Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
added 2026/05/14 2:43 a.m.39 views

Updated redis packages fix security vulnerabilities

CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...

8.8CVSS6.5AI score0.02995EPSS
Exploits4References4
Mageia
Mageia
added 2026/05/14 2:43 a.m.19 views

Updated perl-XML-LibXML packages fix security vulnerability

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. CVE-2026-8177...

7.5CVSS5.8AI score0.00531EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/14 2:43 a.m.15 views

Updated perl-Net-CIDR-Lite packages fix security vulnerabilities

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/14 2:43 a.m.15 views

Updated flatpak packages fix security vulnerabilities

Complete sandbox escape leading to host file access and code execution in the host context. CVE-2026-34078 Arbitrary file deletion on the host filesystem. CVE-2026-34079...

10CVSS6.2AI score0.0168EPSS
Exploits0References7
Mageia
Mageia
added 2026/05/14 2:43 a.m.13 views

Updated dnsmasq packages fix security vulnerabilities

CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...

8.8CVSS6.4AI score0.07237EPSS
Exploits4References2
Mageia
Mageia
added 2026/05/13 4:38 p.m.14 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerability

Upstream kernel version 6.6.138 fixes a vulnerability. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

8.8CVSS6AI score0.93235EPSS
Exploits31References2
Mageia
Mageia
added 2026/05/13 4:38 p.m.9 views

Updated kernel-linus packages fix security vulnerability

Vanilla upstream kernel version 6.6.138 fixes vulnerability. For information about the vulnerability see the links...

8.8CVSS6AI score0.93235EPSS
Exploits31References2
Mageia
Mageia
added 2026/05/13 7:0 a.m.10 views

Updated sed packages fix security vulnerability

Race Condition in GNU Sed. CVE-2026-5958...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/13 7:0 a.m.14 views

Updated apache packages fix security vulnerabilities

http2: double free and possible RCE on early reset. CVE-2026-23918 modrewrite elevation of privileges via apexpr. CVE-2026-24072 buffer overflow in modproxyajp via ajpmsgcheckheader. CVE-2026-28780 modmd unrestricted OCSP response. CVE-2026-29168 moddavlock indirect lock crash. CVE-2026-29169...

9.8CVSS6.2AI score0.4581EPSS
Exploits18References15
Mageia
Mageia
added 2026/05/13 7:0 a.m.83 views

Updated perl-Gazelle packages fix security vulnerability

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40562...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/13 7:0 a.m.13 views

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

9.8CVSS5.9AI score0.0078EPSS
Exploits1References2
Mageia
Mageia
added 2026/05/10 2:43 a.m.11 views

Updated openvpn packages fix security vulnerabilities

CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...

6.9CVSS5.8AI score0.00317EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/09 4:24 p.m.13 views

Updated vim packages fix security vulnerabilities

Ex command injection in Vims NetBeans integration. CVE-2026-39881 Command injection via backtick expansion in tag filenames in Vim v9.2.0357. CVE-2026-41411 OS Command Injection in netrw affects Vim 9.2.0383. CVE-2026-42307 OS Command Injection via 'path' completion affects Vim 9.2.0435...

7.8CVSS5.8AI score0.00774EPSS
Exploits0References9
Mageia
Mageia
added 2026/05/09 4:24 p.m.9 views

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

9.8CVSS5.8AI score0.00586EPSS
Exploits0References7
Mageia
Mageia
added 2026/05/09 4:24 p.m.14 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

9.8CVSS5.8AI score0.00586EPSS
Exploits0References5
Mageia
Mageia
added 2026/05/07 5:6 a.m.35 views

Updated libexif packages fix security vulnerabilities

CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon...

7.8CVSS5.8AI score0.00193EPSS
Exploits1References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.17 views

Updated nginx packages fix security vulnerabilities

Buffer overflow in ngxhttpdavmodule CVE-2026-27654 Buffer overflow in the ngxhttpmp4module CVE-2026-27784 Buffer overflow in the ngxhttpmp4module CVE-2026-32647 NULL pointer dereference while using CRAM-MD5 or APOP CVE-2026-27651 Injection in authhttp and XCLIENT CVE-2026-28753 OCSP result bypass...

8.8CVSS7.5AI score0.21621EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.10 views

Updated ntfs-3g packages fix security vulnerability

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

8.4CVSS6AI score0.00165EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/07 5:6 a.m.38 views

Updated perl-Starman packages fix security vulnerability

Starman versions before 0.4018 for Perl allow HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/07 5:6 a.m.33 views

Updated krb5-appl packages fix security vulnerability

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full. CVE-2026-32746...

9.8CVSS7.6AI score0.23674EPSS
Exploits8References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.31 views

Updated tcpflow packages fix security vulnerability

tcpflow has TIM Element OOB Write in wifipcap. CVE-2026-25061...

7.5CVSS5.8AI score0.00517EPSS
Exploits1References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.15 views

Updated libtiff packages fix security vulnerability

Arbitrary code execution or denial of service via signed integer overflow in tiff file processing. CVE-2026-4775...

7.8CVSS7.5AI score0.00553EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.51 views

Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/07 5:6 a.m.12 views

Updated nano packages fix security vulnerabilities

Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.10 views

Updated perl-Net-CIDR-Lite packages fix security vulnerabilities

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. CVE-2026-40198 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. CVE-2026-40199...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/07 5:6 a.m.14 views

Updated opam packages fix security vulnerability

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082...

7.8CVSS6.2AI score0.00205EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.15 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.137 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.8CVSS6.1AI score0.96267EPSS
Exploits229References8
Mageia
Mageia
added 2026/05/07 5:6 a.m.14 views

Updated graphicsmagick packages fix security vulnerabilities

ImageMagick has a heap overflow in the pcd decoder that leads to an out of bounds read. CVE-2026-26284 ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction. CVE-2026-33535...

9.1CVSS7.2AI score0.00404EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/06 4:52 p.m.11 views

Updated virtualbox packages fix security vulnerabilities

Some security vulnerabilities are fixed by this update; please see the links. If you will not update to kernel 6.6.137 flavors, please think in use dkms-virtualbox package instead of virtualbox-kernel as those packages have not been updated for previous kernels...

7.5CVSS7.1AI score0.00253EPSS
Exploits1References2
Mageia
Mageia
added 2026/05/04 4:5 p.m.110 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.137 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

9.8CVSS6.2AI score0.96267EPSS
Exploits229References8
Mageia
Mageia
added 2026/04/22 10:8 p.m.9 views

Updated gvfs packages fix security vulnerabilities

Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. CVE-2026-28295 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. CVE-2026-28296...

4.3CVSS5.9AI score0.0036EPSS
Exploits2References3
Mageia
Mageia
added 2026/04/21 2:11 a.m.11 views

Updated firefox & thunderbird packages fix security vulnerabilities

Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. CVE-2026-5731 Incorrect boundary conditions, integer overflow in the Graphics: Text component. CVE-2026-5732 Memory safety bugs fixed in Firefox ESR 140.9.1,...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References5
Mageia
Mageia
added 2026/04/21 2:11 a.m.9 views

Updated libtiff packages fix security vulnerabilities

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c. CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. CVE-2025-61144...

9.8CVSS5.7AI score0.00253EPSS
Exploits1References2
Mageia
Mageia
added 2026/04/18 4:43 p.m.7 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

Denial of service via heap-based buffer overflow when processing a specially crafted jpeg image. CVE-2026-5201...

7.5CVSS6AI score0.01069EPSS
Exploits1References2
Mageia
Mageia
added 2026/04/18 4:43 p.m.8 views

Updated python-cairosvg packages fix security vulnerability

CairoSVG vulnerable to Exponential DoS via recursive element amplification. CVE-2026-31899...

7.5CVSS5.7AI score0.0049EPSS
Exploits2References3
Mageia
Mageia
added 2026/04/18 4:43 p.m.7 views

Updated giflib packages fix security vulnerability

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868...

7CVSS5.7AI score0.00144EPSS
Exploits0References2
Mageia
Mageia
added 2026/04/18 2:40 a.m.7 views

Updated rsync packages fix security vulnerability

In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...

7.8CVSS5.7AI score0.00393EPSS
Exploits1References4
Mageia
Mageia
added 2026/04/17 7:56 p.m.9 views

Updated polkit-122 packages fix security vulnerability

Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write. CVE-2025-7519...

6.7CVSS6.6AI score0.00184EPSS
Exploits0References2
Mageia
Mageia
added 2026/04/16 5:53 p.m.10 views

Updated cockpit-338 packages fix security vulnerability

Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...

9.8CVSS6.4AI score0.142EPSS
Exploits3References1
Mageia
Mageia
added 2026/04/15 4:42 p.m.8 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.130 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

9.8CVSS5.8AI score0.00399EPSS
Exploits9References11
Mageia
Mageia
added 2026/04/15 4:42 p.m.22 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.130 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.8CVSS5.8AI score0.00399EPSS
Exploits9References11
Mageia
Mageia
added 2026/04/12 5:23 a.m.10 views

Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

9.1CVSS5.8AI score0.15831EPSS
Exploits7References11
Mageia
Mageia
added 2026/04/12 5:23 a.m.12 views

Updated squid packages fix security vulnerabilities

Squid mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c. CVE-2025-59362 Squid vulnerable to information disclosure via authentication credential leakage in error handling. CVE-2025-62168 Squid vulnerable to Denial of Service in ICP Request handling...

10CVSS6.6AI score0.6332EPSS
Exploits2References5
Mageia
Mageia
added 2026/04/12 5:23 a.m.9 views

Updated libpng12 packages fix security vulnerability

LIBPNG has a heap buffer overflow in pngsetquantize. CVE-2026-25646...

8.3CVSS6.2AI score0.00955EPSS
Exploits1References2
Mageia
Mageia
added 2026/04/11 11:2 p.m.7 views

Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References2
Mageia
Mageia
added 2026/04/10 5:11 p.m.9 views

Updated openssl packages fix security vulnerabilities

Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. CVE-2026-31790 Potential Use-after-free in DANE Client Code. CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL. CVE-2026-28388 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. CVE-2026-28389 Possible...

9.8CVSS5.8AI score0.00981EPSS
Exploits0References2
Mageia
Mageia
added 2026/04/10 5:11 p.m.6 views

Updated python-tornado packages fix security vulnerabilities

Tornado vulnerable to Header Injection and XSS via reason argument. CVE-2025-67724 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing. CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters. CVE-2025-67726...

7.5CVSS6.6AI score0.00396EPSS
Exploits0References2
Mageia
Mageia
added 2026/04/08 2:49 a.m.7 views

Updated python-pygments packages fix security vulnerability

A security flaw in Pygments function AdlLexer in archetype.py stems from a regular expression having an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. CVE-2026-4539...

4.8CVSS5.9AI score0.00156EPSS
Exploits0References2
Mageia
Mageia
added 2026/04/07 9:50 p.m.16 views

Updated tigervnc packages fix security vulnerability

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVE-2026-34352...

9.8CVSS5.9AI score0.00247EPSS
Exploits0References2
Mageia
Mageia
added 2026/04/07 9:50 p.m.8 views

Updated roundcubemail packages fix security vulnerability

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...

8.2CVSS5.9AI score0.00329EPSS
Exploits0References2
Total number of security vulnerabilities6009