Lucene search
K

27 matches found

OSV
OSV
added 2020/11/03 12:39 p.m.27 views

RLSA-2020:4827 Moderate: oniguruma security update

Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fixes: oniguruma: NULL pointer dereference in matchat in regexec.c CVE-2019-13225 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.3CVSS8.1AI score0.02129EPSS
Exploits0References2
OSV
OSV
added 2020/11/03 12:38 p.m.21 views

RLSA-2020:4820 Moderate: file-roller security update

File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fixes: file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive CVE-2019-16680 file-roller: directory traversal via directory symlink pointing...

4.3CVSS4.9AI score0.02132EPSS
Exploits1References3
OSV
OSV
added 2020/11/03 12:37 p.m.34 views

RLSA-2020:4807 Moderate: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 For more details about the security issues, including the impact, a CVSS score...

7.6CVSS7.5AI score0.26723EPSS
Exploits1References2
OSV
OSV
added 2020/11/03 12:37 p.m.33 views

RLSA-2020:4799 Moderate: freeradius:3.0 security and bug fix update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: eap-pwd: DoS issues due to multithreaded BNCTX access CVE-2019-17185 Fo...

7.5CVSS7.8AI score0.02168EPSS
Exploits0References5
OSV
OSV
added 2020/11/03 12:33 p.m.23 views

RLSA-2020:4756 Moderate: varnish:6 security, bug fix, and enhancement update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. The following packages have been upgraded to a later upstream version: varnish 6.0.6. BZ1795673...

7.5CVSS7.9AI score0.05742EPSS
Exploits0References4
OSV
OSV
added 2020/11/03 12:33 p.m.59 views

RLSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: modhttp2 1.15.7. BZ1814236 Security Fixes: httpd: memory corruption on early pushes CVE-2019-10081 httpd: read-after-free in ...

6.6CVSS7.3AI score0.81466EPSS
Exploits6References15
OSV
OSV
added 2020/11/03 12:32 p.m.39 views

RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...

8.5CVSS9.1AI score0.7179EPSS
Exploits0References19
OSV
OSV
added 2020/11/03 12:29 p.m.25 views

RLSA-2020:4712 Moderate: subversion:1.10 security update

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fixes: subversion: remotely triggerable DoS vulnerability in svnserve...

6.5CVSS7.1AI score0.02422EPSS
Exploits0References2
OSV
OSV
added 2020/11/03 12:29 p.m.26 views

RLSA-2020:4709 Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

6.5CVSS6.6AI score0.02125EPSS
Exploits0References2
OSV
OSV
added 2020/11/03 12:27 p.m.33 views

RLSA-2020:4694 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 QEMU: slirp: networking out-of-bounds read information...

7.5CVSS7.1AI score0.02428EPSS
Exploits1References33
Rockylinux
Rockylinux
added 2020/11/03 12:27 p.m.49 views

qt5-qtbase and qt5-qtwebsockets security and bug fix update

An update is available for qt5-qtwebsockets. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Qt is a software toolkit for developing applications. The qt5-base...

8.6CVSS7.3AI score0.03012EPSS
Exploits3
OSV
OSV
added 2020/11/03 12:27 p.m.38 views

RLSA-2020:4690 Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and...

7.5CVSS7.3AI score0.03012EPSS
Exploits3References7
OSV
OSV
added 2020/11/03 12:26 p.m.62 views

RLSA-2020:4676 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...

8.8CVSS7.5AI score0.04027EPSS
Exploits2References27
OSV
OSV
added 2020/11/03 12:24 p.m.50 views

RLSA-2020:4659 Moderate: gd security update

GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fixes: gd: Heap-based buffer overflow in gdImageColorMatch in gdcolormatch.c CVE-2019-6977 gd: NULL pointer dereference in...

7.4CVSS8.7AI score0.65116EPSS
Exploits7References4
Rockylinux
Rockylinux
added 2020/11/03 12:24 p.m.47 views

python27:2.7 security update

An update is available for python-pymongo, python2-rpm-macros, python-sqlalchemy, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py...

7.5CVSS8AI score0.06304EPSS
Exploits1
OSV
OSV
added 2020/11/03 12:24 p.m.38 views

RLSA-2020:4654 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

8CVSS7.3AI score0.06304EPSS
Exploits1References3
OSV
OSV
added 2020/11/03 12:23 p.m.36 views

RLSA-2020:4647 Moderate: freerdp and vinagre security, bug fix, and enhancement update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. Th...

7.1CVSS6.8AI score0.02653EPSS
Exploits9References30
OSV
OSV
added 2020/11/03 12:23 p.m.40 views

RLSA-2020:4641 Moderate: python38:3.8 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

9.8CVSS7.8AI score0.12826EPSS
Exploits3References8
OSV
OSV
added 2020/11/03 12:22 p.m.20 views

RLSA-2020:4638 Low: sysstat security update

The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fixes: sysstat: memory corruption due to an integer overflow in remapstruct in sacommon.c CVE-2019-16167 For more details about the security issues,...

5.5CVSS6.2AI score0.01533EPSS
Exploits1References2
OSV
OSV
added 2020/11/03 12:21 p.m.22 views

RLSA-2020:4629 Moderate: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double free in ParseContentEncodingEntry in mkvparser.cc CVE-2019-2126 libvpx: Out of bounds read in vp8nor...

8.8CVSS7.3AI score0.05392EPSS
Exploits0References5
Rows per page
Query Builder