{"result":"OK","data":{"search":[{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:1498","_score":6.7246304,"_source":{"id":"CESA-2024:1498","type":"centos","bulletinFamily":"unix","title":"thunderbird security update","description":"**CentOS Errata and Security Advisory** CESA-2024:1498\n\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n\n* Mozilla: Leaking of encrypted email subjects to other conversations  (CVE-2024-1936)\n\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-April/099238.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:1498","published":"2024-04-03T14:01:39","modified":"2024-04-03T14:01:39","cvss":{"score":8.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-April/099238.html","cvelist":["CVE-2023-5388","CVE-2024-0743","CVE-2024-1936","CVE-2024-2607","CVE-2024-2608","CVE-2024-2610","CVE-2024-2611","CVE-2024-2612","CVE-2024-2614"],"lastseen":"2026-03-16T14:22:27","vhref":"https://vulners.com/centos/CESA-2024:1498"},"sort":[6.7246304,1712152899000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:1498 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:1486","_score":6.7246304,"_source":{"id":"CESA-2024:1486","type":"centos","bulletinFamily":"unix","title":"firefox security update","description":"**CentOS Errata and Security Advisory** CESA-2024:1486\n\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.9.1 ESR.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n\n* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)\n\n* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)\n\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)\n\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)\n\n* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)\n\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)\n\n* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-April/099237.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:1486","published":"2024-04-03T14:00:43","modified":"2024-04-03T14:00:43","cvss":{"score":8.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-April/099237.html","cvelist":["CVE-2023-5388","CVE-2024-0743","CVE-2024-2607","CVE-2024-2608","CVE-2024-2610","CVE-2024-2611","CVE-2024-2612","CVE-2024-2614","CVE-2024-2616","CVE-2024-29944"],"lastseen":"2026-03-16T14:22:27","vhref":"https://vulners.com/centos/CESA-2024:1486"},"sort":[6.7246304,1712152843000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:1486 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:1249","_score":6.7246304,"_source":{"id":"CESA-2024:1249","type":"centos","bulletinFamily":"unix","title":"bpftool, kernel, perf, python security update","description":"**CentOS Errata and Security Advisory** CESA-2024:1249\n\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* (CVE-2024-26602, ?)\n\n* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)\n\n* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)\n\n* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)\n\n* kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)\n\n* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [rhel-7] INFO: possible circular locking dependency detected: store+0x70/0xe0 kernfs_fop_write+0xe3/0x190 (BZ#2161654)\n\n* qedf: Reading /sys/kernel/debug/qedf/hostX/stop_io_on_error can cause panic (BZ#2224973)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-March/099235.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:1249","published":"2024-03-25T15:37:48","modified":"2024-03-25T15:37:48","cvss":{"score":8.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-March/099235.html","cvelist":["CVE-2022-42896","CVE-2023-38409","CVE-2023-45871","CVE-2023-4921","CVE-2024-1086","CVE-2024-26602"],"lastseen":"2026-03-28T22:14:06","vhref":"https://vulners.com/centos/CESA-2024:1249"},"sort":[6.7246304,1711381068000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:1249 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0957","_score":6.7246304,"_source":{"id":"CESA-2024:0957","type":"centos","bulletinFamily":"unix","title":"thunderbird security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0957\n\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)\n\n* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)\n\n* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)\n\n* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)\n\n* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)\n\n* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)\n\n* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)\n\n* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099231.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0957","published":"2024-02-29T15:09:00","modified":"2024-02-29T15:09:00","cvss":{"score":8.1,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"security"},"cvss2":{},"cvss3":{"cvssV31":{"source":"security","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099231.html","cvelist":["CVE-2024-1546","CVE-2024-1547","CVE-2024-1548","CVE-2024-1549","CVE-2024-1550","CVE-2024-1551","CVE-2024-1552","CVE-2024-1553"],"lastseen":"2026-03-28T22:14:06","vhref":"https://vulners.com/centos/CESA-2024:0957"},"sort":[6.7246304,1709219340000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0957 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0976","_score":6.7246304,"_source":{"id":"CESA-2024:0976","type":"centos","bulletinFamily":"unix","title":"firefox security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0976\n\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)\n\n* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)\n\n* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)\n\n* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)\n\n* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)\n\n* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)\n\n* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)\n\n* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099230.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0976","published":"2024-02-29T15:08:24","modified":"2024-02-29T15:08:24","cvss":{"score":8.1,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"security"},"cvss2":{},"cvss3":{"cvssV31":{"source":"security","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099230.html","cvelist":["CVE-2024-1546","CVE-2024-1547","CVE-2024-1548","CVE-2024-1549","CVE-2024-1550","CVE-2024-1551","CVE-2024-1552","CVE-2024-1553"],"lastseen":"2026-03-16T14:22:29","vhref":"https://vulners.com/centos/CESA-2024:0976"},"sort":[6.7246304,1709219304000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0976 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0857","_score":6.7246304,"_source":{"id":"CESA-2024:0857","type":"centos","bulletinFamily":"unix","title":"python security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0857\n\n\nAn update for python-pillow is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.\n\nSecurity Fix(es):\n\n* pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099227.html\n\n**Affected packages:**\npython-pillow\npython-pillow-devel\npython-pillow-doc\npython-pillow-qt\npython-pillow-sane\npython-pillow-tk\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0857","published":"2024-02-21T14:47:57","modified":"2024-02-21T14:47:57","cvss":{"score":8.1,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099227.html","cvelist":["CVE-2023-50447"],"lastseen":"2026-03-28T22:14:06","vhref":"https://vulners.com/centos/CESA-2024:0857"},"sort":[6.7246304,1708526877000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0857 An update for python-pillow is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2023:5616","_score":6.7246304,"_source":{"id":"CESA-2023:5616","type":"centos","bulletinFamily":"unix","title":"python security update","description":"**CentOS Errata and Security Advisory** CESA-2023:5616\n\n\nAn update for python-reportlab is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPython-reportlab is a library used for generation of PDF documents.\n\nSecurity Fix(es):\n\n* python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099226.html\n\n**Affected packages:**\npython-reportlab\npython-reportlab-docs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2023:5616","published":"2024-02-20T14:49:49","modified":"2024-02-20T14:49:49","cvss":{"score":9.8,"severity":"CRITICAL","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099226.html","cvelist":["CVE-2019-19450"],"lastseen":"2026-03-16T14:22:28","vhref":"https://vulners.com/centos/CESA-2023:5616"},"sort":[6.7246304,1708440589000],"flatDescription":"CentOS Errata and Security Advisory CESA-2023:5616 An update for python-reportlab is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0753","_score":6.7246304,"_source":{"id":"CESA-2024:0753","type":"centos","bulletinFamily":"unix","title":"iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, linux security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0753\n\n\nAn update for linux-firmware is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* (RCVE-2023-20592)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099225.html\n\n**Affected packages:**\niwl100-firmware\niwl1000-firmware\niwl105-firmware\niwl135-firmware\niwl2000-firmware\niwl2030-firmware\niwl3160-firmware\niwl3945-firmware\niwl4965-firmware\niwl5000-firmware\niwl5150-firmware\niwl6000-firmware\niwl6000g2a-firmware\niwl6000g2b-firmware\niwl6050-firmware\niwl7260-firmware\nlinux-firmware\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0753","published":"2024-02-20T14:49:39","modified":"2024-02-20T14:49:39","cvss":{"score":6.5,"severity":"MEDIUM","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099225.html","cvelist":["CVE-2023-20592"],"lastseen":"2026-03-28T22:14:06","vhref":"https://vulners.com/centos/CESA-2024:0753"},"sort":[6.7246304,1708440579000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0753 An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0629","_score":6.7246304,"_source":{"id":"CESA-2024:0629","type":"centos","bulletinFamily":"unix","title":"tigervnc security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0629\n\n\nAn update for tigervnc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nVirtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)\n\n* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)\n\n* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)\n\n* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099223.html\n\n**Affected packages:**\ntigervnc\ntigervnc-icons\ntigervnc-license\ntigervnc-server\ntigervnc-server-applet\ntigervnc-server-minimal\ntigervnc-server-module\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0629","published":"2024-02-05T19:31:03","modified":"2024-02-05T19:31:03","cvss":{"score":9.8,"severity":"CRITICAL","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099223.html","cvelist":["CVE-2023-6816","CVE-2024-0229","CVE-2024-21885","CVE-2024-21886"],"lastseen":"2026-03-28T22:14:06","vhref":"https://vulners.com/centos/CESA-2024:0629"},"sort":[6.7246304,1707161463000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0629 An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0013","_score":6.7246304,"_source":{"id":"CESA-2024:0013","type":"centos","bulletinFamily":"unix","title":"gstreamer1 security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0013\n\n\nAn update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.\n\nSecurity Fix(es):\n\n* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099222.html\n\n**Affected packages:**\ngstreamer1-plugins-bad-free\ngstreamer1-plugins-bad-free-devel\ngstreamer1-plugins-bad-free-gtk\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0013","published":"2024-02-05T19:26:26","modified":"2024-02-05T19:26:26","cvss":{"score":8.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"cvssV3":{"source":"zdi-disclosures@trendmicro.com","version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099222.html","cvelist":["CVE-2023-44446"],"lastseen":"2026-03-16T14:22:27","vhref":"https://vulners.com/centos/CESA-2024:0013"},"sort":[6.7246304,1707161186000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0013 An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0600","_score":6.7246304,"_source":{"id":"CESA-2024:0600","type":"centos","bulletinFamily":"unix","title":"firefox, thunderbird security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0600\n\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)\n\n* Mozilla: Failure to update user input timestamp (CVE-2024-0742)\n\n* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)\n\n* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)\n\n* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)\n\n* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)\n\n* Mozilla: Privilege escalation through devtools (CVE-2024-0751)\n\n* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)\n\n* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099220.html\nhttps://lists.centos.org/pipermail/centos-announce/2024-February/099221.html\n\n**Affected packages:**\nfirefox\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0600","published":"2024-02-05T19:24:42","modified":"2024-02-05T19:25:24","cvss":{"score":8.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-February/099220.html","cvelist":["CVE-2024-0741","CVE-2024-0742","CVE-2024-0746","CVE-2024-0747","CVE-2024-0749","CVE-2024-0750","CVE-2024-0751","CVE-2024-0753","CVE-2024-0755"],"lastseen":"2026-03-16T14:22:27","vhref":"https://vulners.com/centos/CESA-2024:0600"},"sort":[6.7246304,1707161082000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0600 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0232","_score":6.7246304,"_source":{"id":"CESA-2024:0232","type":"centos","bulletinFamily":"unix","title":"java security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0232\n\n\nAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)\n\n* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)\n\n* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)\n\n* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)\n\n* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)\n\n* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099219.html\n\n**Affected packages:**\njava-11-openjdk\njava-11-openjdk-demo\njava-11-openjdk-devel\njava-11-openjdk-headless\njava-11-openjdk-javadoc\njava-11-openjdk-javadoc-zip\njava-11-openjdk-jmods\njava-11-openjdk-src\njava-11-openjdk-static-libs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0232","published":"2024-01-26T18:12:38","modified":"2024-01-26T18:12:38","cvss":{"score":7.4,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","source":"secalert_us@oracle.com"},"cvss2":{},"cvss3":{"cvssV31":{"source":"secalert_us@oracle.com","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099219.html","cvelist":["CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20926","CVE-2024-20945","CVE-2024-20952"],"lastseen":"2026-03-16T14:22:33","vhref":"https://vulners.com/centos/CESA-2024:0232"},"sort":[6.7246304,1706292758000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0232 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0223","_score":6.7246304,"_source":{"id":"CESA-2024:0223","type":"centos","bulletinFamily":"unix","title":"java security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0223\n\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)\n\n* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)\n\n* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)\n\n* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)\n\n* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)\n\n* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* In the previous release in October 2023 (8u392), the RPMs were changed to use Provides for java, jre, java-headless, jre-headless, java-devel and java-sdk which included the full RPM version. This prevented the Provides being used to resolve a dependency on Java 1.8.0 (for example, \"Requires: java-headless 1:1.8.0\"). This change has now been reverted to the old \"1:1.8.0\" value. (RHEL-19630)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099218.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-accessibility\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-zip\njava-1.8.0-openjdk-src\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0223","published":"2024-01-26T18:11:41","modified":"2024-01-26T18:11:41","cvss":{"score":7.4,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","source":"secalert_us@oracle.com"},"cvss2":{},"cvss3":{"cvssV31":{"source":"secalert_us@oracle.com","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099218.html","cvelist":["CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20926","CVE-2024-20945","CVE-2024-20952"],"lastseen":"2026-03-16T14:22:33","vhref":"https://vulners.com/centos/CESA-2024:0223"},"sort":[6.7246304,1706292701000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0223 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0320","_score":6.7246304,"_source":{"id":"CESA-2024:0320","type":"centos","bulletinFamily":"unix","title":"xorg security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0320\n\n\nAn update for xorg-x11-server is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nX.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nSecurity Fix(es):\n\n* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)\n\n* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)\n\n* xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)\n\n* xorg-x11-server: SELinux context corruption (CVE-2024-0409)\n\n* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)\n\n* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099216.html\n\n**Affected packages:**\nxorg-x11-server-Xdmx\nxorg-x11-server-Xephyr\nxorg-x11-server-Xnest\nxorg-x11-server-Xorg\nxorg-x11-server-Xvfb\nxorg-x11-server-Xwayland\nxorg-x11-server-common\nxorg-x11-server-devel\nxorg-x11-server-source\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0320","published":"2024-01-26T18:10:28","modified":"2024-01-26T18:10:28","cvss":{"score":9.8,"severity":"CRITICAL","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099216.html","cvelist":["CVE-2023-6816","CVE-2024-0229","CVE-2024-0408","CVE-2024-0409","CVE-2024-21885","CVE-2024-21886"],"lastseen":"2026-03-16T14:22:33","vhref":"https://vulners.com/centos/CESA-2024:0320"},"sort":[6.7246304,1706292628000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0320 An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0345","_score":6.7246304,"_source":{"id":"CESA-2024:0345","type":"centos","bulletinFamily":"unix","title":"python security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0345\n\n\nAn update for python-pillow is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.\n\nSecurity Fix(es):\n\n* python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099214.html\n\n**Affected packages:**\npython-pillow\npython-pillow-devel\npython-pillow-doc\npython-pillow-qt\npython-pillow-sane\npython-pillow-tk\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0345","published":"2024-01-26T18:08:27","modified":"2024-01-26T18:08:27","cvss":{"score":7.5,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099214.html","cvelist":["CVE-2023-44271"],"lastseen":"2026-03-16T14:22:32","vhref":"https://vulners.com/centos/CESA-2024:0345"},"sort":[6.7246304,1706292507000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0345 An update for python-pillow is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0343","_score":6.7246304,"_source":{"id":"CESA-2024:0343","type":"centos","bulletinFamily":"unix","title":"LibRaw security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0343\n\n\nAn update for LibRaw is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nLibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others).\n\nSecurity Fix(es):\n\n* LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099213.html\n\n**Affected packages:**\nLibRaw\nLibRaw-devel\nLibRaw-static\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0343","published":"2024-01-26T18:08:08","modified":"2024-01-26T18:08:08","cvss":{"score":7.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099213.html","cvelist":["CVE-2021-32142"],"lastseen":"2026-03-16T14:22:32","vhref":"https://vulners.com/centos/CESA-2024:0343"},"sort":[6.7246304,1706292488000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0343 An update for LibRaw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0279","_score":6.7246304,"_source":{"id":"CESA-2024:0279","type":"centos","bulletinFamily":"unix","title":"gstreamer security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0279\n\n\nAn update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer.\n\nSecurity Fix(es):\n\n* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099212.html\n\n**Affected packages:**\ngstreamer-plugins-bad-free\ngstreamer-plugins-bad-free-devel\ngstreamer-plugins-bad-free-devel-docs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0279","published":"2024-01-26T18:07:56","modified":"2024-01-26T18:07:56","cvss":{"score":8.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"cvssV3":{"source":"zdi-disclosures@trendmicro.com","version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099212.html","cvelist":["CVE-2023-44446"],"lastseen":"2026-03-16T14:22:32","vhref":"https://vulners.com/centos/CESA-2024:0279"},"sort":[6.7246304,1706292476000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0279 An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2024:0346","_score":6.7246304,"_source":{"id":"CESA-2024:0346","type":"centos","bulletinFamily":"unix","title":"bpftool, kernel, perf, python security update","description":"**CentOS Errata and Security Advisory** CESA-2024:0346\n\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* gfs2: kernel BUG at fs/gfs2/lops.c:135 (BZ#2196280)\n\n* ax88179_178a 2-6:1.0 (unregistered net_device) (uninitialized): Failed to read reg index 0x0006: -71 (RHEL-6302)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099211.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2024:0346","published":"2024-01-26T18:06:10","modified":"2024-01-26T18:06:10","cvss":{"score":7.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099211.html","cvelist":["CVE-2023-42753"],"lastseen":"2026-03-16T14:22:32","vhref":"https://vulners.com/centos/CESA-2024:0346"},"sort":[6.7246304,1706292370000],"flatDescription":"CentOS Errata and Security Advisory CESA-2024:0346 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2023:5461","_score":6.7246304,"_source":{"id":"CESA-2023:5461","type":"centos","bulletinFamily":"unix","title":"ImageMagick security update","description":"**CentOS Errata and Security Advisory** CESA-2023:5461\n\n\nAn update for ImageMagick is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.\n\nSecurity Fix(es):\n\n* ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099209.html\n\n**Affected packages:**\nImageMagick\nImageMagick-c++\nImageMagick-c++-devel\nImageMagick-devel\nImageMagick-doc\nImageMagick-perl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2023:5461","published":"2024-01-17T20:06:49","modified":"2024-01-17T20:06:49","cvss":{"score":7.5,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099209.html","cvelist":["CVE-2021-40211"],"lastseen":"2026-03-16T14:22:32","vhref":"https://vulners.com/centos/CESA-2023:5461"},"sort":[6.7246304,1705522009000],"flatDescription":"CentOS Errata and Security Advisory CESA-2023:5461 An update for ImageMagick is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed..."},{"_index":"es6_bulletins_bulletin_v7","_id":"CESA-2023:7423","_score":6.7246304,"_source":{"id":"CESA-2023:7423","type":"centos","bulletinFamily":"unix","title":"bpftool, kernel, perf, python security update","description":"**CentOS Errata and Security Advisory** CESA-2023:7423\n\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead (CVE-2023-3611)\n\n* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)\n\n* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)\n\n* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2024-January/099208.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2023:7423","published":"2024-01-12T19:36:38","modified":"2024-01-12T19:36:38","cvss":{"score":7.8,"severity":"HIGH","version":"3.1","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","source":"nvd"},"cvss2":{},"cvss3":{"cvssV31":{"source":"nvd","version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},"href":"https://lists.centos.org/pipermail/centos-announce/2024-January/099208.html","cvelist":["CVE-2022-40982","CVE-2023-31436","CVE-2023-3611","CVE-2023-3776","CVE-2023-4128","CVE-2023-4206","CVE-2023-4207","CVE-2023-4208"],"lastseen":"2026-03-16T14:22:32","vhref":"https://vulners.com/centos/CESA-2023:7423"},"sort":[6.7246304,1705088198000],"flatDescription":"CentOS Errata and Security Advisory CESA-2023:7423 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity..."}],"occurrences":{},"exactMatch":null,"references":null,"total":3708,"maxSearchSize":100}}