Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2025/05/28 7:45 p.m.•24 views

Updated cimg packages fix security vulnerability

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimglibrary::CImg::loadanalyze. CVE-2024-26540...

7.8CVSS7.2AI score0.00314EPSS
Exploits1References2
Mageia
Mageia
•added 2025/05/28 7:45 p.m.•19 views

Updated ghostscript packages fix security vulnerabilities

gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708...

4CVSS7.1AI score0.00276EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/27 6:46 p.m.•21 views

Updated sqlite3 packages fix security vulnerability

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. CVE-2025-29088...

5.6CVSS6.7AI score0.00179EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/27 6:46 p.m.•23 views

Updated open-vm-tools packages fix security vulnerability

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. CVE-2025-22247...

6.1CVSS6.7AI score0.00247EPSS
Exploits0References3
Mageia
Mageia
•added 2025/05/27 6:46 p.m.•23 views

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Out-of-bounds access when resolving Promise objects. CVE-2025-4918 Out-of-bounds access when optimizing linear sums. CVE-2025-4919...

9.8CVSS8.8AI score0.08917EPSS
Exploits1References4
Mageia
Mageia
•added 2025/05/27 6:46 p.m.•27 views

Updated thunderbird packages fix security vulnerabilities

Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3875 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. CVE-2025-3877 JavaScript Execution via Spoofed PDF Attachment and file:/// Link. CVE-2025-3909 Tracking Links in Attachments...

9.8CVSS9AI score0.08917EPSS
Exploits1References5
Mageia
Mageia
•added 2025/05/24 11:25 p.m.•14 views

Updated zsync packages fix security vulnerabilities

Improper Pointer Arithmetic in pcl. CVE-2025-4638...

9.8CVSS7AI score0.00446EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/24 11:25 p.m.•23 views

Updated iputils packages fix security vulnerability

ping in iputils through 20240905 allows a denial of service application error or incorrect data collection via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. CVE-2025-47268...

6.5CVSS7.5AI score0.01455EPSS
Exploits1References2
Mageia
Mageia
•added 2025/05/24 11:25 p.m.•19 views

Updated nodejs packages fix security vulnerabilities

Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string. CVE-2025-23165 Improper error handling in async cryptographic operations crashes process. CVE-2025-23166 Improper HTTP header block termination in llhttp. CVE-2025-23167...

7.5CVSS7.3AI score0.00763EPSS
Exploits1References2
Mageia
Mageia
•added 2025/05/24 11:25 p.m.•20 views

Updated glibc packages fix security vulnerability

An untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS...

7.8CVSS7.1AI score0.00433EPSS
Exploits1References3
Mageia
Mageia
•added 2025/05/23 8:6 p.m.•29 views

Updated chromium-browser-stable packages fix security vulnerabilities

Heap buffer overflow in HTML. CVE-2025-4096 Out of bounds memory access in DevTools. CVE-2025-4050 Insufficient data validation in DevTools. CVE-2025-4051 Inappropriate implementation in DevTools. CVE-2025-4052 Use after free in WebAudio. CVE-2025-4372 Insufficient policy enforcement in Loader...

9.8CVSS8AI score0.05329EPSS
Exploits3References4
Mageia
Mageia
•added 2025/05/23 8:6 p.m.•24 views

Updated microcode packages fix security vulnerabilities

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2024-28956 Insufficient resource pool in the core management mechanism...

6.8CVSS5.6AI score0.00371EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/16 7:44 p.m.•24 views

Updated openssh packages fix security vulnerability

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. CVE-2025-32728...

4.3CVSS6.8AI score0.0016EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/16 7:44 p.m.•30 views

Updated dropbear packages fix security vulnerability

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

4.5CVSS7.5AI score0.00581EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/13 8:56 p.m.•39 views

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Better TLS connection support. CVE-2025-21587 Improve compiler transformations. CVE-2025-30691 Enhance Buffered Image handling. CVE-2025-30698 The updated timezone data are needed by the new Java packages...

7.4CVSS7.6AI score0.0073EPSS
Exploits0References6
Mageia
Mageia
•added 2025/05/13 7:41 p.m.•41 views

Updated postgresql15 & postgresql13 packages fix security vulnerability

PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation. CVE-2025-4207...

5.9CVSS6.9AI score0.00637EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/11 4:42 a.m.•34 views

Updated python-django packages fix security vulnerability

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS7.1AI score0.14243EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/11 4:42 a.m.•33 views

Updated transfig packages fix security vulnerabilities

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via getslope function. CVE-2025-31162 Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via putpatternarc function...

6.6CVSS6.9AI score0.00197EPSS
Exploits3References2
Mageia
Mageia
•added 2025/05/11 4:42 a.m.•30 views

Updated libreoffice packages fix security vulnerability

PDF signature forgery with adbe.pkcs7.sha1 SubFilter. CVE-2025-2866...

5.5CVSS7.4AI score0.00096EPSS
Exploits0References3
Mageia
Mageia
•added 2025/05/08 6:51 p.m.•30 views

Updated thunderbird packages fix security vulnerabilities

Process isolation bypass using "javascript:" URI links in cross-origin frames. CVE-2025-4083 Unsafe attribute access during XPath parsing. CVE-2025-4087 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. CVE-2025-4091 Memory safety bug fixed in...

9.1CVSS8.1AI score0.00419EPSS
Exploits0References3
Mageia
Mageia
•added 2025/05/08 6:51 p.m.•32 views

Updated firefox packages fix security vulnerabilities

A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox...

9.1CVSS8.3AI score0.00419EPSS
Exploits0References3
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•28 views

Updated apache-mod_auth_openidc packages fix security vulnerability

modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. CVE-2025-31492...

8.2CVSS6.7AI score0.00563EPSS
Exploits0References5
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•27 views

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. CVE-2025-32460...

9.1CVSS7.4AI score0.00315EPSS
Exploits1References4
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•69 views

Updated poppler packages fix security vulnerability

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903...

4.3CVSS6.1AI score0.00092EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•35 views

Updated fcgi packages fix security vulnerability

FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. CVE-2025-23016...

9.3CVSS7.4AI score0.00566EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•32 views

Updated pam packages fix security vulnerability

libpam vulnerable to leaking hashed passwords. CVE-2024-10041...

4.7CVSS6.9AI score0.00265EPSS
Exploits0References2
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•56 views

Updated tomcat packages fix security vulnerabilities

DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...

9.8CVSS6.9AI score0.66933EPSS
Exploits6References3
Mageia
Mageia
•added 2025/05/05 4:57 a.m.•72 views

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

8.8CVSS7.3AI score0.00606EPSS
Exploits0References10
Mageia
Mageia
•added 2025/05/01 4:42 p.m.•120 views

Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.87 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

8.8CVSS7.4AI score0.00606EPSS
Exploits0References10
Mageia
Mageia
•added 2025/05/01 6:51 a.m.•33 views

Updated imagemagick packages fix security vulnerabilities

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

7.5CVSS3.9AI score0.00481EPSS
Exploits0References2
Mageia
Mageia
•added 2025/04/28 8:1 p.m.•26 views

Updated chromium-browser-stable packages fix security vulnerabilities

Heap buffer overflow in Codecs. CVE-2025-3619 Use after free in USB. CVE-2025-3620...

8.8CVSS7.8AI score0.00366EPSS
Exploits0References3
Mageia
Mageia
•added 2025/04/25 5:34 p.m.•25 views

Updated haproxy packages fix security vulnerability

BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refsAleandro Prudenzano of Doyensec and Edoardo Geraci of Codean Labs reported a bug in sampleconvregsub, which can cause replacements of multiple back-references to overflow the temporary trash buffer. The problem happen...

6.8CVSS7.6AI score0.00688EPSS
Exploits0References3
Mageia
Mageia
•added 2025/04/25 5:34 p.m.•24 views

Updated libxml2 packages fix security vulnerabilities

CVE-2025-32414 Buffer overflow when parsing text streams with Python API CVE-2025-32415 Heap-based Buffer Overflow in xmlSchemaIDCFillNodeTables...

7.5CVSS7.6AI score0.00559EPSS
Exploits2References2
Mageia
Mageia
•added 2025/04/17 11:34 p.m.•35 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Site Isolation. CVE-2025-3066 Inappropriate implementation in Custom Tabs. CVE-2025-3067 Inappropriate implementation in Intents. CVE-2025-3068 Inappropriate implementation in Extensions. CVE-2025-3069 Insufficient validation of untrusted input in Extensions. CVE-2025-3070...

8.8CVSS7.5AI score0.00552EPSS
Exploits0References3
Mageia
Mageia
•added 2025/04/17 5:37 p.m.•32 views

Updated rust packages fix security vulnerability

The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...

10CVSS7.8AI score0.20342EPSS
Exploits10References9
Mageia
Mageia
•added 2025/04/12 7:4 p.m.•50 views

Updated giflib packages fix security vulnerability

The giflib open-source component has a buffer overflow vulnerability. CVE-2025-31344...

7.3CVSS7AI score0.00232EPSS
Exploits0References3
Mageia
Mageia
•added 2025/04/12 4:23 a.m.•42 views

Updated gnupg2 packages fix security vulnerability

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS". CVE-2025-30258...

4.7CVSS6.1AI score0.00179EPSS
Exploits1References2
Mageia
Mageia
•added 2025/04/12 4:23 a.m.•36 views

Updated poppler packages fix security vulnerabilities

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN. CVE-2025-32364 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine...

7.1CVSS6.7AI score0.00234EPSS
Exploits2References3
Mageia
Mageia
•added 2025/04/12 4:23 a.m.•34 views

Updated graphicsmagick packages fix security vulnerabilities

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. CVE-2025-27795...

7.5CVSS6.9AI score0.00413EPSS
Exploits0References2
Mageia
Mageia
•added 2025/04/10 12:22 a.m.•33 views

Updated atop packages fix security vulnerability

atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. CVE-2025-31160...

2.9CVSS7.8AI score0.00192EPSS
Exploits0References9
Mageia
Mageia
•added 2025/04/10 12:22 a.m.•20 views

Updated docker-containerd packages fix security vulnerability

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

7.8CVSS7.2AI score0.00275EPSS
Exploits1References2
Mageia
Mageia
•added 2025/04/10 12:22 a.m.•26 views

Updated xz packages fix security vulnerability

XZ has a heap-use-after-free bug in threaded .xz decoder. CVE-2025-31115...

8.7CVSS6.9AI score0.00647EPSS
Exploits0References2
Mageia
Mageia
•added 2025/04/05 6:46 p.m.•28 views

Updated corosync packages fix security vulnerability

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...

9.8CVSS7.8AI score0.00433EPSS
Exploits1References2
Mageia
Mageia
•added 2025/04/05 6:46 p.m.•19 views

Updated nss & firefox packages fix security vulnerabilities

Use-after-free triggered by XSLTProcessor. CVE-2025-3028 URL Bar Spoofing via non-BMP Unicode characters. CVE-2025-3029 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. CVE-2025-3030...

8.1CVSS7.9AI score0.00824EPSS
Exploits1References4
Mageia
Mageia
•added 2025/04/05 6:46 p.m.•22 views

Updated augeas packages fix security vulnerability

Hercules Augeas fa.c recaseexpand null pointer dereference. CVE-2025-2588...

4.8CVSS7.3AI score0.00241EPSS
Exploits1References2
Mageia
Mageia
•added 2025/04/05 6:46 p.m.•23 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free triggered by XSLTProcessor. CVE-2025-3028 URL Bar Spoofing via non-BMP Unicode characters. CVE-2025-3029 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. CVE-2025-3030...

8.1CVSS7.9AI score0.00824EPSS
Exploits1References3
Mageia
Mageia
•added 2025/04/03 10:52 p.m.•23 views

Updated microcode packages fix security vulnerability

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. CVE-2024-56161...

7.2CVSS7.1AI score0.00523EPSS
Exploits0References2
Mageia
Mageia
•added 2025/04/03 1:36 a.m.•21 views

Updated curl packages fix security vulnerabilities

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. The fix was included previously as part of MGAA-2025-0004...

7.3CVSS7.4AI score0.01253EPSS
Exploits3References4
Mageia
Mageia
•added 2025/04/02 9:53 p.m.•26 views

Updated upx packages fix security vulnerability

UPX plxelf.cpp unDTINIT heap-based overflow. CVE-2025-2849...

5.5CVSS7.3AI score0.00274EPSS
Exploits1References2
Mageia
Mageia
•added 2025/03/31 3:54 p.m.•26 views

Updated mercurial packages fix security vulnerability

Mercurial SCM Web Interface cross site scripting. CVE-2025-2361...

5.3CVSS6.4AI score0.00486EPSS
Exploits0References4
Total number of security vulnerabilities6009