Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
added 2025/09/01 6:20 p.m.4 views

Updated glibc packages fix vulnerability

Double-free after allocation failure in regcomp. CVE-2025-8058...

5.9CVSS7.1AI score0.00158EPSS
Exploits0References2
Mageia
Mageia
added 2025/09/01 6:20 p.m.6 views

Updated golang packages fix vulnerabilities

LookPath may return unexpected paths, CVE-2025-47906. incorrect results returned from Rows.Scan, CVE-2025-47907. These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt...

7CVSS7.1AI score0.00489EPSS
Exploits1References2
Mageia
Mageia
added 2025/08/11 10:3 p.m.16 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.101 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

7.8CVSS7.3AI score0.01345EPSS
Exploits10References9
Mageia
Mageia
added 2025/08/11 10:3 p.m.13 views

Updated kernel, kmod-virtualbox, kmod-xtables-addons & wireless-regdb packages fix security vulnerabilities

Upstream kernel version 6.6.101 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons & wireless-regdb packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

7.8CVSS7.3AI score0.01345EPSS
Exploits10References9
Mageia
Mageia
added 2025/08/02 9:15 p.m.16 views

Updated wxgtk packages fix security vulnerability

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL...

3.7CVSS4AI score0.00464EPSS
Exploits0References5
Mageia
Mageia
added 2025/08/02 4:54 a.m.5 views

Updated glib2.0 packages fix security vulnerability

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS6.3AI score0.00419EPSS
Exploits0References2
Mageia
Mageia
added 2025/07/31 5:26 p.m.10 views

Updated slurm packages fix security vulnerability

Updated slurm packages to fix a vulnerability in the Slurm’s accounting system that would have allowed a Coordinator to promote a user to Administrator CVE-2025-43904...

4.2CVSS5.8AI score0.00244EPSS
Exploits0References2
Mageia
Mageia
added 2025/07/25 9:48 p.m.6 views

Updated poppler packages fix security vulnerabilities

poppler uses std::atomicint for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free...

6.9CVSS7.5AI score0.00371EPSS
Exploits1References2
Mageia
Mageia
added 2025/07/25 9:48 p.m.21 views

Updated sudo packages fix security vulnerabilities

CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because...

9.3CVSS9.4AI score0.47467EPSS
Exploits77References4
Mageia
Mageia
added 2025/07/22 4:34 p.m.16 views

Updated qtbase6 & qtbase5 packages fix security vulnerability

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

8.4CVSS7.2AI score0.00309EPSS
Exploits0References2
Mageia
Mageia
added 2025/07/19 5:55 p.m.8 views

Updated quictls packages with minor bug fixes

Miscellaneous minor bug fixes...

4.3CVSS7.3AI score0.05966EPSS
Exploits0References3
Mageia
Mageia
added 2025/07/19 5:55 p.m.9 views

Updated djvulibre packages fix security vulnerability

An out-of-bounds write in the MMRDecoder::scanruns method was fixed. The vulnerability could be exploited to gain code execution on a Linux Desktop system when the user tries to open a crafted document...

8.4CVSS7.8AI score0.00741EPSS
Exploits0References3
Mageia
Mageia
added 2025/07/19 5:55 p.m.8 views

Updated redis packages fix security vulnerabilities

Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potential...

9.8CVSS7.9AI score0.03877EPSS
Exploits4References2
Mageia
Mageia
added 2025/07/15 2:49 a.m.5 views

Updated qtimageformats6 packages fix security vulnerabilities

Loading a specifically-crafted ICNS format image file in QImage will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0...

5.5CVSS6.2AI score0.00203EPSS
Exploits0References2
Mageia
Mageia
added 2025/07/11 6:52 p.m.7 views

Updated dpkg packages fix security vulnerabilities

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

8.2CVSS7.5AI score0.00341EPSS
Exploits0References2
Mageia
Mageia
added 2025/07/11 6:52 p.m.6 views

Updated gnupg2 packages fix security vulnerabilities

Key validity not computed when key is certified by a trusted "certify-only" key regression due to patch for CVE-2025-30258...

7.3AI score
Exploits0References2
Mageia
Mageia
added 2025/07/11 6:52 p.m.9 views

Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

8.6CVSS7.7AI score0.00273EPSS
Exploits0References3
Mageia
Mageia
added 2025/07/11 6:52 p.m.6 views

Updated firefox packages fix security vulnerabilities

Suggested Advisory The last packaged version for armv7hl was 115.13.0, so from the point of view of the armv7hl architecture, this is a Security Advisory and fixes a lot of CVEs; see the linked Security Advisories below. https://advisories.mageia.org/MGASA-2024-0325.html...

7.2AI score
Exploits0References1
Mageia
Mageia
added 2025/07/05 11:48 p.m.19 views

Updated php packages fix security vulnerabilities

PGSQL: Fixed GHSA-hrwm-9436-5mv3 pgsql extension does not check for errors during escaping. CVE-2025-1735 SOAP: Fixed GHSA-453j-q27h-5p8x NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix. CVE-2025-6491 Standard: Fixed GHSA-3cr5-j632-f35r Null byte termination in...

7.5CVSS6.5AI score0.00953EPSS
Exploits2References2
Mageia
Mageia
added 2025/07/05 11:48 p.m.16 views

Updated catdoc packages fix security vulnerabilities

A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in the xls2csv utility version 0.95. CVE-2024-48877 An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. CVE-2024-52035 An integer...

8.4CVSS8.7AI score0.00273EPSS
Exploits3References2
Mageia
Mageia
added 2025/07/02 10:16 p.m.10 views

Updated rootcerts, nss & firefox packages fix security vulnerabilities

CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private...

9.8CVSS6.7AI score0.03057EPSS
Exploits0References5
Mageia
Mageia
added 2025/07/02 5:4 p.m.9 views

Updated libarchive packages fix security vulnerabilities

Double free at archivereadformatrarseekdata in archivereadsupportformatrar.c. CVE-2025-5914 Heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c. CVE-2025-5915 Integer overflow while reading warc files at archivereadsupportformatwarc.c. CVE-2025-5916 Off by one error in...

7.8CVSS7.7AI score0.00326EPSS
Exploits2References2
Mageia
Mageia
added 2025/06/28 10:45 p.m.12 views

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities

Out-of-bounds access in X Rendering extension Animated cursors. CVE-2025-49175 Integer overflow in Big Requests Extension. CVE-2025-49176 Data leak in XFIXES Extension 6 XFixesSetClientDisconnectMode. CVE-2025-49177 Unprocessed client request via bytes to ignore. CVE-2025-49178 Integer overflow i...

7.8CVSS7.5AI score0.00369EPSS
Exploits0References3
Mageia
Mageia
added 2025/06/27 5:44 a.m.7 views

Updated gdk-pixbuf2.0 packages fix security vulnerability

It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure...

3.3CVSS7.2AI score0.00149EPSS
Exploits0References2
Mageia
Mageia
added 2025/06/27 2:11 a.m.13 views

Updated thunderbird packages fix security vulnerabilities

CVE-2025-5262: A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated fr...

8.1CVSS8AI score0.00466EPSS
Exploits0References5
Mageia
Mageia
added 2025/06/25 10:7 p.m.8 views

Updated chromium-browser-stable packages fix security vulnerabilities

Integer overflow in V8. CVE-2025-6191 Use after free in Profiler. CVE-2025-6192...

8.8CVSS8AI score0.09224EPSS
Exploits0References2
Mageia
Mageia
added 2025/06/25 3:14 p.m.7 views

Updated nss & firefox packages fix security vulnerabilities

CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. CVE-2025-5264: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this...

8.1CVSS7.2AI score0.00412EPSS
Exploits0References4
Mageia
Mageia
added 2025/06/25 5:31 a.m.15 views

Updated tomcat packages fix security vulnerabilities

FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...

7.5CVSS7.4AI score0.54877EPSS
Exploits1References3
Mageia
Mageia
added 2025/06/25 5:31 a.m.7 views

Updated apache-mod_security packages fix security vulnerabilities

ModSecurity Has Possible DoS Vulnerability. CVE-2025-47947 ModSecurity has possible DoS vulnerability in sanitiseArg action. CVE-2025-48866...

7.5CVSS7.3AI score0.0076EPSS
Exploits2References3
Mageia
Mageia
added 2025/06/25 5:31 a.m.9 views

Updated clamav packages fix security vulnerability

Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service DoS condition or enable remote code execution. CVE-2025-20260...

9.8CVSS8.5AI score0.01535EPSS
Exploits0References2
Mageia
Mageia
added 2025/06/25 5:31 a.m.10 views

Updated python-django packages fix security vulnerability

Potential log injection via unescaped request path. CVE-2025-48432...

5.3CVSS7.7AI score0.006EPSS
Exploits0References5
Mageia
Mageia
added 2025/06/25 5:31 a.m.11 views

Updated yarnpkg packages fix security vulnerabilities

CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in...

9.8CVSS7.5AI score0.03346EPSS
Exploits7References3
Mageia
Mageia
added 2025/06/24 8:11 p.m.7 views

Updated docker packages fix security vulnerability

External DNS requests from 'internal' networks could lead to data exfiltration - CVE-2024-29018 We can't determine if docker 24.0.5 is affected but as it is no longer supported we are releasing version 25.0.7, as it is supported and free of the CVE...

7.5CVSS9.8AI score0.0075EPSS
Exploits0References3
Mageia
Mageia
added 2025/06/24 8:11 p.m.11 views

Updated udisks2 & libblockdev packages fix security vulnerabilities

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

7CVSS7.9AI score0.00423EPSS
Exploits18References2
Mageia
Mageia
added 2025/06/20 4:37 p.m.16 views

Updated chromium-browser-stable packages fix security vulnerabilities

CVE-2025-5063: Use after free in Compositing. CVE-2025-5280: Out of bounds write in V8. CVE-2025-5064: Inappropriate implementation in Background Fetch API. CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. CVE-2025-5066: Inappropriate implementation in Messages. CVE-2025-5281:...

8.8CVSS7.8AI score0.10666EPSS
Exploits3References4
Mageia
Mageia
added 2025/06/11 5:43 p.m.15 views

Updated roundcubemail packages fix security vulnerability

A Post-Auth RCE was announced and fixed in the latest release...

9.9CVSS9.8AI score0.89462EPSS
Exploits29References5
Mageia
Mageia
added 2025/06/11 5:43 p.m.21 views

Updated mariadb packages fix security vulnerabilities

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through...

6.8CVSS7.1AI score0.00869EPSS
Exploits0References4
Mageia
Mageia
added 2025/06/09 6:14 p.m.23 views

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...

7.5CVSS6.7AI score0.0056EPSS
Exploits0References2
Mageia
Mageia
added 2025/06/09 6:14 p.m.26 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.93 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.8CVSS8.2AI score0.09796EPSS
Exploits2References6
Mageia
Mageia
added 2025/06/09 6:14 p.m.20 views

Updated kernel, kmod-virtualbox, kmod-xtables-addons, dwarves, libtraceevent, libtracefs, kernel-firmware, kernel-firmware-nonfree, radeon-firmware & wireless-regdb packages fix security vulnerabilities

Upstream kernel version 6.6.93 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons, wireless-regdb & firmware packages have been updated to work with this new kernel; some updated build time requirement are here to allow building this kernel version. For information about the...

9.8CVSS8.2AI score0.09796EPSS
Exploits2References6
Mageia
Mageia
added 2025/06/09 6:14 p.m.13 views

Updated cockpit packages fix security vulnerability & bug

Mageia's internal bug: In the current version you can't login in the web interface with firefox or chromium-browser packaged by Mageia. This update fixes the issue, but it is reported that could need to reboot and clear cookies from your browser. A flaw was found in the cockpit package. This flaw...

3.2CVSS4.3AI score0.00266EPSS
Exploits0References1
Mageia
Mageia
added 2025/06/08 6:22 a.m.13 views

Updated php-adodb packages fix security vulnerability

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

10CVSS9.9AI score0.00664EPSS
Exploits0References3
Mageia
Mageia
added 2025/06/08 6:22 a.m.13 views

Updated systemd packages fix security vulnerability

Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump. CVE-2025-4598...

4.7CVSS4.7AI score0.00637EPSS
Exploits1References3
Mageia
Mageia
added 2025/06/08 6:22 a.m.17 views

Updated tomcat packages fix security vulnerability

Security constraint bypass for CGI scripts. CVE-2025-46701...

7.3CVSS6.3AI score0.02736EPSS
Exploits1References2
Mageia
Mageia
added 2025/06/05 4:26 p.m.13 views

Updated cifs-utils packages fix security vulnerability

cifs.upcall makes an upcall to the wrong namespace in containerized environments. CVE-2025-2312...

5.9CVSS6.8AI score0.00149EPSS
Exploits0References2
Mageia
Mageia
added 2025/06/02 5:55 p.m.37 views

Updated golang packages fix security vulnerabilities

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied - CVE-2025-22870. The net/http package...

9.1CVSS7.1AI score0.00724EPSS
Exploits2References4
Mageia
Mageia
added 2025/05/31 4:20 p.m.34 views

Updated deluge packages fix security vulnerabilities & bug

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

7.1AI score
Exploits0References1
Mageia
Mageia
added 2025/05/31 3:36 a.m.25 views

Updated redis packages fix security vulnerability

Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client. CVE-2025-21605...

7.5CVSS6.6AI score0.00824EPSS
Exploits0References2
Mageia
Mageia
added 2025/05/31 3:36 a.m.21 views

Updated glib2.0 packages fix security vulnerability

Buffer underflow on glib through glib/gstring.c via function gstringinsertunichar. CVE-2025-4373...

4.8CVSS7AI score0.00443EPSS
Exploits0References2
Mageia
Mageia
added 2025/05/31 3:36 a.m.19 views

Updated coreutils packages fix security vulnerability

Heap buffer under-read in gnu coreutils sort via key specification. CVE-2025-5278...

4.4CVSS7.2AI score0.00224EPSS
Exploits0References2
Total number of security vulnerabilities6009