Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/11/12 12:0 a.m.•16 views

Moderate: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: command injection via crafted archives or compressed files...

6.5CVSS7.2AI score0.0187EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/11/11 12:0 a.m.•15 views

Moderate: gstreamer1-plugins-base security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins. Security Fixes: gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 For more details about the...

7.8CVSS6.8AI score0.01565EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/11 12:0 a.m.•29 views

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN...

7.8CVSS7AI score0.01345EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/11/06 12:0 a.m.•20 views

Low: bzip2 security update

The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fixes: bzip2: out-of-bounds write in function BZ2decompress CVE-2019-12900 For more...

9.8CVSS7.1AI score0.08042EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/06 12:0 a.m.•17 views

Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Possible denial of service in X.509 name checks CVE-2024-6119 For more details about the security issues, including...

7.5CVSS7.5AI score0.66594EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•70 views

Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: net/bluetooth: race condition in conninfomin,maxageset CVE-2024-24857 kernel: dmaengine: fix NULL pointer in channel unregistratio...

9.8CVSS7.5AI score0.01483EPSS
Exploits0References79
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•18 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: NULL pointer dereference in tifdirinfo.c CVE-2024-7006 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS7.6AI score0.01516EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•16 views

Moderate: haproxy security update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers CVE-2023-45539 For more details about the security issues, including th...

8.2CVSS6.8AI score0.01526EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•16 views

Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 For more details about th...

6.5CVSS6.7AI score0.00297EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•14 views

Important: python-gevent security update

gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop. Features include: convenient API around greenlets familiar synchronization primitives gevent.event, gevent.queue socket module that cooperates WSGI serve...

9.8CVSS6.9AI score0.01334EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•80 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/bluetooth: race condition in conninfomin,maxageset CVE-2024-24857 kernel: dmaengine: fix NULL pointer in channel unregistration function CVE-2023-52492 kernel: netfilter:...

9.8CVSS7.4AI score0.01483EPSS
Exploits0References79
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•18 views

Low: bcc security update

BPF Compiler Collection BCC is a toolkit for easier creation of efficient kernel tracing and manipulation programs. BCC uses the extended Berkeley Packet Filter eBPF tool. Security Fixes: bcc: unprivileged users can force loading of compromised linux headers CVE-2024-2314 For more details about t...

2.8CVSS6.7AI score0.00218EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•22 views

Moderate: python3.12 security update

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

7.5CVSS7.8AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•27 views

Important: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

9CVSS7.5AI score0.14859EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•15 views

Low: bpftrace security update

BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter eBPF available in recent Linux kernels 4.x. BPFtrace uses LLVM as a backend to compile scripts to BPF-bytecode and makes use of BCC for interacting with the Linux BPF system, as well as existing Linux tracing...

2.8CVSS6.8AI score0.00184EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•33 views

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 Buildah: Podman: Improper Input Validation in...

8.2CVSS7.7AI score0.0099EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•19 views

Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

6.5CVSS5.2AI score0.01141EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•20 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

6.5CVSS5.1AI score0.01141EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•13 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: NULL pointer dereference in tifdirinfo.c CVE-2024-7006 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS6.8AI score0.01516EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•16 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.7AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/11/05 12:0 a.m.•14 views

Moderate: xmlrpc-c security update

XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...

9.8CVSS9.7AI score0.0113EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/11/04 12:0 a.m.•25 views

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: XSS due to Content-Disposition being ignored in...

9.8CVSS7.3AI score0.00809EPSS
Exploits0References22
AlmaLinux
AlmaLinux
•added 2024/11/04 12:0 a.m.•21 views

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: XSS due to Content-Disposition being ignored in...

9.8CVSS7.3AI score0.00809EPSS
Exploits0References22
AlmaLinux
AlmaLinux
•added 2024/11/04 12:0 a.m.•18 views

Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

9.1CVSS7.2AI score0.01258EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/11/04 12:0 a.m.•14 views

Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability CVE-2024-9632 For mo...

7.8CVSS7.5AI score0.00894EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/10/31 12:0 a.m.•31 views

Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: XSS due to...

9.8CVSS7.5AI score0.00809EPSS
Exploits0References22
AlmaLinux
AlmaLinux
•added 2024/10/31 12:0 a.m.•28 views

Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: XSS due to...

9.8CVSS7.4AI score0.00809EPSS
Exploits0References22
AlmaLinux
AlmaLinux
•added 2024/10/30 12:0 a.m.•23 views

Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.4CVSS7.2AI score0.01715EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/10/30 12:0 a.m.•22 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

10CVSS6.7AI score0.01093EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/10/30 12:0 a.m.•49 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: hw: cpu: intel: Native Branch History Injection BHI CVE-2024-2201 kernel: tcp: add sanity checks to rx zerocopy CVE-2024-26640 kernel: mptcp: fix data re-injection from stale subflow CVE-2024-268...

7.8CVSS7.6AI score0.08555EPSS
Exploits0References45
AlmaLinux
AlmaLinux
•added 2024/10/29 12:0 a.m.•23 views

Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.8CVSS7AI score0.00392EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/10/24 12:0 a.m.•25 views

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.7AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/10/24 12:0 a.m.•18 views

Moderate: python3.12 security update

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

7.5CVSS7.8AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/10/23 12:0 a.m.•15 views

Important: NetworkManager-libreswan security update

This package contains software for integrating the libreswan VPN software with NetworkManager and the GNOME desktop Security Fixes: NetworkManager-libreswan: Local privilege escalation via leftupdown CVE-2024-9050 For more details about the security issues, including the impact, a CVSS score,...

7.8CVSS7.1AI score0.00452EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/10/23 12:0 a.m.•17 views

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.7AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/10/23 12:0 a.m.•17 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.7AI score0.02203EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/10/22 12:0 a.m.•23 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

10CVSS6.5AI score0.01093EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/10/16 12:0 a.m.•43 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution CVE-2024-40776 webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash...

9.8CVSS8.7AI score0.01135EPSS
Exploits0References24
AlmaLinux
AlmaLinux
•added 2024/10/16 12:0 a.m.•32 views

Moderate: java-17-openjdk security update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JDK...

7.1CVSS7AI score0.01157EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2024/10/16 12:0 a.m.•35 views

Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JD...

7.1CVSS7AI score0.01157EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2024/10/16 12:0 a.m.•24 views

Moderate: java-21-openjdk security update

The OpenJDK 21 runtime environment. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JDK: HTTP client improper handling of maxHeaderSize 8328286 CVE-2024-21208 JDK: Unbounded...

7.1CVSS7AI score0.01157EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2024/10/16 12:0 a.m.•20 views

Moderate: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JDK...

7.1CVSS7AI score0.01157EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2024/10/16 12:0 a.m.•73 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Local information disclosure on IntelR AtomR processors CVE-2023-28746 kernel: netfilter: nftflowoffload: reset dst in route object after setting up flow CVE-2024-27403 kernel: Revert...

7.8CVSS6.9AI score0.00546EPSS
Exploits0References28
AlmaLinux
AlmaLinux
•added 2024/10/15 12:0 a.m.•35 views

Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

8.2CVSS8.4AI score0.01127EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/10/15 12:0 a.m.•40 views

Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

7.5CVSS7.7AI score0.01127EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/10/15 12:0 a.m.•32 views

Important: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack...

7.5CVSS7.8AI score0.01127EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/10/14 12:0 a.m.•23 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

9.8CVSS7.2AI score0.32568EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/10/14 12:0 a.m.•39 views

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 go/parser: golang: Calling any of the...

7.5CVSS7.2AI score0.01165EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/10/14 12:0 a.m.•18 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

9.8CVSS7.2AI score0.32568EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/10/14 12:0 a.m.•16 views

Moderate: OpenIPMI security update

The OpenIPMI packages provide command-line tools and utilities to access platform information using Intelligent Platform Management Interface IPMI. System administrators can use OpenIPMI to manage systems and to perform system health monitoring. Security Fixes: openipmi: missing check on the...

5CVSS7AI score0.00395EPSS
Exploits0References4
Total number of security vulnerabilities5315