipher suites. - Timing side channel in private key RSA operations. - Buffer overflow in...

7.8AI score
Exploits0References9
Mageia
Mageia
•added 2024/02/10 7:2 p.m.•120 views

Updated xpdf packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. CVE-2022-30524 Integer overflow in rasterizer. CVE-2022-30775 PDF object loop in Catalog::countPageTree. CVE-2022-33108 PDF object loop in AcroForm::scanField. CVE-2022-36561 Logic bug in...

9.1CVSS6.3AI score0.01599EPSS
Exploits17References2
Mageia
Mageia
•added 2024/02/10 1:3 a.m.•64 views

Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References2
Mageia
Mageia
•added 2024/02/09 2:45 a.m.•62 views

Updated kernel packages fix security vulnerabilities and other bugs

Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

7.5CVSS7.1AI score0.01177EPSS
Exploits1References17
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•42 views

Updated microcode fixes bugs and a security vulnerability

The updated package contains microcode updates for Intel and AMD CPUs, including a fix for a security vulnerability: Sequence of processor instructions leads to unexpected behavior for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or...

8.8CVSS7.2AI score0.01728EPSS
Exploits0References3
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•61 views

Updated gpac packages fix security vulnerabilities

This update fixes two security vulnerabilities, CVE-2023-3012 and CVE-2023-3291, see the References below...

7.8CVSS6.9AI score0.00398EPSS
Exploits2References1
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•73 views

Updated pam packages fix a security vulnerability

The updated packages fix a security vulnerability: pamnamespace: protectdir: use ODIRECTORY to prevent local DoS situations. CVE-2024-22365...

5.5CVSS6.8AI score0.00459EPSS
Exploits1References2
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•72 views

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated,...

7.5CVSS7.2AI score0.01614EPSS
Exploits2References2
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•69 views

Updated kernel-linus fixes security vulnerabilities and many bugs

Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

7.5CVSS7.1AI score0.01177EPSS
Exploits1References17
Mageia
Mageia
•added 2024/02/09 1:34 a.m.•48 views

Updated postfix packages fix a security vulnerability

Postfix has been updated to fix smtp smuggling, an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than...

5.3CVSS6.8AI score0.02598EPSS
Exploits4References3
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•19 views

Updated dracut package fixes enabling microcode

The updated package fixes enabling early microcode on kernels 6.6+. On affected systems, CPU microcode updates were not loaded. CPU microcode updates are sometimes necessary in order to address important security vulnerabilities. If CPU microcode updates are not properly loaded, these security...

7.5AI score
Exploits0References3
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•65 views

Updated glibc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argumen...

8.4CVSS7.4AI score0.04794EPSS
Exploits9References3
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•55 views

Updated nss and firefox packages fix some security vulnerabilities

Out of bounds write in ANGLE. CVE-2024-0741 Failure to update user input timestamp. CVE-2024-0742 Crash when listing printers on Linux. CVE-2024-0746 Bypass of Content Security Policy when directive unsafe-inline was set. CVE-2024-0747 Phishing site popup could show local origin in address bar...

8.8CVSS9.6AI score0.02155EPSS
Exploits0References3
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•61 views

Updated thunderbird packages fix security vulnerabilities

Out of bounds write in ANGLE. CVE-2024-0741 Failure to update user input timestamp. CVE-2024-0742 Crash when listing printers on Linux. CVE-2024-0746 Bypass of Content Security Policy when directive unsafe-inline was set. CVE-2024-0747 Phishing site popup could show local origin in address bar...

8.8CVSS9.6AI score0.02155EPSS
Exploits0References4
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•52 views

Updated perl packages fix a security vulnerability

The updated packages fix a security vulnerability: Write past buffer end via illegal user-defined Unicode property. CVE-2023-47038...

7.8CVSS7.2AI score0.00832EPSS
Exploits0References2
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•91 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

6.5CVSS7AI score0.04459EPSS
Exploits0References5
Mageia
Mageia
•added 2024/02/04 2:49 a.m.•62 views

Updated x11-server, x11-server-xwayland and tigervnc fix security issues

The updated packages fix security vulnerabilities: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. CVE-2023-6816 Reattaching to different master device may lead to out-of-bounds memory access. CVE-2024-0229 Heap buffer overflow in XISendDeviceHierarchyEvent. CVE-2024-21885 Heap...

9.8CVSS7.6AI score0.02106EPSS
Exploits0References3
Mageia
Mageia
•added 2024/01/30 8:57 p.m.•24 views

Updated zlib packages fix a security vulnerability

Updated zlib packages fix a security vulnerability: Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...

5.5CVSS7.5AI score0.04086EPSS
Exploits0References2
Mageia
Mageia
•added 2024/01/30 8:57 p.m.•75 views

Updated python-pillow packages fix a security vulnerability

This update fixes the following security issue: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter This is a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS7.8AI score0.01703EPSS
Exploits0References1
Total number of security vulnerabilities6009