Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2023/09/30 7:15 p.m.•57 views

Updated giflib packages fix security vulnerability

The updated packages fix a security vulnerability: giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. CVE-2023-39742...

5.5CVSS7.2AI score0.00328EPSS
Exploits1References3
Mageia
Mageia
•added 2023/09/27 4:31 p.m.•65 views

Updated vim packages fix security vulnerability

Use After Free in GitHub repository vim/vim prior to 9.0.1840. CVE-2023-4733 Use After Free in GitHub repository vim/vim prior to 9.0.1857. CVE-2023-4750 Use After Free in GitHub repository vim/vim prior to 9.0.1858. CVE-2023-4752...

7.8CVSS7.2AI score0.00559EPSS
Exploits3References1
Mageia
Mageia
•added 2023/09/27 4:31 p.m.•83 views

Updated glibc packages fix security and other bugs

getaddrinfo: Fix use after free in getcanonname CVE-2023-4806 Stack read overflow with large TCP responses in no-aaaa mode CVE-2023-4527 elf: Introduce to dlcallfini elf: Do not run constructors for proxy objects elf: Always call destructors in reverse constructor order BZ 30785 elf: Remove unuse...

6.5CVSS7.4AI score0.01508EPSS
Exploits1References3
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•54 views

Updated curl packages fix security vulnerability

TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...

9.8CVSS6AI score0.62246EPSS
Exploits11References16
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•88 views

Updated ghostpcl packages fix security vulnerability

An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. CVE-2023-38560...

5.5CVSS6.7AI score0.00343EPSS
Exploits0References1
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•36 views

Updated file packages fix security vulnerability

File before 5.43 has a stack-based buffer over-read in filecopystr in funcs.c. CVE-2022-48554...

5.5CVSS7.1AI score0.00656EPSS
Exploits1References2
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•58 views

Updated firefox/thunderbird packages fix security vulnerability

Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...

9.8CVSS8.7AI score0.99735EPSS
Exploits10References23
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•25 views

Updated libtommath packages fix security vulnerability

libtomath is vulnerable to an Integer Overflow vulnerability that could allow attackers to execute arbitrary code and cause a denial of service DoS. CVE-2023-36328...

9.8CVSS7.9AI score0.01254EPSS
Exploits0References2
Mageia
Mageia
•added 2023/09/24 10:16 p.m.•65 views

Updated nodejs packages fix security vulnerability

This is a security release. As well, it fixes v8 headers detection mga28809 The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module.load High CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire Medium CVE-2023-32559: Policies can ...

9.8CVSS6.8AI score0.01484EPSS
Exploits1References4
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•59 views

Updated python-pypdf2 packages fix security vulnerability

It was discovered that python-pypdf2 contained a vulnerability whereby an attacker can craft a PDF which leads to unexpected long runtime. CVE-2023-36810...

6.5CVSS6.9AI score0.00625EPSS
Exploits1References2
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•51 views

Updated postgresql packages fix security vulnerability

Extension script @substitutions@ within quoting allow SQL injection. CVE-2023-39417 MERGE fails to enforce UPDATE or SELECT row security policies. CVE-2023-39418...

8.8CVSS7.9AI score0.01572EPSS
Exploits0References2
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•61 views

Updated openssl packages fix security vulnerability

AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

5.3CVSS7.1AI score0.05533EPSS
Exploits0References4
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•47 views

Updated unrar packages fix security vulnerability

Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2023-40477...

7.8CVSS7.7AI score0.1308EPSS
Exploits1References2
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•49 views

Updated clamav packages fix security vulnerability

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

7.5CVSS6.7AI score0.02599EPSS
Exploits0References1
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•51 views

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 116.0.5845.140 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim@cassidy6564 on 2023-08-02 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 High...

8.8CVSS7.4AI score0.3398EPSS
Exploits0References3
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•42 views

Updated poppler packages fix security vulnerability

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial...

6.5CVSS6.8AI score0.00927EPSS
Exploits2References2
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•33 views

Updated librsvg packages fix security vulnerability

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVE-2023-3863...

5.5CVSS6.8AI score0.02132EPSS
Exploits1References5
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•64 views

Updated ghostscript packages fix security vulnerability

Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix. CVE-2023-36664 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devnpcxwriterle in ghostscript. This issue may allow a local attacker to cause a denial o...

7.8CVSS6.9AI score0.03236EPSS
Exploits4References5
Mageia
Mageia
•added 2023/09/11 1:7 p.m.•49 views

Updated libtiff packages fix security vulnerability

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

6.5CVSS6.8AI score0.01124EPSS
Exploits5References2
Mageia
Mageia
•added 2023/09/03 8:57 p.m.•48 views

Updated openldap packages fix security vulnerability

Null pointer dereference in bermemallocx function CVE-2023-2953...

7.5CVSS7AI score0.01947EPSS
Exploits0References2
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•186 views

Updated redis packages fix security vulnerability

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. CVE-2022-24834...

8.8CVSS8.1AI score0.4292EPSS
Exploits1References3
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•83 views

Updated docker-containerd packages fix security vulnerability

Memory leak. CVE-2022-23471 Denial of service with maliciously crafted image with a large file CVE-2023-25153 Security bypass due to improper supplementary group handling. CVE-2023-25173...

7.8CVSS7AI score0.01022EPSS
Exploits1References6
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•72 views

Updated php packages fix security vulnerability

Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...

9.8CVSS7AI score0.08003EPSS
Exploits4References2
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to...

7.8CVSS6.5AI score0.0616EPSS
Exploits3References8
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•52 views

Updated samba packages fix security vulnerability

Out-of-bounds read due to insufficient length checks in winbinddpamauthcrap.c CVE-2022-2127 Improper SMB2 packet signing mechanism leading to man in the middle risk CVE-2023-3347 Infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight CVE-2023-34966 Type Confusion...

7.5CVSS6.7AI score0.62606EPSS
Exploits0References8
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•125 views

Updated microcode packages fix security vulnerabilities

This update adds initial microcode updates for AMD and Intel CPUs for the following security issues: AMD: A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled...

7.2CVSS6.9AI score0.0616EPSS
Exploits2References6
Mageia
Mageia
•added 2023/08/23 7:56 p.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

This kerne-linusl update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated...

7.8CVSS6.5AI score0.0616EPSS
Exploits3References8
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.122 and fixes atleast the following security issues: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM...

7.8CVSS7.3AI score0.05794EPSS
Exploits3References4
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•62 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.15.122 and fixes atleast the following security issue: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register,...

5.5CVSS7.2AI score0.05794EPSS
Exploits1References4
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•50 views

Updated mediawiki packages fix security vulnerability

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS6.3AI score0.01216EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•37 views

Updated cri-o packages fix security vulnerability

Denial of service due to memory or disk exhaustion. CVE-2022-1708...

7.8CVSS7AI score0.02827EPSS
Exploits1References4
Mageia
Mageia
•added 2023/07/26 10:7 p.m.•77 views

Updated microcode packages fix security vulnerability

Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information CVE-2023-20593, also know...

5.5CVSS7.3AI score0.05794EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/23 9:59 p.m.•31 views

Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 7.0.10 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 7.0.10 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...

8.1CVSS6.6AI score0.0102EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•44 views

Updated mutt/neomutt packages fix security vulnerability

Out-of-bounds read in imap/util.c when an IMAP sequence set ends with a comma. CVE-2021-32055 Overflow in uudecoder in Mutt allows read past end of input line CVE-2022-1328...

9.1CVSS6.9AI score0.02551EPSS
Exploits2References7
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•54 views

Updated maven packages fix security vulnerability

No longer use http non-SSL repository references by default...

9.1CVSS7.1AI score0.08691EPSS
Exploits2References4
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•38 views

Updated php packages fix security vulnerability

Fixed SOAP bug GHSA-76gg-c692-v2mw Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. CVE-2023-3247...

4.3CVSS7.3AI score0.00709EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•46 views

Updated firefox/nss packages fix security vulnerability

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS CVE-2023-37201. Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free in...

8.8CVSS8.9AI score0.00755EPSS
Exploits0References4
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•43 views

Updated qt4/qtsvg5 packages fix security vulnerability

Out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend CVE-2021-45930 QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573...

6.5CVSS7.1AI score0.01343EPSS
Exploits1References4
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•35 views

Updated texlive packages fix security vulnerability

Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...

8.8CVSS7.7AI score0.00804EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•29 views

Updated mingw-nsis packages fix security vulnerability

Mishandles access control for an uninstaller directory. CVE-2023-37378...

5.3CVSS7.1AI score0.00892EPSS
Exploits0References2
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support...

7.8CVSS7.3AI score0.08091EPSS
Exploits3References5
Mageia
Mageia
•added 2023/07/19 7:53 p.m.•229 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support CVE-2023-3338...

7.8CVSS7.4AI score0.08091EPSS
Exploits5References5
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•41 views

Updated systemd packages fix security vulnerability

Local information leak due to systemd-coredump not respecting the fs.suiddumpable kernel setting CVE-2022-4415...

5.5CVSS6.7AI score0.00867EPSS
Exploits1References6
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•64 views

Updated python-setuptools packages fix security vulnerability

Denial of service via crafted HTML CVE-2022-40897...

5.9CVSS6.9AI score0.02617EPSS
Exploits1References5
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•27 views

Updated opensc packages fix security vulnerability

Crash or info leak due to heap-based buffer out of bounds read CVE-2023-2977...

7.1CVSS7AI score0.00295EPSS
Exploits0References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•37 views

Updated keepass packages fix security vulnerability

Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...

7.5CVSS7.1AI score0.04655EPSS
Exploits7References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•36 views

Updated minidlna packages fix security vulnerability

Out-of-bounds read/write due to buffer overflow CVE-2023-33476...

9.8CVSS7.5AI score0.02061EPSS
Exploits2References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•32 views

Updated curaengine packages fix security vulnerability

Denial of service due to integer overflow CVE-2022-28041...

6.5CVSS7.2AI score0.02069EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•52 views

Updated golang packages fix security vulnerability

Code injection via go command with cgo in cmd/go CVE-2023-29402 Ignoring setuid/setgid bits. CVE-2023-29403 Arbitrary code execution CVE-2023-29404 Arbitrary code execution CVE-2023-29405...

9.8CVSS8.2AI score0.01837EPSS
Exploits0References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•39 views

Updated webkit2 packages fix security vulnerability

Details not available at this time. CVE-2022-48503 Memory corruption issue may lead to arbitrary code execution CVE-2023-32435 Type confusion issue may lead to arbitrary code execution CVE-2023-32439...

8.8CVSS8.1AI score0.23788EPSS
Exploits1References3
Total number of security vulnerabilities6009