Lucene search
K
AlmalinuxRecent

5313 matches found

AlmaLinux
AlmaLinux
•added 2025/04/22 12:0 a.m.•5 views

Moderate: xmlrpc-c security update

XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...

7.5CVSS6.9AI score0.01569EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/04/21 12:0 a.m.•12 views

Important: libxslt security update

libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. Security Fixes: libxslt: Use-After-Free in libxslt xsltGetInheritedNsList...

7.8CVSS6.8AI score0.00324EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2025/04/17 12:0 a.m.•13 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...

7.5CVSS6.6AI score0.00827EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2025/04/17 12:0 a.m.•13 views

Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...

8.2CVSS7.3AI score0.00542EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/04/16 12:0 a.m.•26 views

Moderate: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling CVE-2025-30698 For...

7.4CVSS7.3AI score0.00688EPSS
Exploits0References5
AlmaLinux
AlmaLinux
•added 2025/04/16 12:0 a.m.•36 views

Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling CVE-2025-3069...

7.4CVSS7.1AI score0.00688EPSS
Exploits0References5
AlmaLinux
AlmaLinux
•added 2025/04/16 12:0 a.m.•20 views

Moderate: java-17-openjdk security update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling CVE-2025-30698...

7.4CVSS7.3AI score0.00688EPSS
Exploits0References5
AlmaLinux
AlmaLinux
•added 2025/04/16 12:0 a.m.•14 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources CVE-2024-53150 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

7.1CVSS7.2AI score0.01325EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/04/15 12:0 a.m.•16 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

7.5CVSS6.9AI score0.01569EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/04/15 12:0 a.m.•18 views

Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: xen: Xen hypercall page unsafe against speculative attacks Xen Security Advisory 466 CVE-2024-53241 kernel: ALSA: usb-audio: Fix o...

7.1CVSS7.3AI score0.01325EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2025/04/15 12:0 a.m.•25 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: xen: Xen hypercall page unsafe against speculative attacks Xen Security Advisory 466 CVE-2024-53241 kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources...

7.1CVSS7.1AI score0.01325EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2025/04/14 12:0 a.m.•14 views

Important: gvisor-tap-vsock security update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes:...

7.5CVSS7.2AI score0.00868EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/04/14 12:0 a.m.•21 views

Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

6.2CVSS7.3AI score0.00349EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/04/10 12:0 a.m.•14 views

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers incorrectly sent after...

6.1CVSS7.1AI score0.00647EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2025/04/10 12:0 a.m.•16 views

Important: delve and golang security update

The Go Programming Language. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS7.1AI score0.01127EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/04/08 12:0 a.m.•22 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...

7.5CVSS6.6AI score0.00827EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2025/04/08 12:0 a.m.•14 views

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-24813 For...

10CVSS7AI score0.99945EPSS
Exploits58References6
AlmaLinux
AlmaLinux
•added 2025/04/07 12:0 a.m.•13 views

Important: libxslt security update

libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. Security Fixes: libxslt: Use-After-Free in libxslt numbers.c CVE-2025-24855...

7.8CVSS6.8AI score0.00324EPSS
Exploits4References6
AlmaLinux
AlmaLinux
•added 2025/04/07 12:0 a.m.•10 views

Low: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.2AI score0.02303EPSS
Exploits1References3
AlmaLinux
AlmaLinux
•added 2025/04/07 12:0 a.m.•19 views

Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...

7.8CVSS7.4AI score0.93639EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2025/04/07 12:0 a.m.•12 views

Low: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.2AI score0.02303EPSS
Exploits1References3
AlmaLinux
AlmaLinux
•added 2025/04/07 12:0 a.m.•20 views

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-24813 For...

10CVSS7AI score0.99945EPSS
Exploits58References6
AlmaLinux
AlmaLinux
•added 2025/04/03 12:0 a.m.•13 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3029 firefox: thunderbird: Use-after-free triggered by XSLTProcessor CVE-2025-3028 firefox...

8.1CVSS7.8AI score0.00824EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2025/04/03 12:0 a.m.•15 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3029 firefox: thunderbird: Use-after-free triggered by XSLTProcessor CVE-2025-3028 firefox...

8.1CVSS7.8AI score0.00824EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2025/04/02 12:0 a.m.•27 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

7.5CVSS7.3AI score0.01569EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/31 12:0 a.m.•3 views

Important: python-jinja2 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.8CVSS7.1AI score0.00465EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/31 12:0 a.m.•14 views

Important: python-jinja2 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.8CVSS7.2AI score0.00465EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/31 12:0 a.m.•33 views

Important: freetype security update

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fixes: freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files...

8.1CVSS7.2AI score0.26049EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2025/03/27 12:0 a.m.•23 views

Important: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: net:...

7.6CVSS7.1AI score0.01373EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/27 12:0 a.m.•16 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.8AI score0.00693EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/26 12:0 a.m.•6 views

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh CVE-2025-22869 For more details about the security issues, including the...

7.5CVSS6.7AI score0.00868EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/26 12:0 a.m.•11 views

Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

5.7CVSS6.8AI score0.0032EPSS
Exploits0References3
AlmaLinux
AlmaLinux
•added 2025/03/26 12:0 a.m.•6 views

Moderate: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

5.7CVSS5.6AI score0.0032EPSS
Exploits0References3
AlmaLinux
AlmaLinux
•added 2025/03/26 12:0 a.m.•16 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array CVE-2025-21785 For more details about the security issues, includin...

7.8CVSS7.3AI score0.00257EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/26 12:0 a.m.•16 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array CVE-2025-21785 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.8CVSS7.2AI score0.00257EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/24 12:0 a.m.•10 views

Important: libxslt security update

libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. Security Fixes: libxslt: Use-After-Free in libxslt numbers.c CVE-2025-24855 For...

7.8CVSS7.2AI score0.00324EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2025/03/20 12:0 a.m.•23 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS7.3AI score0.89472EPSS
Exploits10References4
AlmaLinux
AlmaLinux
•added 2025/03/19 12:0 a.m.•3 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: bcm: Fix UAF in bcmprocshow CVE-2023-52922 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

7.8CVSS6.5AI score0.00286EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/19 12:0 a.m.•3 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: can: bcm: Fix UAF in bcmprocshow CVE-2023-52922 For more details about the security issues, including the impact, a CVSS score,...

7.8CVSS5.8AI score0.00286EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/17 12:0 a.m.•21 views

Important: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: net:...

7.6CVSS6.7AI score0.01373EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/17 12:0 a.m.•9 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: out-of-bounds write vulnerability CVE-2025-24201 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer ...

10CVSS7.3AI score0.0424EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2025/03/17 12:0 a.m.•13 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938 firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136,...

7.5CVSS7.8AI score0.00519EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2025/03/17 12:0 a.m.•9 views

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.8CVSS7.4AI score0.00291EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/17 12:0 a.m.•16 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: out-of-bounds write vulnerability CVE-2025-24201 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer ...

10CVSS7.1AI score0.0424EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2025/03/17 12:0 a.m.•9 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938 firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136,...

7.5CVSS9.5AI score0.00519EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2025/03/17 12:0 a.m.•4 views

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/13 12:0 a.m.•11 views

Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

7.1CVSS7.6AI score0.00606EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2025/03/12 12:0 a.m.•17 views

Important: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-After-Free in libxml2 CVE-2024-56171 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 CVE-2025-24928 For more details about the security issues,...

9.8CVSS7.7AI score0.0113EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2025/03/12 12:0 a.m.•30 views

Important: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-After-Free in libxml2 CVE-2024-56171 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 CVE-2025-24928 For more details about the security issues,...

9.8CVSS8.1AI score0.0113EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2025/03/11 12:0 a.m.•8 views

Moderate: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

7.5CVSS7.2AI score0.04575EPSS
Exploits1References8
Total number of security vulnerabilities5313