Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/04/08 12:0 a.m.•58 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2024/04/08 12:0 a.m.•36 views

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/2 Broken Window Attack may result in denial of service...

7.5CVSS7.2AI score0.03663EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/02 12:0 a.m.•59 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: parsing large tokens can trigger a denial of service CVE-2023-52425 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed ...

7.5CVSS7.3AI score0.01815EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/04/02 12:0 a.m.•33 views

Important: grafana security and bug fix update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Bug Fixes: TRIAGE CVE-2024-1394 grafana: golang-fips/openssl: Memory leaks i...

7.5CVSS7.6AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/02 12:0 a.m.•99 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of overflow a perfevent's readsize CVE-2023-6931 kernel: GS...

7.8CVSS8.7AI score0.28058EPSS
Exploits17References16
AlmaLinux
AlmaLinux
•added 2024/04/02 12:0 a.m.•65 views

Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 curl: more POST-after-PUT confusion...

6.5CVSS7.4AI score0.06208EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2024/04/02 12:0 a.m.•37 views

Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

5.9CVSS7.2AI score0.00878EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/02 12:0 a.m.•55 views

Moderate: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fixes: less: missing quoting of shell...

7.8CVSS7.1AI score0.01059EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/02 12:0 a.m.•29 views

Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloa...

7.5CVSS7.6AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/04/01 12:0 a.m.•43 views

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-29052 Security Fixes: ruby/cgi-gem: HTTP response...

8.8CVSS7.1AI score0.02637EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2024/03/26 12:0 a.m.•41 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: parsing large tokens can trigger a denial of service CVE-2023-52425 expat: XML Entity Expansion CVE-2024-28757...

7.5CVSS7.4AI score0.02006EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/03/26 12:0 a.m.•39 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: vulnerable to timing variant of...

7.8CVSS8AI score0.03168EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/03/26 12:0 a.m.•31 views

Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS7.5AI score0.01017EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/03/25 12:0 a.m.•53 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

7.8CVSS8AI score0.03168EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/03/25 12:0 a.m.•69 views

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects to other...

8.8CVSS8.3AI score0.01285EPSS
Exploits5References20
AlmaLinux
AlmaLinux
•added 2024/03/25 12:0 a.m.•32 views

Important: grafana-pcp security update

grafana-pcp is an open source Grafana plugin for PCP. Security Fixes: grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS7.6AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/25 12:0 a.m.•32 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS7.6AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/25 12:0 a.m.•64 views

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects to other...

8.8CVSS8.3AI score0.01285EPSS
Exploits5References20
AlmaLinux
AlmaLinux
•added 2024/03/25 12:0 a.m.•80 views

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.9.1 ESR. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: JIT...

8.8CVSS8.6AI score0.047EPSS
Exploits4References22
AlmaLinux
AlmaLinux
•added 2024/03/25 12:0 a.m.•102 views

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.9.1 ESR. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: JIT...

8.8CVSS8.6AI score0.047EPSS
Exploits4References22
AlmaLinux
AlmaLinux
•added 2024/03/21 12:0 a.m.•34 views

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS7.5AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/21 12:0 a.m.•42 views

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.1AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/20 12:0 a.m.•48 views

Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597...

10CVSS7.8AI score0.0481EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/20 12:0 a.m.•49 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

7.5CVSS7.2AI score0.03168EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/20 12:0 a.m.•48 views

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References6
AlmaLinux
AlmaLinux
•added 2024/03/20 12:0 a.m.•31 views

Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597...

10CVSS7.8AI score0.0481EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/19 12:0 a.m.•40 views

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS7.3AI score0.01017EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/03/19 12:0 a.m.•62 views

Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service in HTTP request...

8.6CVSS7.3AI score0.88864EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/03/19 12:0 a.m.•91 views

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-28565 Security Fixes: ruby/cgi-gem: HTTP response...

8.8CVSS7.2AI score0.02637EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2024/03/19 12:0 a.m.•57 views

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service in HTTP request...

8.6CVSS7.3AI score0.88864EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/03/14 12:0 a.m.•74 views

Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof...

7.5CVSS7.2AI score0.99995EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/03/14 12:0 a.m.•96 views

Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof...

7.5CVSS7.2AI score0.99995EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/03/13 12:0 a.m.•48 views

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17...

7.5CVSS7AI score0.03065EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/13 12:0 a.m.•40 views

Moderate: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3...

7.5CVSS7AI score0.03065EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/13 12:0 a.m.•35 views

Moderate: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3...

7.5CVSS7AI score0.03065EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/13 12:0 a.m.•39 views

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17...

7.5CVSS7AI score0.03065EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/07 12:0 a.m.•25 views

Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

5.9CVSS7.2AI score0.00878EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•46 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 For more details about the security issues,...

6.5CVSS6.8AI score0.01685EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•46 views

Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Buffer overflow in the DHCPv6 client via a long Server ID option CVE-2023-45230 edk2: Buffer overflow when processing...

8.8CVSS7.4AI score0.01213EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•168 views

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...

6.5CVSS7.9AI score0.9378EPSS
Exploits12References6
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•63 views

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

5.9CVSS7.3AI score0.9378EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•33 views

Moderate: rear security update

Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility. Security Fixes: rear: creates a world-readable initrd...

5.5CVSS7.2AI score0.00291EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•52 views

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 For more details about...

5.3CVSS7.3AI score0.01208EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•39 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46589 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS7.3AI score0.02651EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•57 views

Low: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Attestation failure when the quote's signature does not validate CVE-2023-3674 For more details about the security issues, including the impact, a CVSS score,...

2.8CVSS7.4AI score0.00203EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•42 views

Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-45285 For more details about the security...

7.5CVSS7.2AI score0.01208EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•104 views

Moderate: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023...

7.5CVSS7.5AI score0.01782EPSS
Exploits0References152
AlmaLinux
AlmaLinux
•added 2024/03/05 12:0 a.m.•77 views

Moderate: haproxy security update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 haproxy: untrimmed URI fragments may lead to exposure of confidential data on static...

8.2CVSS7.3AI score0.01815EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/03/04 12:0 a.m.•40 views

Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Buffer overflow in the DHCPv6 client via a long Server ID option CVE-2023-45230 edk2: Buffer overflow when processing...

8.8CVSS7.4AI score0.01213EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/02/26 12:0 a.m.•26 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

8CVSS7.8AI score0.01465EPSS
Exploits0References4
Total number of security vulnerabilities5315