Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•46 views

Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc: Ou...

7.3CVSS7.9AI score0.8833EPSS
Exploits16References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•27 views

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fixes: squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via...

8.1CVSS6.8AI score0.025EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•61 views

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: scp allows command injection when using backtick characters in the destination...

7.8CVSS7.2AI score0.12996EPSS
Exploits6References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•65 views

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS6.9AI score0.02617EPSS
Exploits3References10
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•36 views

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack CVE-2024-26141...

7.5CVSS6.6AI score0.35376EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•35 views

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network or Internet host. Security Fixes: traceroute: improper command line parsing CVE-2023-46316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.5CVSS6.7AI score0.00367EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•27 views

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

7.5CVSS6.9AI score0.01812EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•46 views

Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: missing length check in bgpattrpsidsub can lead do DoS CVE-2023-31490 frr: processes invalid NLRIs if attribute length is...

7.5CVSS6.7AI score0.02152EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•27 views

Important: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

8.8CVSS7.2AI score0.01002EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•31 views

Moderate: libXpm security update

X.Org X11 libXpm runtime library. Security Fixes: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of bounds read on XPM with corrupted colormap CVE-2023-43789 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.5CVSS6.4AI score0.00365EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•29 views

Moderate: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer-plugins-good: integer overflow leading to hea...

8.8CVSS6.8AI score0.01537EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•23 views

Moderate: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: a heap overflow leading to denail-of-servce while writing a value...

5.5CVSS6.9AI score0.00304EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•51 views

Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367 xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions CVE-2023-6377 xorg-x11-server: out-of-bounds...

9.8CVSS7.3AI score0.02106EPSS
Exploits0References20
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•27 views

Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fixes: vorbis-tools: Buffer Overflow vulnerability CVE-2023-43361...

7.8CVSS6.6AI score0.00448EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•27 views

Moderate: mutt security update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fixes: mutt: null pointer dereference CVE-2023-4874 mutt: null pointer dereference...

6.5CVSS6.5AI score0.00719EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•37 views

Moderate: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: allowing unprivileged user to block another user namespace CVE-2024-22365 For more details about the security issues,...

5.5CVSS6.3AI score0.00459EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•48 views

Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

7.5CVSS6.8AI score0.99995EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•57 views

Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: Divide by zero in epsprintpage in gdevepsn.c CVE-2020-21710 For more...

5.5CVSS6.8AI score0.00619EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•28 views

Moderate: perl-CPAN security update

The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fixes: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CVE-2023-31484 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS6.6AI score0.01548EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•46 views

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References14
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•58 views

Moderate: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367...

7.8CVSS7.3AI score0.01631EPSS
Exploits0References20
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•33 views

Moderate: python3.11-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...

7.5CVSS6.2AI score0.00985EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•48 views

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

8.8CVSS7AI score0.02009EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•39 views

Moderate: exempi security update

Exempi provides a library for easy parsing of XMP metadata. Security Fixes: exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp file CVE-2020-18652 For more details about the security issues, including t...

6.5CVSS6.8AI score0.00998EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•107 views

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Additional...

10CVSS6.8AI score0.07619EPSS
Exploits13References97
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•92 views

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to t...

10CVSS6.9AI score0.07619EPSS
Exploits13References97
AlmaLinux
AlmaLinux
•added 2024/05/22 12:0 a.m.•32 views

Moderate: pki-core:10.6 and pki-deps:10.6 security update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: jackson-databind: denial of service via a large depth of nested objects CVE-2020-36518 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7AI score0.0486EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/05/20 12:0 a.m.•56 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

8.2CVSS7.4AI score0.87211EPSS
Exploits2References12
AlmaLinux
AlmaLinux
•added 2024/05/16 12:0 a.m.•62 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

8.8CVSS7.3AI score0.72648EPSS
Exploits18References14
AlmaLinux
AlmaLinux
•added 2024/05/16 12:0 a.m.•43 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsi...

8.8CVSS7.3AI score0.72648EPSS
Exploits18References14
AlmaLinux
AlmaLinux
•added 2024/05/15 12:0 a.m.•33 views

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19...

6.3CVSS7.3AI score0.01688EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/05/15 12:0 a.m.•37 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

8.2CVSS7.3AI score0.87211EPSS
Exploits2References12
AlmaLinux
AlmaLinux
•added 2024/05/14 12:0 a.m.•41 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5...

6.3CVSS7.3AI score0.01688EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/05/09 12:0 a.m.•55 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

8.2CVSS7.3AI score0.87211EPSS
Exploits2References12
AlmaLinux
AlmaLinux
•added 2024/05/09 12:0 a.m.•37 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

8.2CVSS7.4AI score0.87211EPSS
Exploits2References12
AlmaLinux
AlmaLinux
•added 2024/05/09 12:0 a.m.•37 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

8.2CVSS7.4AI score0.87211EPSS
Exploits2References12
AlmaLinux
AlmaLinux
•added 2024/05/08 12:0 a.m.•30 views

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 CVE-2024-25743 hw: amd: Instruction raise VC exception at exit...

7.1CVSS7.1AI score0.00969EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/05/07 12:0 a.m.•41 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288...

7.5CVSS7.3AI score0.91969EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2024/05/07 12:0 a.m.•105 views

Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc: Ou...

7.3CVSS8.3AI score0.8833EPSS
Exploits16References4
AlmaLinux
AlmaLinux
•added 2024/05/06 12:0 a.m.•34 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

7.5CVSS7.3AI score0.91969EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/05/02 12:0 a.m.•53 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: use-after-free in XMLReader CVE-2024-25062 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

7.5CVSS7.3AI score0.01364EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•57 views

Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message CVE-2023-45235 EDK2: heap buffer...

8.8CVSS7.7AI score0.05533EPSS
Exploits1References18
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•32 views

Moderate: mingw components security update

MinGW Minimalist GNU for Windows is a free and open source software development environment to create Microsoft Windows applications. Security Fixes: binutils: Heap-buffer-overflow binutils-gdb/bfd/libbfd.c in bfdgetl64 CVE-2023-1579 For more details about the security issues, including the impac...

7.8CVSS6.5AI score0.00486EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•37 views

Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

7.8CVSS7.2AI score0.00536EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•46 views

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network or Internet host. Security Fixes: traceroute: improper command line parsing CVE-2023-46316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.5CVSS7AI score0.00367EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•40 views

Moderate: exfatprogs security update

The exfatprogs package contains utilities for formatting and repairing exFAT filesystems. Security Fixes: exfatprogs: exfatprogs allows out-of-bounds memory access CVE-2023-45897 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.5CVSS6.9AI score0.00381EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•32 views

Moderate: wpa_supplicant security update

The wpasupplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 IEEE 802.11i / RSN, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association o...

6.5CVSS7.3AI score0.01177EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•30 views

Moderate: mingw-pixman security update

Pixman is a pixel manipulation library for the X Window System and Cairo. Security Fixes: pixman: Integer overflow in pixmansamplefloory leading to heap out-of-bounds write CVE-2022-44638 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS7.2AI score0.0144EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•40 views

Low: mingw-glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GVariant offset table...

7.5CVSS7.5AI score0.0078EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/04/30 12:0 a.m.•49 views

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fixes: squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via...

8.1CVSS7AI score0.025EPSS
Exploits2References6
Total number of security vulnerabilities5315