Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2023/11/20 10:4 a.m.•181 views

Updated haproxy packages fix security vulnerability

Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates. Use a check script to have config check result in error log on failure. Fix...

7.2CVSS7.3AI score0.01815EPSS
Exploits1References2
Mageia
Mageia
•added 2023/11/20 10:4 a.m.•44 views

Updated tigervnc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. CVE-2023-5367 Use-after-free bug in DestroyWindow. CVE-2023-5380...

7.8CVSS7AI score0.00715EPSS
Exploits0References3
Mageia
Mageia
•added 2023/11/20 10:4 a.m.•89 views

Updated chromium-browser-stable packages fix bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105; some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonse...

8.8CVSS7.9AI score0.30339EPSS
Exploits0References5
Mageia
Mageia
•added 2023/11/15 11:35 a.m.•68 views

Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error cou...

5.3CVSS6.5AI score0.05848EPSS
Exploits2References3
Mageia
Mageia
•added 2023/11/15 11:35 a.m.•54 views

Updated freerdp packages fix security vulnerabilities

This issue affects Clients only: Integer underflow leading to DOS e.g. abort due to WINPRASSERT with default compilation flags. When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service DOS vulnerability...

9.8CVSS6.7AI score0.01432EPSS
Exploits10References2
Mageia
Mageia
•added 2023/11/12 12:44 a.m.•70 views

Updated quictls packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

7.5CVSS6.8AI score0.03332EPSS
Exploits0References1
Mageia
Mageia
•added 2023/11/12 12:44 a.m.•47 views

Updated vorbis-tools packages fix a security vulnerability

The upstream patch to fix CVE-2023-43361 was added...

7.8CVSS6.8AI score0.00448EPSS
Exploits1References1
Mageia
Mageia
•added 2023/11/09 11:37 p.m.•52 views

Updated vim packages fix a security vulnerability

The updated packages fix a security vulnerability: Integer overflow in :history Ex-Command in Vim 9.0.2068...

5.5CVSS7.6AI score0.00366EPSS
Exploits1References2
Mageia
Mageia
•added 2023/11/09 11:37 p.m.•70 views

Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...

9.3CVSS7.4AI score0.85944EPSS
Exploits0References4
Mageia
Mageia
•added 2023/11/09 12:55 p.m.•51 views

Updated gnome-shell packages fix a security vulnerability

The updated packages fix a security vulnerability: GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. CVE-2023-43090...

5.5CVSS7.1AI score0.00311EPSS
Exploits1References2
Mageia
Mageia
•added 2023/11/09 12:55 p.m.•101 views

Updated zlib packages fix a security vulnerability

The updated packages fix a security vulnerability: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. CVE-2023-45853...

9.8CVSS7.8AI score0.02918EPSS
Exploits0References2
Mageia
Mageia
•added 2023/11/09 12:55 p.m.•71 views

Updated openssl packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

7.5CVSS7.3AI score0.03332EPSS
Exploits0References1
Mageia
Mageia
•added 2023/11/06 11:8 p.m.•45 views

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

9.8CVSS10AI score0.01585EPSS
Exploits0References3
Mageia
Mageia
•added 2023/11/06 11:8 p.m.•57 views

Updated x11-server packages fix security vulnerabilities

The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. CVE-2023-5367 Use-after-free bug in DestroyWindow. CVE-2023-5380 Use-after-free bug in DamageDestroy. CVE-2023-5574...

7.8CVSS7.3AI score0.00715EPSS
Exploits0References2
Mageia
Mageia
•added 2023/11/06 11:8 p.m.•41 views

Updated libsndfile packages fix a security vulnerability

Add upstream patch to fix CVE-2022-33065...

7.8CVSS7.2AI score0.00351EPSS
Exploits1References2
Mageia
Mageia
•added 2023/11/06 11:8 p.m.•59 views

Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

9.8CVSS10AI score0.01585EPSS
Exploits0References4
Mageia
Mageia
•added 2023/10/30 11:5 p.m.•40 views

Updated chromium-browser-stable packages fix bugs including security vulnerabilities

The chromium-browser-stable package has been updated to the 118.0.5993.117 release, fixing bugs and 3 vulnerabilities, together with 118.0.5993.88; some of them are listed below: High CVE-2023-5472: Use after free in Profiles...

8.8CVSS7.1AI score0.01234EPSS
Exploits0References3
Mageia
Mageia
•added 2023/10/27 9:49 p.m.•61 views

Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVE-2023-5535...

7.8CVSS7.1AI score0.00539EPSS
Exploits2References2
Mageia
Mageia
•added 2023/10/27 9:49 p.m.•73 views

Updated bind packages fix security vulnerabilities

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

7.5CVSS6.9AI score0.02626EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/27 9:49 p.m.•103 views

Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST cve.mitre.org When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were n...

7.5CVSS7.5AI score0.70595EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/25 6:17 p.m.•44 views

Updated python-nltk package fixes a security vulnerability

python-nltk 3.6.6 update resolves ReDoS opportunity by fixing incorrectly specified regex...

7.5CVSS7.1AI score0.01649EPSS
Exploits1References1
Mageia
Mageia
•added 2023/10/24 5:25 p.m.•35 views

Updated redis package fixes a security vulnerability

Redis upstream published a fix for CVE-2023-45145. CVE-2023-45145: The wrong order of listen2 and chmod2 calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup...

3.6CVSS7AI score0.00444EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/23 10:5 p.m.•32 views

Updated libcue packages fix a security vulnerability

Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it is then automatically scanned by tracker-miners. And because it has a .c...

8.8CVSS7.5AI score0.1657EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•55 views

Updated cadence packages fix security vulnerabilities

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. CVE-2023-43782 Cadence through 0.9.2 2023-08-21 uses...

7.5CVSS7.1AI score0.00614EPSS
Exploits2References2
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•48 views

Updated libxml2 packages fix a security vulnerability

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. CVE-2023-45322...

6.5CVSS7AI score0.00826EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•69 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often...

9.8CVSS9.5AI score0.00978EPSS
Exploits3References8
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•52 views

Updated shadow-utils packages fix a security vulnerability

The updated packages fix a security vulnerability: Potential password leak. CVE-2023-4641...

5.5CVSS7.2AI score0.00257EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•63 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be...

9.8CVSS9.5AI score0.00978EPSS
Exploits3References8
Mageia
Mageia
•added 2023/10/22 9:4 p.m.•74 views

Updated nodejs packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References4
Mageia
Mageia
•added 2023/10/20 8:34 a.m.•53 views

Updated libxpm packages fix security vulnerabilities

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system. CVE-2023-43788 Out of bounds read on XPM with corrupted colormap...

5.5CVSS6.6AI score0.00365EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/20 8:34 a.m.•40 views

Updated ruby-RedCloth packages fix a security vulnerability

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload. CVE-2023-31606...

7.5CVSS6.8AI score0.01513EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/19 4:11 p.m.•43 views

Updated ghostscript packages fix security vulnerability

The updated packages fix a security vulnerability: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated...

8.8CVSS7.8AI score0.0468EPSS
Exploits0References3
Mageia
Mageia
•added 2023/10/19 4:11 p.m.•65 views

Updated chromium-browser-stable packages fix bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 118.0.5993.70 release, fixing 20 bugs and vulnerabilities. Some of the security fixes are: Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18 on 2023-09-27 Medium CVE-2023-5487: Inappropriate implementation in...

8.8CVSS7.8AI score0.0126EPSS
Exploits0References1
Mageia
Mageia
•added 2023/10/13 10:56 p.m.•41 views

Updated the curl packages to fix two security vulnerabilities

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...

9.8CVSS7.6AI score0.78483EPSS
Exploits6References7
Mageia
Mageia
•added 2023/10/13 10:56 p.m.•31 views

Updated libX11 packages fix security vulnerabilities

A vulnerability was found in libX11 due to a boundary condition within the XkbReadKeySyms function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. CVE-2023-43785 A vulnerability was found in libX11 due to an infinite loop within...

7.8CVSS7.7AI score0.00633EPSS
Exploits1References2
Mageia
Mageia
•added 2023/10/11 9:4 p.m.•63 views

Updated glibc packages fix a security vulnerability

The updated packages fix a security vulnerability: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when...

7.8CVSS7.4AI score0.81422EPSS
Exploits27References3
Mageia
Mageia
•added 2023/10/10 5:21 p.m.•32 views

Updated cups packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents. CVE-2023-32360 Due to failure in validating the length provided by an...

7CVSS7.2AI score0.00663EPSS
Exploits2References5
Mageia
Mageia
•added 2023/10/10 5:21 p.m.•37 views

Updated Firefox and Thunderbird packages fix security vulnerabilities

Updated Firefox and Thunderbird packages fix security vulnerabilities: Out-of-bounds write in PathOps. CVE-2023-5169 Use-after-free in Ion Compiler. CVE-2023-5171 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. CVE-2023-5176 Heap buffer overflow in libvpx...

9.8CVSS9.7AI score0.49013EPSS
Exploits3References11
Mageia
Mageia
•added 2023/10/03 10:53 a.m.•52 views

Updated libwebp packages fix a security vulnerability

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

8.8CVSS8.8AI score0.99735EPSS
Exploits9References2
Mageia
Mageia
•added 2023/10/03 10:53 a.m.•44 views

Updated chromium-browser-stable package fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 117.0.5938.92 release, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92, 117.0.5938.88, 117.0.5938.62, 116.0.5845.187 and 116.0.5845.179. Google is aware that an exploit for CVE-2023-5217 exists in the wild. High...

8.8CVSS9.7AI score0.99735EPSS
Exploits14References7
Mageia
Mageia
•added 2023/10/03 10:53 a.m.•44 views

Updated glibc packages fix a security vulnerability

The updated packages fix a security vulnerability: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVE-2023-5156...

7.5CVSS6.5AI score0.01338EPSS
Exploits0References2
Mageia
Mageia
•added 2023/10/02 10:18 a.m.•59 views

Updated libvpx packages fix security vulnerability

Heap buffer overflow in vp8 encoding in libvpx allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.5AI score0.49013EPSS
Exploits3References3
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•32 views

Updated indent package fixes security vulnerabilities

GNU indent 2.2.13 has a heap-based buffer overflow in searchbrace in indent.c via a crafted file. CVE-2023-40305 GNU indent 2.2.13 has a heap overread in lexi...

5.5CVSS7.4AI score0.00424EPSS
Exploits1References3
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•51 views

Updated wireshark packages fix security vulnerabilities

The updated wireshark packages fix security vulnerabilities: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVE-2023-2906 BT SDP dissector...

7.5CVSS7.1AI score0.02771EPSS
Exploits3References6
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•59 views

Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...

6.5CVSS6.9AI score0.00667EPSS
Exploits1References3
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•37 views

Updated iperf packages fix security vulnerability

It was discovered that iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field CVE-2023-38403...

7.5CVSS7.4AI score0.01703EPSS
Exploits0References3
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•36 views

Updated xrdp packages fix security vulnerability

In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions per user by PAM ex...

6.5CVSS6.3AI score0.00728EPSS
Exploits0References3
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•80 views

Updated java packages fix security vulnerabilities

The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. CVE-2023-21930 Incorrect enqueue of references in garbage collector. CVE-2023-21954 Certificate validation issue in TLS session negotiation. CVE-2023-21967 Swing HTML parsing...

7.5CVSS7.2AI score0.02474EPSS
Exploits1References22
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•36 views

Updated flac packages fix security vulnerability

The updated packages fix a security vulnerability: Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. CVE-2020-22219...

7.8CVSS7.9AI score0.00749EPSS
Exploits1References3
Mageia
Mageia
•added 2023/09/30 7:15 p.m.•57 views

Updated giflib packages fix security vulnerability

The updated packages fix a security vulnerability: giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. CVE-2023-39742...

5.5CVSS7.2AI score0.00328EPSS
Exploits1References3
Total number of security vulnerabilities6009