Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/09/16 12:0 a.m.•22 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: 115.15/128.2 ESR mozilla: Type confusion when looking up a property name in a "with" block CVE-2024-8381 mozilla: Internal event interfaces were exposed to web...

9.8CVSS7.8AI score0.04395EPSS
Exploits1References18
AlmaLinux
AlmaLinux
•added 2024/09/16 12:0 a.m.•21 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: 115.15/128.2 ESR mozilla: Type confusion when looking up a property name in a "with" block CVE-2024-8381 mozilla: Internal event interfaces were exposed to web...

9.8CVSS10AI score0.04395EPSS
Exploits1References18
AlmaLinux
AlmaLinux
•added 2024/09/16 12:0 a.m.•18 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a "with" block CVE-2024-8381 mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener...

9.8CVSS10AI score0.04395EPSS
Exploits1References18
AlmaLinux
AlmaLinux
•added 2024/09/16 12:0 a.m.•23 views

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, and CVE-2024-41123 rexml: DoS vulnerability in REXML CVE-2024-41946...

7.5CVSS7.2AI score0.01283EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/09/16 12:0 a.m.•24 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a "with" block CVE-2024-8381 mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener...

9.8CVSS7.8AI score0.04395EPSS
Exploits1References18
AlmaLinux
AlmaLinux
•added 2024/09/11 12:0 a.m.•28 views

Moderate: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: Malformed userPassword hash may cause Denial of Service CVE-2024-59...

5.7CVSS7.2AI score0.00573EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/11 12:0 a.m.•117 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: nfsd: fix RELEASELOCKOWNER CVE-2024-26629 kernel: mm: cachestat: fix folio read-after-free in cac...

9.1CVSS7.5AI score0.00923EPSS
Exploits0References56
AlmaLinux
AlmaLinux
•added 2024/09/10 12:0 a.m.•20 views

Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

7.5CVSS8AI score0.01284EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/09/09 12:0 a.m.•25 views

Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 For mor...

9.8CVSS7AI score0.01323EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/09 12:0 a.m.•26 views

Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib2: Signal subscription...

5.2CVSS7.4AI score0.00756EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/09/05 12:0 a.m.•41 views

Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

10CVSS7.4AI score0.01283EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/09/04 12:0 a.m.•30 views

Moderate: resource-agents security update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Security Fixes: urllib3: proxy-authorization request header is not stripped during...

8.8CVSS5.7AI score0.01939EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/09/04 12:0 a.m.•36 views

Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

10CVSS7AI score0.01283EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/09/04 12:0 a.m.•36 views

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: urllib3: proxy-authorization request header is not stripped during...

8.8CVSS5.7AI score0.01939EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•29 views

Moderate: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

5.9CVSS7.2AI score0.00667EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•40 views

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 For more details about the security issues, including th...

5.9CVSS7.2AI score0.00667EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•21 views

Moderate: orc security update

Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic...

7CVSS7.7AI score0.00379EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•28 views

Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

9.1CVSS7.4AI score0.01863EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•39 views

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•30 views

Moderate: python3.12 security update

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

5.5CVSS7.3AI score0.00737EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•27 views

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm...

7.5CVSS7AI score0.01105EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•20 views

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.5CVSS7.5AI score0.00737EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•38 views

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•20 views

Moderate: gvisor-tap-vsock security update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: golang:...

5.9CVSS6.9AI score0.00667EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•9 views

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

5.9CVSS6.9AI score0.00667EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•31 views

Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

9.1CVSS7.2AI score0.00672EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•24 views

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 For more details about the...

5.9CVSS6.9AI score0.00667EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•28 views

Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•36 views

Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

6.3CVSS8.1AI score0.27992EPSS
Exploits6References8
AlmaLinux
AlmaLinux
•added 2024/09/03 12:0 a.m.•100 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.5CVSS7.5AI score0.00737EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/29 12:0 a.m.•24 views

Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9AI score0.01565EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/29 12:0 a.m.•24 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9AI score0.01565EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/29 12:0 a.m.•23 views

Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9AI score0.01565EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/29 12:0 a.m.•22 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 For more detail...

8.8CVSS9AI score0.01565EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/08/29 12:0 a.m.•18 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 For more detail...

8.8CVSS9AI score0.01565EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/08/28 12:0 a.m.•63 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nftables: nftsetrbtree skip end interval element from gc CVE-2024-26581 kernel: netfilter: nftlimit: reject configurations that cause integer overflow CVE-2024-26668 kernel: vfio/pci: Loc...

7.8CVSS7.4AI score0.02224EPSS
Exploits2References84
AlmaLinux
AlmaLinux
•added 2024/08/28 12:0 a.m.•32 views

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.8CVSS8.1AI score0.01939EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/08/28 12:0 a.m.•20 views

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more detail...

8.8CVSS7.8AI score0.01565EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/08/28 12:0 a.m.•32 views

Moderate: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow related to VP9 encoding CVE-2023-6349 libvpx: Integer overflow in vpximgalloc...

9.1CVSS7.3AI score0.00814EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/08/28 12:0 a.m.•24 views

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more detail...

8.8CVSS7.8AI score0.01565EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/08/26 12:0 a.m.•47 views

Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...

6.5CVSS6.6AI score0.01104EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/08/26 12:0 a.m.•34 views

Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2024/08/21 12:0 a.m.•20 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Improper Handling of Exceptional Conditions CVE-2024-34750 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7.6AI score0.04602EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/21 12:0 a.m.•42 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Improper Handling of Exceptional Conditions CVE-2024-34750 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7.6AI score0.04602EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/20 12:0 a.m.•25 views

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.8CVSS7.7AI score0.00238EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/20 12:0 a.m.•36 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

8.6CVSS8.7AI score0.36081EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/08/19 12:0 a.m.•22 views

Important: python3.11-setuptools security update

Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software...

8.8CVSS9.2AI score0.01939EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/08/19 12:0 a.m.•40 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.6AI score0.02114EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/08/19 12:0 a.m.•31 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

8.6CVSS8.7AI score0.36081EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/08/19 12:0 a.m.•37 views

Important: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools...

8.8CVSS9.1AI score0.01939EPSS
Exploits0References4
Total number of security vulnerabilities5315