Lucene search
K

6423 matches found

OSV
OSV
added 2023/05/09 12:0 a.m.29 views

ALSA-2023:2459 Moderate: device-mapper-multipath security and bug fix update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 For more details about the securi...

7.8CVSS7.4AI score0.00658EPSS
Exploits4References4
OSV
OSV
added 2023/05/09 12:0 a.m.12 views

ALSA-2023:2161 Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-oauthlib: DoS when attacker provides malicious IPV6 URI...

6.5CVSS6.3AI score0.01258EPSS
Exploits1References4
OSV
OSV
added 2023/05/09 12:0 a.m.29 views

ALSA-2023:2653 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux CVE-2023-2203 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.8CVSS9.1AI score0.27076EPSS
Exploits0References4
OSV
OSV
added 2023/05/09 12:0 a.m.23 views

ALSA-2023:2326 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: clients using /parallel command line switch might read...

7.5CVSS6.5AI score0.00985EPSS
Exploits0References20
OSV
OSV
added 2023/05/09 12:0 a.m.22 views

ALSA-2023:2193 Moderate: butane security, bug fix, and enhancement update

Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition. The following packages have been upgraded to a later upstream version: butane 0.16.0. BZ2135475 Security Fixes: golang: net/http: handle server errors after...

7.5CVSS7.8AI score0.02513EPSS
Exploits1References6
OSV
OSV
added 2023/05/09 12:0 a.m.27 views

ALSA-2023:2259 Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

7.8CVSS7.8AI score0.00574EPSS
Exploits1References4
OSV
OSV
added 2023/05/09 12:0 a.m.20 views

ALSA-2023:2502 Moderate: dhcp security and enhancement update

The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...

6.5CVSS7.1AI score0.00664EPSS
Exploits0References6
OSV
OSV
added 2023/05/09 12:0 a.m.45 views

ALSA-2023:2458 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...

8.8CVSS8.9AI score0.03763EPSS
Exploits13References82
OSV
OSV
added 2023/05/09 12:0 a.m.38 views

ALSA-2023:2478 Low: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...

5.9CVSS7.1AI score0.02511EPSS
Exploits2References6
OSV
OSV
added 2023/05/09 12:0 a.m.39 views

ALSA-2023:2373 Moderate: wireshark security and bug fix update

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: f5ethtrailer Infinite loop in legacy style dissector CVE-2022-3190 For more details about the security issues, including the impact, a CVSS...

6.3CVSS6.1AI score0.01754EPSS
Exploits1References4
OSV
OSV
added 2023/05/09 12:0 a.m.24 views

ALSA-2023:2378 Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

5.5CVSS5.7AI score0.0048EPSS
Exploits1References4
OSV
OSV
added 2023/05/09 12:0 a.m.33 views

ALSA-2023:2487 Moderate: fwupd security and bug fix update

The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 shim: 3rd party shim allow secure boot bypass CVE-2022-34301 shim: 3rd party shim allow secure boot bypass...

6.7CVSS6.5AI score0.01046EPSS
Exploits0References10
OSV
OSV
added 2023/05/09 12:0 a.m.24 views

ALSA-2023:2177 Moderate: grafana-pcp security and enhancement update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 For...

7.5CVSS7.6AI score0.02513EPSS
Exploits0References4
OSV
OSV
added 2023/05/09 12:0 a.m.25 views

ALSA-2023:2257 Moderate: tigervnc security and bug fix update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

8.8CVSS8.7AI score0.02685EPSS
Exploits0References14
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.60 views

Moderate: qemu-kvm security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm 7.2.0...

6.5CVSS7.2AI score0.0114EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.75 views

Important: edk2 security, bug fix, and enhancement update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 edk2: integer underflow in SmmEntryPoint function...

9.8CVSS7.6AI score0.59501EPSS
Exploits0References12
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.63 views

Moderate: butane security, bug fix, and enhancement update

Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition. The following packages have been upgraded to a later upstream version: butane 0.16.0. BZ2135475 Security Fixes: golang: net/http: handle server errors after...

7.5CVSS8.1AI score0.02513EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.45 views

Low: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

9.8CVSS8.9AI score0.01936EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.76 views

Moderate: fwupd security and bug fix update

The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 shim: 3rd party shim allow secure boot bypass CVE-2022-34301 shim: 3rd party shim allow secure boot bypass...

6.7CVSS7AI score0.01046EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.28 views

Moderate: libguestfs-winsupport security update

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine VM disk images. Security Fixes: ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 ntfs-3g: crafted NTFS image can cause heap...

7.8CVSS7.8AI score0.00504EPSS
Exploits1References12
Rows per page
Query Builder