Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2025/12/04 11:29 p.m.•7 views

Updated python-django packages fix security vulnerabilities

Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...

7.5CVSS8.2AI score0.02143EPSS
Exploits0References2
Mageia
Mageia
•added 2025/12/04 11:29 p.m.•6 views

Updated xkbcomp packages fix security vulnerabilities

Endless recursion in xkbcomp/expr.c resulting in a crash. CVE-2018-15853 NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. CVE-2018-15859 NULL pointer dereference in ExprResolveLhs resulting in a crash. CVE-2018-15861 NULL pointer dereference in...

5.5CVSS7AI score0.00535EPSS
Exploits0References2
Mageia
Mageia
•added 2025/12/04 11:29 p.m.•7 views

Updated gnutls packages fix security vulnerability

Stack write buffer overflow. CVE-2025-9820...

4CVSS7.5AI score0.00203EPSS
Exploits0References2
Mageia
Mageia
•added 2025/12/04 11:29 p.m.•29 views

Updated libraw, digikam & darktable packages fix security vulnerabilities

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult...

9.8CVSS6.9AI score0.00367EPSS
Exploits0References4
Mageia
Mageia
•added 2025/12/04 11:29 p.m.•8 views

Updated unbound packages fix security vulnerabilities

Possible domain hijacking via promiscuous records in the authority section. CVE-2025-11411. Previous fixes for CVE-2025-11411 released with Unbound 1.24.1 were not complete...

7.1CVSS7AI score0.00311EPSS
Exploits0References3
Mageia
Mageia
•added 2025/12/04 11:29 p.m.•6 views

Updated webkit2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43421...

8.8CVSS7AI score0.01378EPSS
Exploits0References3
Mageia
Mageia
•added 2025/12/03 8:39 p.m.•7 views

Updated cups packages fix security vulnerabilities

The updated packages fix security vulnerabilities and a regression with GTK+ apps caused by the fix for CVE-2025-58436: OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack. CVE-2025-58436 OpenPrinting CUPS vulnerable to stack based out-of-bound write. CVE-2025-61915...

6.7CVSS6.9AI score0.00409EPSS
Exploits2References4
Mageia
Mageia
•added 2025/12/01 10:1 p.m.•13 views

Updated libpng packages fix security vulnerabilities

LIBPNG is vulnerable to a heap buffer overflow in pngdoquantize via malformed palette index. CVE-2025-64505 LIBPNG is vulnerable to a heap buffer over-read in pngwriteimage8bit with grayscale+alpha or RGB/RGBA images. CVE-2025-64506 LIBPNG is vulnerable to a buffer overflow in pngimagereadcomposi...

7.1CVSS7.6AI score0.00352EPSS
Exploits5References2
Mageia
Mageia
•added 2025/11/25 7:41 p.m.•7 views

Updated webkit2 packages fix security vulnerabilities

We are updating webkit2 to version 2.50.1 that has many security fixes since our current version. Please see the links for additional information...

10CVSS6.8AI score0.14492EPSS
Exploits6References11
Mageia
Mageia
•added 2025/11/24 7:8 p.m.•7 views

Updated cups-filters packages fix security vulnerability

CUPS rastertopclx Filter Vulnerable to Heap Buffer Overflow Leading to Potential Arbitrary Code Execution. CVE-2025-64524...

5.5CVSS6.9AI score0.00181EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/24 6:27 p.m.•41 views

Updated ruby-rack packages fix security vulnerabilities

Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...

7.5CVSS6.9AI score0.01095EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/22 8:20 p.m.•23 views

Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.116 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

9.8CVSS7.3AI score0.08942EPSS
Exploits4References12
Mageia
Mageia
•added 2025/11/22 8:20 p.m.•10 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.116 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.8CVSS7.2AI score0.08942EPSS
Exploits4References12
Mageia
Mageia
•added 2025/11/21 7:56 p.m.•12 views

Updated konsole packages fix security vulnerability

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

8.2CVSS8.5AI score0.00551EPSS
Exploits0References3
Mageia
Mageia
•added 2025/11/21 7:56 p.m.•8 views

Updated redis packages fix security vulnerabilities

A Lua script may lead to remote code execution. CVE-2025-49844 A Lua script may lead to integer overflow and potential RCE. CVE-2025-46817 A Lua script can be executed in the context of another user. CVE-2025-46818 LUA out-of-bound read. CVE-2025-46819...

9.9CVSS8.3AI score0.86767EPSS
Exploits15References4
Mageia
Mageia
•added 2025/11/21 7:56 p.m.•20 views

Updated ffmpeg packages fix security vulnerabilities

FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the avsamplessetsilence function in thelibavutil/samplefmt.c:260:9 component. CVE-2023-50007 FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the avmalloc...

9.1CVSS7.8AI score0.00669EPSS
Exploits4References3
Mageia
Mageia
•added 2025/11/19 2:16 a.m.•7 views

Updated thunderbird packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

8.8CVSS7.1AI score0.0041EPSS
Exploits0References3
Mageia
Mageia
•added 2025/11/19 2:16 a.m.•16 views

Updated flatpak & bubblewrap packages fix security vulnerability

Flatpak may allow access to files outside sandbox for certain apps. CVE-2024-42472...

10CVSS7.1AI score0.01283EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/19 2:16 a.m.•7 views

Updated cups-filters packages fix security vulnerabilities

CUPS-Filters has heap-buffer-overflow write in cfImageLut. CVE-2025-57812 cups-filters 1.x: out of bounds write in pdftoraster. CVE-2025-64503...

4CVSS7.1AI score0.00391EPSS
Exploits2References1
Mageia
Mageia
•added 2025/11/18 2:47 a.m.•8 views

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege. CVE-2025-12817 PostgreSQL libpq undersizes allocations, via integer wraparound. CVE-2025-12818...

5.9CVSS7.1AI score0.00307EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/18 2:47 a.m.•30 views

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

9.1CVSS6.9AI score0.04409EPSS
Exploits2References10
Mageia
Mageia
•added 2025/11/17 10:14 p.m.•7 views

Updated firefox packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

8.8CVSS7.1AI score0.0041EPSS
Exploits0References3
Mageia
Mageia
•added 2025/11/15 7:52 p.m.•7 views

Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

8.8CVSS7AI score0.01548EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•8 views

Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References3
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•8 views

Updated stardict packages fix security vulnerability

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. CVE-2025-55014...

4.7CVSS6.7AI score0.00377EPSS
Exploits0References3
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•7 views

Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerability

Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... can throw a StackOverflowError on very long inputs. CVE-2025-48924...

5.3CVSS6.5AI score0.02164EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•43 views

Updated botan2 packages fix security vulnerability

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS6.2AI score0.00542EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•7 views

Updated yelp & yelp-xsl packages fix security vulnerability

The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...

7.4CVSS7.7AI score0.12592EPSS
Exploits1References5
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•12 views

Updated python-django packages fix security vulnerability

Potential SQL injection via connector keyword argument in QuerySet and Q objects. CVE-2025-64459...

9.1CVSS8.2AI score0.19396EPSS
Exploits10References2
Mageia
Mageia
•added 2025/11/15 7:11 a.m.•7 views

Updated spdlog packages fix security vulnerability

Spdlog patternformatter-inl.h scopedpadder resource consumption. CVE-2025-6140...

4.8CVSS4.4AI score0.00202EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/14 4:41 p.m.•21 views

Updated webkit2 packages fix security vulnerabilities

CVE-2024-27838 A maliciously crafted webpage may be able to fingerprint the user. Description: The issue was addressed by adding additional logic. CVE-2024-27851 Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved...

9.8CVSS9.6AI score0.01344EPSS
Exploits1References4
Mageia
Mageia
•added 2025/11/13 11:37 p.m.•8 views

Updated python-setuptools packages fix security vulnerability

Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. CVE-2025-47273...

8.8CVSS7AI score0.01479EPSS
Exploits4References2
Mageia
Mageia
•added 2025/11/13 11:37 p.m.•30 views

Updated ruby packages fix security vulnerabilities

Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...

7.5CVSS7.2AI score0.00784EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/13 11:37 p.m.•6 views

Updated python-py packages fix security vulnerability

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...

7.5CVSS7AI score0.01546EPSS
Exploits1References3
Mageia
Mageia
•added 2025/11/13 6:3 p.m.•19 views

Updated python-flask-cors packages fix security vulnerabilities

Log Injection Vulnerability in corydolphin/flask-cors. CVE-2024-1681 Improper Access Control in corydolphin/flask-cors. CVE-2024-6221 Improper Regex Path Matching in corydolphin/flask-cors. CVE-2024-6839 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors...

7.5CVSS5.8AI score0.00677EPSS
Exploits5References2
Mageia
Mageia
•added 2025/11/13 6:3 p.m.•8 views

Updated perl-JSON-XS packages fix security vulnerability

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. CVE-2025-40928...

7.5CVSS7.2AI score0.00603EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/13 6:3 p.m.•6 views

Updated perl-Authen-SASL packages fix security vulnerability

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. CVE-2025-40918...

6.5CVSS6.7AI score0.00394EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/13 6:3 p.m.•11 views

Updated perl-Cpanel-JSON-XS packages fix security vulnerability

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. CVE-2025-40929...

5.6CVSS7.2AI score0.00405EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/13 6:3 p.m.•7 views

Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

5.9CVSS5.8AI score0.00516EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•7 views

Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS7.3AI score0.01742EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•7 views

Updated perl-File-Find-Rule packages fix security vulnerability

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted file name. CVE-2011-10007...

8.8CVSS8.5AI score0.00736EPSS
Exploits0References3
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•7 views

Updated python-urllib3 & python-pip packages fix security vulnerability

Urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation. CVE-2025-50181...

6.1CVSS6.5AI score0.004EPSS
Exploits1References3
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•7 views

Updated perl-YAML-LibYAML packages fix security vulnerability

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. CVE-2025-40908...

9.1CVSS8.9AI score0.00368EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•7 views

Updated perl packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes. CVE-2024-56406 Perl threads have a working directory race condition where file operations may target...

8.4CVSS7.5AI score0.01548EPSS
Exploits1References12
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•6 views

Updated perl-FCGI packages fix security vulnerability

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. CVE-2025-40907...

5.3CVSS5.7AI score0.00516EPSS
Exploits1References2
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•5 views

Updated python-tornado packages fix security vulnerability

Tornado vulnerable to excessive logging caused by malformed multipart form data. CVE-2025-47287...

7.5CVSS7AI score0.00667EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•7 views

Updated perl-Data-Entropy packages fix security vulnerability

Data::Entropy for Perl uses insecure rand function for cryptographic functions. CVE-2025-1860...

7.7CVSS5.5AI score0.00179EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/12 9:29 p.m.•10 views

Updated python3 packages fix security vulnerabilities

URL parser allowed square brackets in domain names. CVE-2025-0938 Mishandling of comma during folding and unicode-encoding of email headers. CVE-2025-1795 Virtual environment venv activation scripts don't quote paths. CVE-2024-9287 Use-after-free in "unicodeescape" decoder with error handler...

9.4CVSS7.1AI score0.01499EPSS
Exploits14References9
Mageia
Mageia
•added 2025/11/12 5:8 p.m.•9 views

Updated unbound packages fix security vulnerability

Several multi-vendor cache poisoning vulnerabilities have been discovered in caching resolvers for non-DNSSEC protected data. Unbound is vulnerable for some of these cases that could lead to domain hijacking CVE-2025-11411...

7.1CVSS6.7AI score0.00311EPSS
Exploits0References2
Mageia
Mageia
•added 2025/11/10 6:54 p.m.•6 views

Updated strongswan packages fix security vulnerability

Buffer Overflow When Handling EAP-MSCHAPv2 Failure Requests. CVE-2025-62291...

8.1CVSS7.1AI score0.00879EPSS
Exploits0References3
Total number of security vulnerabilities6009