Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/12/05 12:0 a.m.•13 views

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/12/05 12:0 a.m.•26 views

Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

8.7CVSS6.1AI score0.01429EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/12/05 12:0 a.m.•21 views

Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/12/04 12:0 a.m.•20 views

Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/12/04 12:0 a.m.•37 views

Moderate: python3:3.6.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.2AI score0.0067EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/12/04 12:0 a.m.•21 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/12/04 12:0 a.m.•12 views

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/12/04 12:0 a.m.•20 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8AI score0.04422EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/12/03 12:0 a.m.•24 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on Signature Verification...

8.8CVSS7.1AI score0.00762EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2024/12/02 12:0 a.m.•24 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message CVE-2024-11159 firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled...

8.8CVSS6.9AI score0.00762EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2024/12/02 12:0 a.m.•14 views

Important: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues,...

7.5CVSS6.8AI score0.01051EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/12/02 12:0 a.m.•29 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on Signature Verification...

8.8CVSS6.9AI score0.00762EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2024/12/02 12:0 a.m.•25 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message CVE-2024-11159 firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled...

8.8CVSS7AI score0.00762EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2024/11/27 12:0 a.m.•19 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: data isolation bypass vulnerability CVE-2024-44309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

6.3CVSS6.4AI score0.21044EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/27 12:0 a.m.•17 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: data isolation bypass vulnerability CVE-2024-44309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

6.3CVSS6.4AI score0.21044EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/26 12:0 a.m.•28 views

Low: kernel-rt:4.18.0 security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: media: edia: dvbdev: fix a use-after-free CVE-2024-27043 kernel: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in...

7.8CVSS7.1AI score0.00291EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/26 12:0 a.m.•33 views

Moderate: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents CVE-2021-33198 podman: podman machine spawns gvproxy...

7.5CVSS7.2AI score0.034EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2024/11/26 12:0 a.m.•23 views

Important: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041 pam: Improper Hostname Interpretation in pamaccess Leads t...

7.4CVSS7.7AI score0.00798EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/26 12:0 a.m.•46 views

Moderate: kernel:4.18.0 security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: edia: dvbdev: fix a use-after-free CVE-2024-27043 kernel: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout CVE-2024-27399 kernel: bpf: Add BPFPROGTYPECGROUPSKB attach type...

7.8CVSS6.7AI score0.00301EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/11/26 12:0 a.m.•35 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Fix overrunning reservations in ringbuf CVE-2024-41009 kernel: USB: serial: mos7840: fix crash on resume CVE-2024-42244 kernel: cxl/port: Fix use-after-free, permit out-of-order...

7.8CVSS7AI score0.00261EPSS
Exploits0References7
AlmaLinux
AlmaLinux
•added 2024/11/26 12:0 a.m.•29 views

Important: tuned security update

The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: scriptpre and scriptpost options allow to pass arbitrary scripts executed by root CVE-2024-52336 tuned: improper sanitization of instancename parameter of the instancecreate...

7.8CVSS7AI score0.00298EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/25 12:0 a.m.•11 views

Moderate: perl-App-cpanminus security update

Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution...

9.8CVSS9.4AI score0.00737EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/25 12:0 a.m.•23 views

Important: pam:1.5.1 security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: Improper Hostname Interpretation in pamaccess Leads to Access Control Bypass CVE-2024-10963 For more details about the...

7.4CVSS7.6AI score0.00798EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/25 12:0 a.m.•21 views

Moderate: perl-App-cpanminus:1.7044 security update

The panminus is a script to get, unpack, build and install modules from CPAN. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

9.8CVSS9.6AI score0.00737EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/20 12:0 a.m.•33 views

Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7.8CVSS7.5AI score0.00894EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/18 12:0 a.m.•17 views

Moderate: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Integer overflow in vpximgalloc CVE-2024-5197 For more details about the security issues, including the...

9.1CVSS7AI score0.00814EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/14 12:0 a.m.•19 views

Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of Service processing ESI response content CVE-2024-45802 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS6.8AI score0.45289EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/14 12:0 a.m.•28 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: nexthop: Initialize all fields in dumped nexthops CVE-2024-42283 kernel: iommufd: Require drivers to supply the cacheinvalidateuser ops CVE-2024-46824 kernel: mptcp: pm: Fix uaf in...

7CVSS8.4AI score0.00257EPSS
Exploits0References7
AlmaLinux
AlmaLinux
•added 2024/11/14 12:0 a.m.•33 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: chromium-browser: Use after free in ANGLE CVE-2024-4558 webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-40789 webkitgtk:...

9.8CVSS8.3AI score0.01344EPSS
Exploits1References30
AlmaLinux
AlmaLinux
•added 2024/11/14 12:0 a.m.•29 views

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: vulnerable to a Denial of Service attack against Cache Manager error responses CVE-2024-23638 squid: Denial of Service processing ESI response content...

7.5CVSS6.8AI score0.6005EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/11/14 12:0 a.m.•20 views

Low: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: heap-based buffer...

9.8CVSS7.5AI score0.04505EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•43 views

Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.100 and .NET Runtime 9.0.1.0...

9.8CVSS6.6AI score0.03512EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•13 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefo...

9.8CVSS10AI score0.32568EPSS
Exploits1References24
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•12 views

Important: NetworkManager-libreswan security update

This package contains software for integrating the libreswan VPN software with NetworkManager and the GNOME desktop Security Fixes: NetworkManager-libreswan: Local privilege escalation via leftupdown CVE-2024-9050 For more details about the security issues, including the impact, a CVSS score,...

7.8CVSS7AI score0.00452EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•23 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 firefox: thunderbird: History interface could have been used to cause a Denial of Servi...

9.8CVSS10AI score0.32568EPSS
Exploits1References24
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•12 views

Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

9.1CVSS6.8AI score0.01258EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•29 views

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

7.5CVSS6.8AI score0.00933EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•26 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Visiting a malicious website may lead to address bar spoofing CVE-2024-40866 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-44187 webkitgtk: webkit2gtk:...

6.5CVSS6.9AI score0.0095EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•15 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

5.9CVSS6.9AI score0.0104EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•17 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

5.9CVSS6.9AI score0.0104EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•28 views

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

7.5CVSS6.8AI score0.00933EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/11/13 12:0 a.m.•13 views

Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7.8CVSS7.5AI score0.00894EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•23 views

Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

6.2CVSS6.6AI score0.00242EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•31 views

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...

9.8CVSS9.3AI score0.01952EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•20 views

Moderate: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...

7.5CVSS6.7AI score0.01261EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•13 views

Low: bpftrace security update

BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter eBPF available in recent Linux kernels 4.x. BPFtrace uses LLVM as a backend to compile scripts to BPF-bytecode and makes use of BCC for interacting with the Linux BPF system, as well as existing Linux tracing...

2.8CVSS6.5AI score0.00184EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•13 views

Moderate: oci-seccomp-bpf-hook security update

OCI Hook to generate seccomp json files based on EBF syscalls used by container oci-seccomp-bpf-hook provides a library for applications looking to use the Container Pod concept popularized by Kubernetes. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 Fo...

5.9CVSS7.8AI score0.01001EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•9 views

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deepl...

7.5CVSS8AI score0.01127EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•16 views

Low: tpm2-tools security update

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module TPM 2.0 devices from user space. Security Fixes: tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the...

9CVSS6.7AI score0.00984EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•44 views

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: go/parser: golang: Calling any of the Parse functions containing deeply nested literals c...

8.2CVSS8.7AI score0.01345EPSS
Exploits0References16
Total number of security vulnerabilities5315