Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•18 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 dompurify:...

10CVSS7.8AI score0.01127EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•16 views

Moderate: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

7.5CVSS8.5AI score0.01414EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•26 views

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: containers/image: digest type does not guarantee valid type CVE-2024-3727 golang: net: malformed DNS message can cause infinite...

8.3CVSS8.4AI score0.01414EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•12 views

Moderate: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents CVE-2024-31080 xorg-x11-server:...

7.8CVSS7.8AI score0.01843EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•14 views

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 For more details about the security issues, including the impact, a CVSS score,...

5.9CVSS7.8AI score0.01001EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•26 views

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in...

7.5CVSS8.6AI score0.01414EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•25 views

Low: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: heap-based buffer overflow vulnerability CVE-2021-3903 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

7.8CVSS6.9AI score0.00601EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•29 views

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

7.5CVSS7.9AI score0.01127EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•25 views

Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

8.2CVSS8.7AI score0.01345EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•15 views

Moderate: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: command injection via crafted archives or compressed files...

6.5CVSS7.2AI score0.0187EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•30 views

Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fixes: dnspython: denial of service in stub resolver CVE-2023-29483 For more details about th...

7CVSS6.7AI score0.01857EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•34 views

Moderate: microcode_ctl security update

The microcodectl packages provide microcode updates for Intel and AMD processors. Security Fixes: kernel: local privilege escalation on Intel microcode on IntelR XeonR CVE-2023-22655 kernel: Local information disclosure on IntelR AtomR processors CVE-2023-28746 kernel: Local information disclosur...

6.5CVSS7.1AI score0.0075EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•16 views

Moderate: mingw-glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib2: Signal subscription...

5.2CVSS6.9AI score0.00756EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•25 views

Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent...

6.5CVSS7AI score0.03174EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•20 views

Low: nano security update

GNU nano is a small and friendly text editor. Security Fixes: nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 For more details about the security issues, including the impact, a CVSS scor...

6.7CVSS6.4AI score0.00346EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•17 views

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

8.3CVSS8.1AI score0.01414EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•11 views

Low: bcc security update

BPF Compiler Collection BCC is a toolkit for easier creation of efficient kernel tracing and manipulation programs. BCC uses the extended Berkeley Packet Filter eBPF tool. Security Fixes: bcc: unprivileged users can force loading of compromised linux headers CVE-2024-2314 For more details about t...

2.8CVSS6.4AI score0.00218EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•27 views

Moderate: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: SMTP smuggling vulnerability CVE-2023-51764 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.3CVSS6.4AI score0.02598EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•18 views

Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

3.2CVSS6.5AI score0.00266EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•17 views

Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow...

8.2CVSS7AI score0.01027EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•56 views

Moderate: bluez security update

The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts AlmaLinux, and pcmcia configuration files. Security Fixes: bluez: unauthorized HID device connections allows keystroke injection and arbitrary...

8CVSS9.4AI score0.07879EPSS
Exploits8References22
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•69 views

Moderate: iperf3 security update

Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fixes: iperf3: possible denial of service CVE-2023-7250,ESNET-SECADV-2023-0002 iperf3: vulnerable to marvin attack if th...

5.9CVSS6.8AI score0.01107EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•18 views

Moderate: python3.12 security update

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

8.7CVSS6.9AI score0.01275EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•44 views

Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP response splitting CVE-2023-38709 httpd: HTTP Response Splitting in multiple modules CVE-2024-24795 For more details about the security issues, including the impact, a...

7.3CVSS6.8AI score0.03914EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•17 views

Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

6.5CVSS5.3AI score0.01141EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•9 views

Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file For more details about the security issues, including the impact, a CVSS score,...

9.8CVSS7.9AI score0.62474EPSS
Exploits5References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•19 views

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: accepts keys containing non-attribute characters CVE-2024-34064 For...

5.4CVSS6.8AI score0.00979EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•24 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkit: visiting a malicious website may lead to address bar spoofing CVE-2023-42843 webkit: heap use-after-free may lead to arbitrary code execution CVE-2023-42950 webkit: processing malicious...

9.6CVSS8.5AI score0.01344EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•26 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.7CVSS7.7AI score0.01275EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•21 views

Moderate: python3.12 security update

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

7.5CVSS7.8AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•23 views

Low: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Unbounded memory growth with session handling in TLSv1.3 CVE-2024-2511 openssl: Excessive time...

9.1CVSS7AI score0.54026EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•17 views

Important: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

9CVSS7.6AI score0.14859EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•11 views

Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice CVE-2024-31081 xorg-x11-server: Use-after-free in...

7.8CVSS7.8AI score0.01843EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•13 views

Moderate: gtk3 security update

The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fixes: gtk3: gtk2: Library injection from CWD CVE-2024-6655 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

7CVSS6.9AI score0.00464EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•16 views

Moderate: lldpd security update

LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices. Security Fixes: lldp/openvswitch: denial of service...

9.8CVSS7AI score0.03235EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•14 views

Moderate: python3.12-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

6.3CVSS7AI score0.00691EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•19 views

Moderate: cyrus-imapd security update

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command CVE-2024-34055 For more details about the security issues, including the impact, a CVSS...

6.5CVSS6.6AI score0.00836EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•20 views

Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

5.3CVSS6.5AI score0.00884EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•21 views

Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

10CVSS7AI score0.01283EPSS
Exploits1References3
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•62 views

Moderate: libgcrypt security update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: vulnerable to Marvin Attack CVE-2024-2236 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

5.9CVSS6.5AI score0.01114EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•20 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

6.5CVSS5.2AI score0.01141EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•16 views

Moderate: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

5.5CVSS7AI score0.00288EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•18 views

Moderate: gnome-shell and gnome-shell-extensions security update

GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and...

6.5CVSS7.1AI score0.00299EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•18 views

Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: pdfinfo: crash in broken documents when using -dests parameter CVE-2024-6239 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS6.5AI score0.00785EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•15 views

Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose: Denia...

7.5CVSS6.7AI score0.02085EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•22 views

Moderate: python3.11-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

6.3CVSS7AI score0.00691EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•28 views

Low: NetworkManager security update

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

3.1CVSS6.7AI score0.00447EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•14 views

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.7CVSS6.8AI score0.01275EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•11 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.7AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•27 views

Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

7.5CVSS6.7AI score0.01128EPSS
Exploits3References8
Total number of security vulnerabilities5315