Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
added 2025/11/09 7:52 a.m.14 views

Updated opencontainers-runc packages fix security vulnerabilities

The way masked paths are implemented in runc can be exploited to cause the host system to crash or halt CVE-2025-31133 and a flaw in /dev/console bind-mounts can lead to container escape CVE-2025-52565. Also, arbitrary write gadgets and procfs write redirects could be used to engineer container...

8.4CVSS7AI score0.0067EPSS
Exploits4References4
Mageia
Mageia
added 2025/11/09 7:52 a.m.9 views

Updated libxml2 & libxslt packages fix security vulnerabilities

Heap use after free UAF leads to Denial of service DoS. CVE-2025-49794 Null pointer dereference leads to Denial of service DoS. CVE-2025-49795 Type confusion leads to Denial of service DoS. CVE-2025-49796 Integer Overflow Leading to Buffer Overflow in xmlBuildQName. CVE-2025-6021 Stack-based Buff...

9.1CVSS7AI score0.01437EPSS
Exploits2References3
Mageia
Mageia
added 2025/11/09 7:52 a.m.63 views

Updated xen packages fix security vulnerabilities

Double unlock in x86 guest IRQ handling. CVE-2024-31143 Xapi: Metadata injection attack against backup/restore functionality. CVE-2024-31144 Error handling in x86 IOMMU identity mapping. CVE-2024-31145 PCI device pass-through with shared resources. CVE-2024-31146 x86: Deadlock in vlapicerror...

9.8CVSS6.7AI score0.00723EPSS
Exploits0References24
Mageia
Mageia
added 2025/11/07 1:54 a.m.8 views

Updated dcmtk packages fix security vulnerabilities

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is...

7.8CVSS6.8AI score0.00158EPSS
Exploits0References2
Mageia
Mageia
added 2025/11/07 1:54 a.m.10 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.5CVSS6.8AI score0.00633EPSS
Exploits0References5
Mageia
Mageia
added 2025/11/07 1:54 a.m.8 views

Updated sqlite3 packages fix security vulnerability

Integer Truncation on SQLite. CVE-2025-6965...

7.7CVSS7.1AI score0.73495EPSS
Exploits3References2
Mageia
Mageia
added 2025/11/07 1:54 a.m.6 views

Updated libvpx packages fix security vulnerability

Double-free in libvpx encoder. CVE-2025-5283...

5.4CVSS7AI score0.00513EPSS
Exploits0References2
Mageia
Mageia
added 2025/11/06 1:20 a.m.7 views

Updated gstreamer1.0-plugins-bad packages fix security vulnerability

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2025-3887...

8.8CVSS7.6AI score0.00734EPSS
Exploits0References2
Mageia
Mageia
added 2025/11/06 1:20 a.m.10 views

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities

Use-after-free in XPresentNotify structures creation. CVE-2025-62229 Use-after-free in Xkb client resource removal. CVE-2025-62230 Value overflow in Xkb extension XkbSetCompatMap. CVE-2025-62231...

7.3CVSS7.4AI score0.00481EPSS
Exploits0References2
Mageia
Mageia
added 2025/11/05 10:49 p.m.6 views

Updated net-tools packages fix security vulnerability

net-tools Stack-based Buffer Overflow vulnerability. CVE-2025-46836...

6.6CVSS7.1AI score0.00158EPSS
Exploits0References4
Mageia
Mageia
added 2025/11/05 10:49 p.m.37 views

Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

6.9CVSS5.3AI score0.0041EPSS
Exploits0References5
Mageia
Mageia
added 2025/11/05 10:49 p.m.13 views

Updated binutils packages fix security vulnerabilities

GNU Binutils format.c bfdsetformat memory corruption. CVE-2025-1153 GNU Binutils ld elflink.c bfdelfgcmarkrsec heap-based overflow. CVE-2025-1176 GNU Binutils ld libbfd.c bfdputl64 memory corruption. CVE-2025-1178 GNU Binutils ld elflink.c bfdelfgcmarkrsec memory corruption. CVE-2025-1181 GNU...

6.3CVSS7AI score0.01252EPSS
Exploits5References2
Mageia
Mageia
added 2025/11/05 10:49 p.m.34 views

Updated libsoup3 & libsoup packages fix security vulnerabilities

Libsoup: heap buffer over-read in skipinsignificantspace when sniffing content. CVE-2025-2784 Libsoup: denial of service attack to websocket server. CVE-2025-32049 Libsoup: integer overflow in appendparamquoted. CVE-2025-32050 Libsoup: segmentation fault when parsing malformed data uri...

9CVSS7.1AI score0.00847EPSS
Exploits2References7
Mageia
Mageia
added 2025/11/05 8:16 p.m.5 views

Updated microcode packages fix security vulnerability

AMD CPU Microcode Signature Verification Vulnerability. CVE-2024-36347...

6.4CVSS7AI score0.00097EPSS
Exploits0References2
Mageia
Mageia
added 2025/11/04 4:13 p.m.17 views

Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

7.5CVSS6.8AI score0.00626EPSS
Exploits0References2
Mageia
Mageia
added 2025/11/04 4:13 p.m.6 views

Updated libavif packages fix security vulnerabilities

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size. CVE-2025-48174 In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

9.1CVSS5.3AI score0.00299EPSS
Exploits1References2
Mageia
Mageia
added 2025/10/31 11:36 p.m.7 views

Updated bind packages fix security vulnerabilities

Resource exhaustion via malformed DNSKEY handling CVE-2025-8677. Cache poisoning attacks with unsolicited RRs CVE-2025-40778. Cache poisoning due to weak PRNG CVE-2025-40780...

8.6CVSS7AI score0.1096EPSS
Exploits1References2
Mageia
Mageia
added 2025/10/31 11:36 p.m.8 views

Updated transfig packages fix security vulnerabilities

fig2dev stack-overflow. CVE-2025-46397 fig2dev stack-overflow via readobjects. CVE-2025-46398 fig2dev segmentation fault vulnerability. CVE-2025-46399 fig2dev segmentation fault in readarcobject. CVE-2025-46400...

7.8CVSS7AI score0.00249EPSS
Exploits4References2
Mageia
Mageia
added 2025/10/31 11:36 p.m.6 views

Updated sope packages fix security vulnerability

It was discovered that sope, the set of Objective-C frameworks powering SOGo, contains a DoS bug which could cause a crash CVE-2025-53603...

7.5CVSS7AI score0.00592EPSS
Exploits0References2
Mageia
Mageia
added 2025/10/31 8:4 p.m.10 views

Updated libtiff packages fix security vulnerabilities

LibTIFF fax2ps tiff2pdf.c t2preadtiffinit null pointer dereference. CVE-2024-13978 LibTIFF tiffmedian.c gethistogram use after free. CVE-2025-8176 LibTIFF thumbnail.c setrow buffer overflow. CVE-2025-8177 libtiff tiff2ps tiff2ps.c PSLvl2page null pointer dereference. CVE-2025-8534 LibTIFF tiffcro...

8.8CVSS7.4AI score0.00739EPSS
Exploits6References2
Mageia
Mageia
added 2025/10/29 4:28 a.m.39 views

Updated tomcat packages fix security vulnerabilities

Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...

9.6CVSS7AI score0.66535EPSS
Exploits4References4
Mageia
Mageia
added 2025/10/29 4:28 a.m.7 views

Updated poppler packages fix security vulnerability

Use After Free UAF in Poppler. CVE-2025-52885...

8.6CVSS6.7AI score0.00159EPSS
Exploits0References2
Mageia
Mageia
added 2025/10/27 4:53 p.m.3 views

Updated libtpms package fixes security vulnerability

It was discovered that libtpms had a potential out-of-bound access & abort due to HMAC signing issue CVE-2025-49133...

5.9CVSS6.7AI score0.00135EPSS
Exploits0References2
Mageia
Mageia
added 2025/10/27 4:53 p.m.6 views

Updated icu packages fix security vulnerability

A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...

7CVSS8.1AI score0.00296EPSS
Exploits0References3
Mageia
Mageia
added 2025/10/23 7:37 p.m.11 views

Updated firefox, nss & rootcerts fix security vulnerabilities

CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could ...

9.8CVSS7.9AI score0.00687EPSS
Exploits0References8
Mageia
Mageia
added 2025/10/23 7:37 p.m.9 views

Updated thunderbird packgaes fix security vulnerabilities

CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could ...

9.8CVSS7.9AI score0.00687EPSS
Exploits0References8
Mageia
Mageia
added 2025/10/22 8:7 p.m.5 views

Updated openssl packages fix a security vulnerability

Out-of-bounds read & write in RFC 3211 KEK Unwrap. CVE-2025-9230...

7.5CVSS7AI score0.01744EPSS
Exploits0References2
Mageia
Mageia
added 2025/10/22 8:7 p.m.11 views

Updated python-django packages fix a security vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

9.8CVSS8AI score0.0085EPSS
Exploits0References2
Mageia
Mageia
added 2025/10/22 8:7 p.m.8 views

Updated nginx package fixes security vulnerability

It was discovered that nginx contains a security issue in the ngxmailsmtpmodule which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server CVE-2025-53859...

6.3CVSS7AI score0.00371EPSS
Exploits0References2
Mageia
Mageia
added 2025/10/22 8:7 p.m.6 views

Updated haproxy packages fix security vulnerability & bugs

Haproxy has a critical, a major, few medium and few minor bugs fixed in the last upstream version 2.8.16 of branch 2.8. Fixed critical bug list: - mjson: fix possible DoS when parsing numbers Fixed major bug list: - listeners: transfer connection accounting when switching listeners Fixed medium...

7.5CVSS7.1AI score0.00479EPSS
Exploits0References3
Mageia
Mageia
added 2025/10/20 7:51 p.m.13 views

Updated quictls packages with two security issues and bug fixes

Two security issues and miscellaneous minor bug fixes. Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. CVE-2025-9230 Fix Out-of-bounds read in HTTP client noproxy handling. CVE-2025-9232...

7.5CVSS7.2AI score0.02016EPSS
Exploits0References3
Mageia
Mageia
added 2025/10/18 4:49 p.m.7 views

Updated expat packages fix security vulnerabilities

Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 This is an extension of the fix published in MGASA-2025-0109 that was determined by upstream to be incomplete. Libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small...

7.5CVSS6.1AI score0.01569EPSS
Exploits1References4
Mageia
Mageia
added 2025/10/17 1:40 a.m.6 views

Updated varnish & lighttpd packages fix security vulnerability

It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing...

7.5CVSS6.9AI score0.04604EPSS
Exploits3References3
Mageia
Mageia
added 2025/10/14 5:45 p.m.9 views

Updated fetchmail package fixes security vulnerability

It was discovered that fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will...

5.9CVSS7.4AI score0.00384EPSS
Exploits0References3
Mageia
Mageia
added 2025/10/11 6:18 a.m.7 views

Updated open-vm-tools package fixes security vulnerability

It was discovered that open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability to escalate privileges to root on the same VM CVE-2025-41244...

7.8CVSS7.3AI score0.0788EPSS
Exploits3References2
Mageia
Mageia
added 2025/10/10 3:12 a.m.9 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.105 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. The newer meta-task and mageia-repos packages are required to simplify the correct installation of the kernel-stable-userspace-headers...

8.5CVSS7.1AI score0.07142EPSS
Exploits3References5
Mageia
Mageia
added 2025/10/10 3:12 a.m.7 views

Updated microcode packages fix security vulnerabilities

The updated package updates AMD cpu microcode for processor family 19h, adds AMD cpu microcode for processor family 1ah and fixes security vulnerabilities for Intel processors: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel® Processors may allow an...

7.9CVSS7.2AI score0.00169EPSS
Exploits0References2
Mageia
Mageia
added 2025/10/09 8:24 p.m.8 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.105 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

8.5CVSS7.1AI score0.07142EPSS
Exploits3References5
Mageia
Mageia
added 2025/09/16 4:34 p.m.6 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Better Glyph drawing. CVE-2025-30749 Enhance TLS protocol support. CVE-2025-30754 Improve scripting supports. CVE-2025-30761 Improve HTTP client header handling. CVE-2025-50059 Better Glyph drawing redux. CVE-2025-50106...

8.6CVSS6.7AI score0.01058EPSS
Exploits1References5
Mageia
Mageia
added 2025/09/11 5:2 p.m.7 views

Updated curl packages fix security vulnerability

curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers...

7.5CVSS6.7AI score0.01301EPSS
Exploits1References2
Mageia
Mageia
added 2025/09/08 7:35 p.m.17 views

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. CVE-2025-8713 PostgreSQL pgdump lets superuser of origin server execute arbitrary code in psql client. CVE-2025-8714 PostgreSQL pgdump newline in object name executes arbitrary code in psql client an...

8.8CVSS7.9AI score0.00709EPSS
Exploits1References2
Mageia
Mageia
added 2025/09/08 7:35 p.m.9 views

Updated python-django packages fix security vulnerability

Potential SQL injection in FilteredRelation column aliases. CVE-2025-57833...

8.1CVSS8.1AI score0.15602EPSS
Exploits4References2
Mageia
Mageia
added 2025/09/08 7:35 p.m.7 views

Updated udisks2 packages fix a security vulnerability

Out-of-bounds read in udisks daemon. CVE-2025-8067...

8.5CVSS7AI score0.0065EPSS
Exploits1References3
Mageia
Mageia
added 2025/09/05 6:30 p.m.7 views

Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities

JavaScript engine only wrote partial return value to stack. CVE-2025-8027 Large branch table could lead to truncated instruction. CVE-2025-8028 Javascript: URLs executed on object and embed tags. CVE-2025-8029 Potential user-assisted code execution in “Copy as cURL” command. CVE-2025-8030 Incorre...

9.8CVSS7.7AI score0.0053EPSS
Exploits0References6
Mageia
Mageia
added 2025/09/05 6:30 p.m.8 views

Updated thunderbird packages fix vulnerabilities

Use-after-free in FontFaceSet. CVE-2025-6424 The WebCompat WebExtension shipped exposed a persistent UUID. CVE-2025-6425 Incorrect parsing of URLs could have allowed embedding of youtube.com. CVE-2025-6429 Content-Disposition header ignored when a file is included in an embed or object tag...

9.8CVSS7.8AI score0.03057EPSS
Exploits0References7
Mageia
Mageia
added 2025/09/02 3:16 p.m.8 views

Updated vim packages fix vulnerabilities

Path traversal issue with tar.vim and special crafted tar archives in Vim 9.1.1552. CVE-2025-53905 Path traversal issue with zip.vim and special crafted zip archives in Vim v9.1.1551. CVE-2025-53906...

4.1CVSS7.1AI score0.00731EPSS
Exploits2References3
Mageia
Mageia
added 2025/09/02 3:16 p.m.7 views

Updated gnutls packages fix vulnerabilities

null pointer dereference in gnutlsfigurecommonciphersuite. CVE-2025-6395 Vulnerability in gnutls othername san export. CVE-2025-32988 Vulnerability in gnutls sct extension parsing. CVE-2025-32989 Vulnerability in gnutls certtool template parsing. CVE-2025-32990...

8.2CVSS7AI score0.01185EPSS
Exploits0References2
Mageia
Mageia
added 2025/09/02 3:16 p.m.6 views

Updated aide packages fix vulnerabilities

Improper output neutralization potential AIDE detection bypass. CVE-2025-54389 Null pointer dereference after reading incorrectly encoded xattr attributes from database local DoS. CVE-2025-54409...

6.2CVSS7AI score0.00216EPSS
Exploits2References3
Mageia
Mageia
added 2025/09/02 3:16 p.m.7 views

Updated tomcat packages fix vulnerabilities

APR/Native Connector crash leading to DoS. CVE-2025-52434 DoS via integer overflow in multipart file upload. CVE-2025-52520 DoS via excessive h2 streams at connection start. CVE-2025-53506 H2 DoS - Made You Reset. CVE-2025-48989...

7.5CVSS7.4AI score0.03389EPSS
Exploits0References5
Mageia
Mageia
added 2025/09/01 6:20 p.m.6 views

Updated golang packages fix vulnerabilities

LookPath may return unexpected paths, CVE-2025-47906. incorrect results returned from Rows.Scan, CVE-2025-47907. These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt...

7CVSS7.1AI score0.00489EPSS
Exploits1References2
Total number of security vulnerabilities6009