Lucene search
K
AlmalinuxMost viewed

5359 matches found

AlmaLinux
AlmaLinux
•added 2024/01/30 12:0 a.m.•293 views

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...

6.5CVSS7.9AI score0.93305EPSS
Exploits12References6
AlmaLinux
AlmaLinux
•added 2019/11/05 5:52 p.m.•292 views

Important: container-tools:1.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: slirp: heap buffer overflow during packet reassembly CVE-2019-14378 containers/image: not enforcing TLS when sending username+password credentials to token serve...

8.8CVSS2.3AI score0.16658EPSS
Exploits3References3
AlmaLinux
AlmaLinux
•added 2021/04/26 5:3 a.m.•280 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fixes: Mozilla: Out of bound write due to lazy initialization CVE-2021-23994 Mozilla: Use-after-free in Responsive Design Mode CVE-2021-23995 Mozilla: More internal network...

6.8CVSS0.7AI score0.01764EPSS
Exploits2References9
AlmaLinux
AlmaLinux
•added 2021/11/10 8:34 a.m.•277 views

Moderate: gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were...

8.3CVSS8.7AI score0.12205EPSS
Exploits4References1
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•256 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469 For more details about the security...

6.5CVSS7AI score0.01086EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/09/20 12:0 a.m.•238 views

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...

8.8CVSS9AI score0.99735EPSS
Exploits9References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•233 views

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS7.7AI score0.76768EPSS
Exploits10References4
AlmaLinux
AlmaLinux
•added 2023/07/12 12:0 a.m.•225 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check...

8.6CVSS7.9AI score0.01577EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•219 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1...

9.8CVSS7AI score0.02868EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/01/25 12:49 p.m.•211 views

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

9.8CVSS1.3AI score0.97108EPSS
Exploits4References2
AlmaLinux
AlmaLinux
•added 2020/12/15 3:56 p.m.•207 views

iptables bug fix and enhancement update

The iptables utility controls the network packet filtering code in the Linux kernel. Bug Fixes and Enhancements: openshift-sdn reports failure with iptables-restore: CHAINUSERDEL failed Device or resource busy BZ1891880 Improve IP address match performance BZ1894619...

0.7AI score
Exploits0
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•204 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: IDN wildcard match may lead to Improper Cerificate Validation CVE-2023-28321 curl: more POST-after-PUT confusion...

5.9CVSS7AI score0.02211EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/01/24 12:0 a.m.•203 views

Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS vulnerability when parsing multipart request body CVE-2023-0662 php: Missing error check and insufficient random bytes...

9.8CVSS7.3AI score0.08003EPSS
Exploits6References14
AlmaLinux
AlmaLinux
•added 2024/04/11 12:0 a.m.•189 views

Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7.2AI score0.91327EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•185 views

Moderate: nodejs:14 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection...

8.2CVSS8.5AI score0.21514EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2023/02/21 12:0 a.m.•181 views

Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

9CVSS7.7AI score0.57941EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•179 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 kernel: net/sched: multiple vulnerabilities CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208...

8.8CVSS8.2AI score0.03882EPSS
Exploits8References105
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•171 views

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...

6.5CVSS7.9AI score0.93305EPSS
Exploits12References6
AlmaLinux
AlmaLinux
•added 2024/08/08 12:0 a.m.•170 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52451 kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure...

9.8CVSS7.6AI score0.01358EPSS
Exploits2References322
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•166 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.5CVSS7.5AI score0.00782EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•165 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: GSM multiplexing race condition leads to privilege escalation CVE-2023-6546 kernel: multiple use-after-free vulnerabilities CVE-2024-1086, CVE-2023-3567, CVE-2023-4133, CVE-2023-6932,...

9.8CVSS8.5AI score0.28058EPSS
Exploits22References122
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•165 views

Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2024/09/24 12:0 a.m.•159 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: CVE-2023-6040 CVE-2024-26595 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605...

8.8CVSS9.6AI score0.01028EPSS
Exploits2References260
AlmaLinux
AlmaLinux
•added 2020/11/03 12:29 p.m.•150 views

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap: Cross-site Scripting XSS i...

4.3CVSS0.4AI score0.99019EPSS
Exploits20References15
AlmaLinux
AlmaLinux
•added 2024/07/01 12:0 a.m.•147 views

Moderate: httpd:2.4/httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.3CVSS6.8AI score0.03914EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•141 views

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

7.8CVSS6.8AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•140 views

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For more details about the...

7.5CVSS7.8AI score0.99999EPSS
Exploits20References6
AlmaLinux
AlmaLinux
•added 2021/05/18 5:34 a.m.•139 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

2.1CVSS0.8AI score0.01027EPSS
Exploits2References2
AlmaLinux
AlmaLinux
•added 2024/02/20 12:0 a.m.•136 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: schhfsc UAF CVE-2023-4623 kernel: use-after-free in schqfq network scheduler CVE-2023-4921 kernel: inactive elements in nftpipapowalk CVE-2023-6817 kernel: IGB driver inadequat...

7.8CVSS9.9AI score0.01549EPSS
Exploits3References40
AlmaLinux
AlmaLinux
•added 2024/01/17 12:0 a.m.•136 views

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...

7.5CVSS7.4AI score0.00918EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2021/11/09 9:16 a.m.•136 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

8.8CVSS7.8AI score0.0825EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•135 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: FUSE filesystem low-privileged user...

7.9CVSS8.3AI score0.0788EPSS
Exploits14References10
AlmaLinux
AlmaLinux
•added 2021/11/09 8:24 a.m.•135 views

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image CVE-2021-20291 For...

7.1CVSS6.6AI score0.01587EPSS
Exploits1References3
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•134 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use after free in unixstreamsendpage CVE-2023-4622 kernel: vmwgfx: reference count issue leads to use-after-free in surface handling CVE-2023-5633 kernel: netfilter: potential...

7.8CVSS7.1AI score0.0616EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2022/01/31 9:52 a.m.•133 views

Important: nginx:1.20 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a later upstream version: nginx 1.20.1. BZ2031030 Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels...

7.7CVSS8AI score0.53461EPSS
Exploits10References2
AlmaLinux
AlmaLinux
•added 2023/06/14 12:0 a.m.•131 views

Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7. The...

7.5CVSS7.9AI score0.02627EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2024/07/02 12:0 a.m.•130 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number...

9.1CVSS7.4AI score0.01401EPSS
Exploits1References124
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•130 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...

8.8CVSS8.5AI score0.03763EPSS
Exploits13References82
AlmaLinux
AlmaLinux
•added 2021/01/26 6:53 p.m.•131 views

Important: sudo security update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: Heap buffer overflow in argument parsin...

7.2CVSS2.6AI score0.99295EPSS
Exploits81References1
AlmaLinux
AlmaLinux
•added 2024/05/29 12:0 a.m.•129 views

Important: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS6.6AI score0.01386EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/08/14 12:0 a.m.•128 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: phy: CVE-2024-26600 kernel: netfilter: multiple flaws CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005 kernel: cifs: CVE-2024-26828 kernel: wifi: multiple flaws...

9.1CVSS7.2AI score0.02701EPSS
Exploits2References94
AlmaLinux
AlmaLinux
•added 2022/07/18 12:0 a.m.•125 views

Important: pandoc security update

Pandoc is a markdown/markup conversion tool. The version of pandoc in AlmaLinux 8 CRB uses cmark-gfm GitHub's extended version of the C reference implementation of CommonMark for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which...

9.8CVSS9.7AI score0.04192EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•124 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows...

8.8CVSS7.3AI score0.02014EPSS
Exploits2References14
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•123 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: memory corruption in AX88179178A based USB ethernet device. CVE-2022-2964 kernel: i915: Incorrect GPU TLB flush can lead to random memory access CVE-2022-4139 For more details about the...

7.8CVSS8.2AI score0.00294EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•122 views

Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

7.8CVSS7.5AI score0.02189EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2020/11/03 12:4 p.m.•122 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

6.8CVSS0.6AI score0.06683EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•120 views

Moderate: bluez security update

The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts AlmaLinux, and pcmcia configuration files. Security Fixes: bluez: unauthorized HID device connections allows keystroke injection and arbitrary...

8CVSS9.4AI score0.07879EPSS
Exploits8References22
AlmaLinux
AlmaLinux
•added 2023/01/09 12:0 a.m.•120 views

Moderate: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.1, nodejs-nodemon 2.0.20. Security Fixes: minimist: prototype pollution...

9.8CVSS8.4AI score0.14663EPSS
Exploits4References12
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•119 views

Low: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...

5.9CVSS7AI score0.02511EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/02/16 8:26 a.m.•119 views

Important: ruby:2.6 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc:...

9.3CVSS7.9AI score0.06307EPSS
Exploits5References7
Total number of security vulnerabilities5000