Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2023/07/07 5:54 a.m.•54 views

Updated libreoffice packages fix security vulnerability

Arbitrary File Write in hsqldb 1.8.0. CVE-2023-1183...

5.5CVSS7AI score0.65692EPSS
Exploits0References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•52 views

Updated golang packages fix security vulnerability

Code injection via go command with cgo in cmd/go CVE-2023-29402 Ignoring setuid/setgid bits. CVE-2023-29403 Arbitrary code execution CVE-2023-29404 Arbitrary code execution CVE-2023-29405...

9.8CVSS8.2AI score0.01837EPSS
Exploits0References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•48 views

Updated nodejs packages fix security vulnerability

Current nodejs 14 branch in Mageia 8 is end of life and there are no more security updates. This release allows to move to the new nodejs 18 LTS branch and fixes the following CVEs CVE-2023-30581: mainModule.proto Bypass Experimental Policy Mechanism High CVE-2023-30585: Privilege escalation via...

7.7CVSS7AI score0.03906EPSS
Exploits1References3
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•39 views

Updated glances packages fix security vulnerability

Regular Expression Denial of Service ReDoS in angular CVE-2022-25844...

7.5CVSS7AI score0.04658EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•45 views

Updated apache-ivy packages fix security vulnerability

Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...

9.1CVSS7AI score0.01819EPSS
Exploits0References3
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•28 views

Updated testng packages fix security vulnerability

Path traversal in zip files CVE-2022-4065...

7.8CVSS7.1AI score0.00876EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•28 views

Updated cups packages fix security vulnerability

Use-after-free in cupsdAcceptClient. CVE-2023-34241...

7.1CVSS7.1AI score0.01395EPSS
Exploits1References3
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•32 views

Updated curaengine packages fix security vulnerability

Denial of service due to integer overflow CVE-2022-28041...

6.5CVSS7.2AI score0.02069EPSS
Exploits1References2
Mageia
Mageia
•added 2023/07/07 5:54 a.m.•63 views

Updated skopeo/buildah/podman packages fix security vulnerability

Information disclosure flaw was found in Buildah CVE-2021-3602 podman allows forwarding hosts ports to vm from within vm CVE-2021-4024 Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration CVE-2021-20206 github.com/containers/storag...

8.8CVSS7.1AI score0.06975EPSS
Exploits7References45
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•49 views

Updated libx11 packages fix security vulnerability

Buffer overflows in InitExt.c in libX11 prior to 1.8.6. CVE-2023-3138...

7.5CVSS7AI score0.01656EPSS
Exploits0References3
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•43 views

Updated sofia-sip packages fix security vulnerability

The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. CVE-2023-32307...

7.5CVSS6.9AI score0.01056EPSS
Exploits0References2
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•75 views

Updated sqlite packages fix security vulnerability

osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impact by leveraging use of the current working directory for...

7.5CVSS7AI score0.08186EPSS
Exploits0References2
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•70 views

Updated python-tornado packages fix security vulnerability

Remote unauthenticated attacker may redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. CVE-2023-28370...

6.1CVSS7.2AI score0.01132EPSS
Exploits0References2
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•40 views

Updated docker-docker-registry packages fix security vulnerability

Denail of service through excessive use of memory. CVE-2023-2253...

6.5CVSS7AI score0.00938EPSS
Exploits0References2
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•254 views

Updated mediawiki packages fix security vulnerability

Bundled PapaParse copy in VisualEditor has known ReDos CVE-2020-36649. An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These fil...

9.8CVSS6.5AI score0.01388EPSS
Exploits3References5
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•149 views

Updated python-requests packages fix security vulnerability

Forwarding proxy credentials to the destination server unintentionally CVE-2023-32681...

6.1CVSS7.1AI score0.02782EPSS
Exploits1References3
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•74 views

Updated libcap packages fix security vulnerability

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory. CVE-2023-2602 A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and...

7.8CVSS7.1AI score0.00574EPSS
Exploits2References5
Mageia
Mageia
•added 2023/06/28 5:21 a.m.•21 views

Updated xonotic packages fix security vulnerability

A bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, See referenced release notes for other changes...

7.8AI score
Exploits0References2
Mageia
Mageia
•added 2023/06/19 4:29 p.m.•129 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was found in...

7.8CVSS8.1AI score0.12966EPSS
Exploits9References8
Mageia
Mageia
•added 2023/06/19 4:29 p.m.•50 views

Updated sysstat packages fix security vulnerability

Multiplication integer overflow in checkoverflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. CVE-2023-33204...

7.8CVSS7.3AI score0.00327EPSS
Exploits0References2
Mageia
Mageia
•added 2023/06/19 4:29 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was fou...

7.8CVSS8.1AI score0.12966EPSS
Exploits9References8
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•33 views

Updated firefox/nss packages fix security vulnerability

Click-jacking certificate exceptions through rendering lag. CVE-2023-34414 Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. CVE-2023-34416...

9.8CVSS7.8AI score0.0093EPSS
Exploits0References5
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•29 views

Updated cups packages fix security vulnerability

A heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function 'formatlogline' could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when...

7.5CVSS7.3AI score0.01473EPSS
Exploits1References2
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•37 views

Updated thunderbird packages fix security vulnerability

Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Memory safety bugs fixed in Thunderbird 102.12 CVE-2023-34416...

9.8CVSS7.6AI score0.0093EPSS
Exploits0References4
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•33 views

Updated httpie packages fix security vulnerability

Cookie exposure to third parties CVE-2022-24737...

6.5CVSS7AI score0.01625EPSS
Exploits1References2
Mageia
Mageia
•added 2023/06/15 7:27 a.m.•74 views

Updated webkit2 packages fix security vulnerability

Out-of-bounds read CVE-2023-28204 Use-after-free issue CVE-2023-32373...

8.8CVSS7.1AI score0.14292EPSS
Exploits0References4
Mageia
Mageia
•added 2023/06/08 7:34 p.m.•47 views

Updated python-flask packages fix security vulnerability

Client 'session' cookie sent to other clients CVE-2023-30861...

7.5CVSS7AI score0.01261EPSS
Exploits1References2
Mageia
Mageia
•added 2023/06/08 7:34 p.m.•100 views

Updated openssl packages fix security vulnerability

Possible DoS translating ASN.1 object identifiers. CVE-2023-2650...

6.5CVSS7.1AI score0.73461EPSS
Exploits0References2
Mageia
Mageia
•added 2023/06/08 7:34 p.m.•45 views

Updated libreoffice packages fix security vulnerability

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS7.2AI score0.02244EPSS
Exploits2References3
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•35 views

Updated cups-filters packages fix security vulnerability

Possible command injection in the Backend Error Handler CVE-2023-24805...

8.8CVSS7.6AI score0.03697EPSS
Exploits1References5
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•53 views

Updated tomcat packages fix security vulnerability

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

7.5CVSS6.9AI score0.51547EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•64 views

Updated postgresql packages fix security vulnerability

CREATE SCHEMA ... schemaelement defeats protective searchpath changes. CVE-2023-2454 Row security policies disregard user ID changes after inlining. CVE-2023-2455...

7.2CVSS7.1AI score0.0119EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•38 views

Updated qtbase5 packages fix security vulnerability

Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVE-2023-32762 QTextLayout buffer overflow in SVG file...

7.5CVSS7.4AI score0.01287EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•35 views

Updated vim packages fix security vulnerability

Use of Out-of-range Pointer Offset in GitHub repository vim/vim. CVE-2023-2426...

6.8CVSS7.2AI score0.00409EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/31 6:41 a.m.•33 views

Updated tcpreplay packages fix security vulnerability

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpeditdltcleanup function at plugins/dltplugins.c. CVE-2023-27783 An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the readhexstring function ...

7.5CVSS6.8AI score0.01506EPSS
Exploits7References2
Mageia
Mageia
•added 2023/05/22 3:30 p.m.•11 views

Updated python-reportlab packages fix security vulnerability

Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details...

7AI score
Exploits0References2
Mageia
Mageia
•added 2023/05/22 3:30 p.m.•37 views

Updated mariadb packages fix security vulnerability

It is possible for function spiderdbmbase::printwarnings to dereference a null pointer. CVE-2022-47015...

6.5CVSS7AI score0.01486EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•37 views

Updated sniproxy packages fix security vulnerability

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. CVE-2023-25076...

9.8CVSS7.9AI score0.65515EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•38 views

Updated dmidecode packages fix security vulnerability

Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630...

7.1CVSS6.8AI score0.00523EPSS
Exploits1References3
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•57 views

Updated webkit2 packages fix security vulnerability

HTML document may be able to render iframes with sensitive user information CVE-2022-0108 maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32885 use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code ...

8.8CVSS8.4AI score0.27076EPSS
Exploits1References3
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•57 views

Updated freetype2 packages fix security vulnerability

An integer overflow vulnerability was discovered in Freetype in tthvadvanceadjust function in src/truetype/ttgxvar.c. CVE-2023-2004...

7.3AI score
Exploits0References3
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•50 views

Updated cmark packages fix security vulnerability

cmark incorrectly handled certain inputs. Fixes quadratic complexity in handleclosebracket "" which may lead to a denial of service CVE-2023-22486. Noting that this also fixes a quadratic parsing issue with repeated comment tags that was not in a released product but which was assigned a CVE...

7.5CVSS7.3AI score0.01108EPSS
Exploits2References3
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•10 views

Updated suricata packages fix security vulnerability

Various security, performance, accuracy and stability issues. See referenced package announcements for details...

7.1AI score
Exploits0References7
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•60 views

Updated apache-mod_security packages fix security vulnerability

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...

7.5CVSS7.2AI score0.01169EPSS
Exploits0References3
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•48 views

Updated glib2.0 packages fix security vulnerability

Denial of service caused by handling a malicious text-form variant. CVE-2023-24593 Denial of service caused by malicious serialised variant. CVE-2023-25180...

7AI score
Exploits0References3
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•46 views

Updated patchelf packages fix security vulnerability

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. CVE-2022-44940...

9.1CVSS7.2AI score0.01042EPSS
Exploits1References2
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•39 views

Updated python-sqlparse packages fix security vulnerability

ReDoS Regular Expression Denial of Service CVE-2023-30608...

7.5CVSS7.1AI score0.0098EPSS
Exploits0References2
Mageia
Mageia
•added 2023/05/21 8:42 a.m.•53 views

Updated libssh packages fix security vulnerability

Potential NULL dereference during rekeying with algorithm guessing. CVE-2023-1667 Authorization bypass in pkiverifydatasignature. CVE-2023-2283...

6.5CVSS7.1AI score0.01314EPSS
Exploits2References5
Mageia
Mageia
•added 2023/05/19 7:23 a.m.•144 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. This issue could occur when associnfo-reqlen data is bigger than t...

7.8CVSS6.9AI score0.16642EPSS
Exploits2References5
Mageia
Mageia
•added 2023/05/16 7:17 p.m.•87 views

Updated python-pillow packages fix security vulnerability

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVE-2022-30595 Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198...

9.8CVSS7.5AI score0.01923EPSS
Exploits1References2
Total number of security vulnerabilities6009