AlmaLinux 8 : freetype (ALSA-2025:3421)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3421 advisory. freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files CVE-2025-27363 Tenable has extracted the...

AlmaLinux 9 : nginx:1.22 (ALSA-2025:3261)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3261 advisory. nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 Tenable has extracted the preceding description block directly from the AlmaLinux...

freetype security update

2.10.4-10 - Fix for CVE-2025-27363 out-of-bound write vulnerability - Patch initially by Marc Deslauriers of Canonical - https://www.openwall.com/lists/oss-security/2025/03/14/3 - Adjusted for EL9 by Jonathan Wright of AlmaLinux - and a member of the Meta security team - Resolves: RHEL-83105...

AlmaLinux 9 : grafana (ALSA-2025:3344)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3344 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directly from...

CLSA-2025-1743012551 Update of shim

Fix installation on systems having Almalinux signed kernels...

AlmaLinux 9 : libxslt (ALSA-2025:3107)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3107 advisory. libxslt: Use-After-Free in libxslt numbers.c CVE-2025-24855 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

AlmaLinux 9 : thunderbird (ALSA-2025:2899)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:2899 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938 firefox: thunderbir...

AlmaLinux 9 : grub2 (ALSA-2025:2867)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:2867 advisory. grub2: net: Out-of-bounds write in grubnetsearchconfigfile CVE-2025-0624 Tenable has extracted the preceding description block directly from the AlmaLinux security...

AlmaLinux 8 : thunderbird (ALSA-2025:2900)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:2900 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938 firefox: thunderbir...

AlmaLinux 9 : webkit2gtk3 (ALSA-2025:2864)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:2864 advisory. webkitgtk: out-of-bounds write vulnerability CVE-2025-24201 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

AlmaLinux 8 : krb5 (ALSA-2025:2722)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:2722 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the...

AlmaLinux 8 : webkit2gtk3 (ALSA-2025:2863)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:2863 advisory. webkitgtk: out-of-bounds write vulnerability CVE-2025-24201 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

AlmaLinux 8 : libreoffice (ALSA-2025:2868)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:2868 advisory. libreoffice: Macro URL arbitrary script execution CVE-2025-1080 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

AlmaLinux 8 : libxml2 (ALSA-2025:2686)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:2686 advisory. libxml2: Use-After-Free in libxml2 CVE-2024-56171 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 CVE-2025-24928 Tenable has...

AlmaLinux 9 : kernel (ALSA-2025:2627)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:2627 advisory. kernel: ACPI: extlog: fix NULL pointer dereference check CVE-2023-52605 kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk-tran...

AlmaLinux 9 : libxml2 (ALSA-2025:2679)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:2679 advisory. libxml2: Use-After-Free in libxml2 CVE-2024-56171 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 CVE-2025-24928 Tenable has...

AlmaLinux 8 : kernel-rt (ALSA-2025:2474)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:2474 advisory. kernel: HID: core: zero-initialize the report buffer CVE-2024-50302 kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devic...

AlmaLinux 8 : firefox (ALSA-2025:2452)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:2452 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-193...

AlmaLinux 8 : kernel (ALSA-2025:2473)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:2473 advisory. kernel: HID: core: zero-initialize the report buffer CVE-2024-50302 kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devic...

AlmaLinux 8 : postgresql:13 (ALSA-2025:1736)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1736 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...