Lucene search
+L
AlmalinuxMost viewed

5404 matches found

AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•35 views

Moderate: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

4.7CVSS6.3AI score0.00715EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•35 views

Low: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

7.5CVSS7AI score0.01128EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•35 views

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

7.5CVSS6.9AI score0.01812EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•35 views

Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP reques...

7.5CVSS7.2AI score0.0125EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/03/21 12:0 a.m.•35 views

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS7.5AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/02/26 12:0 a.m.•35 views

Important: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

8CVSS7.8AI score0.01465EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/02/22 12:0 a.m.•35 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

8CVSS7.8AI score0.01465EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/12/13 12:0 a.m.•35 views

Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...

8.8CVSS6.3AI score0.04322EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/11/15 12:0 a.m.•35 views

Moderate: dotnet7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14...

9.8CVSS7.2AI score0.12512EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•35 views

Moderate: tang security and bug fix update

Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption NBDE project. Security Fixes: tang: Race condition exists in the key...

5.3CVSS7.1AI score0.00568EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•35 views

Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 For more details about the security issues, including the...

7.8CVSS7.7AI score0.00424EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•36 views

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

7.8CVSS7.4AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/03 12:0 a.m.•35 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used...

9.8CVSS8.4AI score0.13694EPSS
Exploits1References20
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•35 views

Moderate: libeconf security update

Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it. Security Fixes: libeconf: stack-based buffer overflow in readfile in...

6.5CVSS7.4AI score0.00636EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/07/31 12:0 a.m.•35 views

Moderate: samba security and bug fix update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: SMB2 packet signing is not enforced when "server...

5.9CVSS6.9AI score0.0039EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/07/20 12:0 a.m.•35 views

Moderate: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper handling of slash characters in URI-to-path conversion 8305312 CVE-2023-22049 OpenJDK: array indexing integer overflow issue 8304468...

3.7CVSS7.1AI score0.01316EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/06/27 12:0 a.m.•35 views

Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•35 views

Moderate: device-mapper-multipath security and bug fix update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 For more details about the securi...

7.8CVSS6.6AI score0.00658EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: device-mapper-multipath security and bug fix update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 For more details about the securi...

7.8CVSS7.5AI score0.00658EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: freeradius security and bug fix update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...

7.5CVSS7.2AI score0.01171EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: sysstat security and bug fix update

The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fixes: sysstat: arithmetic overflow in allocatestructures on 32 bit systems CVE-2022-39377 For more details about the security issues, including the...

7.8CVSS7.9AI score0.01096EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

7.8CVSS7.6AI score0.00574EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fixes: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data CVE-2021-44648 gdk-pixbu...

8.8CVSS8.6AI score0.01891EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux CVE-2023-2203 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.8CVSS8.6AI score0.00934EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/02/21 12:0 a.m.•35 views

Moderate: tar security update

The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS8.2AI score0.04524EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•35 views

Moderate: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

8CVSS7.9AI score0.0152EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/07/07 12:0 a.m.•35 views

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

6.5CVSS0.1AI score0.04513EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/05/18 1:52 p.m.•35 views

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: path traversal possible outside of publicdir when serving static files CVE-2022-29970 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.7AI score0.02059EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•35 views

java-1.8.0-openjdk bug fix and enhancement update

This erratum reinstates changes made to java-1.8.0-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the...

6.9AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 8:10 a.m.•35 views

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: heap out-of-bounds read in src/flac.c in flacbuffercopy CVE-2021-4156 For more details about the security issues, including the impact, a CVSS score,...

7.1CVSS0.5AI score0.01754EPSS
Exploits1References2
AlmaLinux
AlmaLinux
•added 2022/05/10 8:2 a.m.•35 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: a buffer overflow via the "invertImage" may lead to DoS CVE-2020-19131 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

7.5CVSS8.1AI score0.02433EPSS
Exploits1References2
AlmaLinux
AlmaLinux
•added 2022/05/10 8:1 a.m.•35 views

Moderate: qt5-qtbase security update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke CVE-2021-38593 For mor...

7.5CVSS7.7AI score0.0306EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/10 8:0 a.m.•35 views

Moderate: libreoffice security, bug fix, and enhancement update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.5CVSS6.4AI score0.00709EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/05/10 6:41 a.m.•35 views

Moderate: fetchmail security update

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...

7.5CVSS6.4AI score0.0256EPSS
Exploits0References3
AlmaLinux
AlmaLinux
•added 2022/04/26 1:50 p.m.•35 views

python-suds bug fix and enhancement update

The suds project is a python soap web services client lib. Suds leverages python meta programming to provide an intuitive API for consuming web services. Objectification of types defined in the WSDL is provided without class generation. Programmers rarely need to read the WSDL since services and...

1.8AI score
Exploits0
AlmaLinux
AlmaLinux
•added 2022/04/26 1:49 p.m.•35 views

Moderate: polkit security update

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fixes: polkit: file descriptor leak allows an unprivileged user to cause a crash...

5.5CVSS2.2AI score0.0053EPSS
Exploits1References2
AlmaLinux
AlmaLinux
•added 2022/04/26 9:54 a.m.•35 views

Important: gzip security update

The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...

8.8CVSS1.8AI score0.04271EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/02/01 8:13 p.m.•35 views

Moderate: cryptsetup security update

The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Security Fixes: cryptsetup: disable encryption via header rewrite CVE-2021-4122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

4.3CVSS1.6AI score0.0028EPSS
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/01/12 11:30 a.m.•35 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.5.0 ESR. Security Fixes: Mozilla: Iframe sandbox bypass with XSLT CVE-2021-4140 Mozilla: Race condition when playing audio files CVE-2022-2273...

10CVSS9.2AI score0.0134EPSS
Exploits6References12
AlmaLinux
AlmaLinux
•added 2021/11/15 10:0 a.m.•35 views

Moderate: gcc-toolset-10-binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: Developer environment:...

8.3CVSS8.8AI score0.12205EPSS
Exploits4References1
AlmaLinux
AlmaLinux
•added 2021/11/09 9:23 a.m.•35 views

Moderate: gnutls and nettle security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...

9.8CVSS9.4AI score0.03751EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2021/11/09 8:56 a.m.•35 views

Moderate: libjpeg-turbo security and bug fix update

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fixes: libjpeg-turbo:...

8.8CVSS8.9AI score0.02728EPSS
Exploits1References2
AlmaLinux
AlmaLinux
•added 2021/11/09 8:48 a.m.•35 views

Low: tcpdump security and bug fix update

The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fixes: tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory...

7.5CVSS7.7AI score0.03071EPSS
Exploits0References1
AlmaLinux
AlmaLinux
•added 2021/11/02 7:49 a.m.•35 views

NetworkManager bug fix and enhancement update

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

7AI score
Exploits0
AlmaLinux
AlmaLinux
•added 2021/11/02 7:49 a.m.•35 views

Moderate: libsolv security update

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fixes: libsolv: heap-based buffer overflow in poolinstallable in src/repo.h CVE-2021-33928 libsolv: heap-based buffer overflow in pooldisabledsolvable in src/repo.h CVE-2021-33929...

7.5CVSS8.1AI score0.01462EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2021/11/01 1:11 p.m.•35 views

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Sandbox bypass via recent VFS-manipulating syscalls CVE-2021-41133 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

8.8CVSS1.7AI score0.00406EPSS
Exploits0References1
AlmaLinux
AlmaLinux
•added 2021/07/15 2:11 p.m.•35 views

.NET Core 3.1 bugfix update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.117 and Runtime 3.1.17 BZ1978407...

1.3AI score
Exploits0
AlmaLinux
AlmaLinux
•added 2021/06/07 11:20 a.m.•35 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 CVE-2021-29967 Mozilla: Thunderbird stored OpenPGP secret keys without master password protecti...

6.8CVSS1.8AI score0.01368EPSS
Exploits2References3
AlmaLinux
AlmaLinux
•added 2021/05/18 6:1 a.m.•35 views

Moderate: qt5-qtbase security and bug fix update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: buffer over-read in readxbmbody in gui/image/qxbmhandler.cpp CVE-2020-17507 For more details about the security issues, including the...

5.3CVSS6.2AI score0.03915EPSS
Exploits0References1
AlmaLinux
AlmaLinux
•added 2021/05/18 5:34 a.m.•35 views

libarchive bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

7.5CVSS1.6AI score0.03367EPSS
Exploits0References1
Total number of security vulnerabilities5000