Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/01/25 12:0 a.m.•82 views

Moderate: rpm security update

The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...

6.7CVSS6.8AI score0.00491EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2024/01/25 12:0 a.m.•54 views

Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: ffr: Flowspec overflow in bgpd/bgpflowspec.c CVE-2023-38406 ffr: Out of bounds read in bgpd/bgplabel.c CVE-2023-38407 frr: cra...

9.8CVSS7.1AI score0.00939EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/01/25 12:0 a.m.•53 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

7.3CVSS7AI score0.01249EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/01/25 12:0 a.m.•47 views

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

6.1CVSS7.1AI score0.05972EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2024/01/24 12:0 a.m.•200 views

Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS vulnerability when parsing multipart request body CVE-2023-0662 php: Missing error check and insufficient random bytes...

9.8CVSS7.3AI score0.08003EPSS
Exploits6References14
AlmaLinux
AlmaLinux
•added 2024/01/22 12:0 a.m.•72 views

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Incorrect cipher key and IV length processing CVE-2023-5363 For more details about the security...

7.5CVSS7.5AI score0.03332EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/01/18 12:0 a.m.•43 views

Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing side-channel...

7.4CVSS7.6AI score0.01026EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2024/01/17 12:0 a.m.•40 views

Important: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing side-channel...

7.4CVSS7.7AI score0.01026EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2024/01/17 12:0 a.m.•45 views

Important: java-21-openjdk security update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing side-channel...

7.4CVSS7.2AI score0.00918EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2024/01/17 12:0 a.m.•134 views

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...

7.5CVSS7.4AI score0.00918EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2024/01/17 12:0 a.m.•55 views

Important: java-21-openjdk security update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing side-channel...

7.4CVSS7.4AI score0.00918EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2024/01/15 12:0 a.m.•55 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

7.3CVSS7.5AI score0.01249EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/01/15 12:0 a.m.•65 views

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS7.2AI score0.02507EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•219 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1...

9.8CVSS7AI score0.02868EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•48 views

Important: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26...

9.8CVSS7AI score0.02868EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•30 views

Moderate: pixman security update

Pixman is a pixel manipulation library for the X Window System and Cairo. Security Fixes: pixman: Integer overflow in pixmansamplefloory leading to heap out-of-bounds write CVE-2022-44638 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS7.7AI score0.0144EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•80 views

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

6.1CVSS7.3AI score0.05972EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•57 views

Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

6.5CVSS7.2AI score0.00816EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•57 views

Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: ffr: Flowspec overflow in bgpd/bgpflowspec.c CVE-2023-38406 ffr: Out of bounds read in bgpd/bgplabel.c CVE-2023-38407 frr: cra...

9.8CVSS7.5AI score0.00939EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•36 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause global buffer overflow CVE-2023-39615 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

6.5CVSS7.7AI score0.00667EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•63 views

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 For more details about the security issues,...

5.9CVSS7.3AI score0.01257EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•60 views

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15...

9.8CVSS7AI score0.02868EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•90 views

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-certifi: Removal of e-Tugra root certificate CVE-2023-37920...

9.8CVSS7.4AI score0.01207EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•43 views

Moderate: idm:DL1 security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: Kerberos: delegation constrain bypass in S4U2Proxy CVE-2020-17049 ipa: Invalid CSRF protection...

9CVSS7.4AI score0.13794EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•50 views

Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

7.5CVSS7.3AI score0.02513EPSS
Exploits1References20
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•93 views

Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 urllib3: Request body not stripped after redirect from 303 status changes...

8.1CVSS7.2AI score0.01207EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•44 views

Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

6.5CVSS7.2AI score0.00816EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•31 views

Moderate: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: ipa: Invalid CSRF protection CVE-2023-5455 For more details about the security issues, including the...

6.5CVSS7.3AI score0.0057EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•43 views

Important: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26...

9.8CVSS7AI score0.02868EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•45 views

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15...

9.8CVSS7AI score0.02868EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•43 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1...

9.8CVSS7AI score0.02868EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•46 views

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.1AI score0.0177EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2024/01/10 12:0 a.m.•133 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use after free in unixstreamsendpage CVE-2023-4622 kernel: vmwgfx: reference count issue leads to use-after-free in surface handling CVE-2023-5633 kernel: netfilter: potential...

7.8CVSS7.1AI score0.0616EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2024/01/08 12:0 a.m.•66 views

Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of Service in SSL Certificate validation CVE-2023-46724 squid: NULL pointer dereference in the gopher protocol code CVE-2023-46728 squid: Buffer over-read...

8.6CVSS7.5AI score0.88818EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/01/03 12:0 a.m.•77 views

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of Service in SSL Certificate validation CVE-2023-46724 squid: NULL pointer dereference in the gopher protocol code CVE-2023-46728 squid: Buffer over-read...

8.6CVSS7.5AI score0.88818EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2024/01/02 12:0 a.m.•44 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in Firefox 121, Firefo...

8.8CVSS8.5AI score0.20472EPSS
Exploits0References24
AlmaLinux
AlmaLinux
•added 2024/01/02 12:0 a.m.•50 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.6.0 ESR. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla...

8.8CVSS8.5AI score0.20472EPSS
Exploits0References24
AlmaLinux
AlmaLinux
•added 2024/01/02 12:0 a.m.•47 views

Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7.8CVSS7.2AI score0.01631EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/01/02 12:0 a.m.•42 views

Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7.8CVSS7.2AI score0.01631EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/01/02 12:0 a.m.•55 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.6.0 ESR. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla...

8.8CVSS8.5AI score0.20472EPSS
Exploits0References24
AlmaLinux
AlmaLinux
•added 2024/01/02 12:0 a.m.•55 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in Firefox 121, Firefo...

8.8CVSS8.5AI score0.20472EPSS
Exploits0References24
AlmaLinux
AlmaLinux
•added 2023/12/20 12:0 a.m.•37 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...

8.8CVSS9.4AI score0.04322EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2023/12/19 12:0 a.m.•62 views

Low: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 OpenSSL: Excessive time spent...

5.3CVSS7AI score0.05533EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/12/19 12:0 a.m.•30 views

Moderate: opensc security update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Potential PIN bypass when card tracks it...

6.6CVSS7AI score0.01174EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/12/19 12:0 a.m.•36 views

Moderate: opensc security update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Potential PIN bypass when card tracks it...

6.6CVSS7AI score0.01174EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/12/14 12:0 a.m.•44 views

Moderate: avahi security update

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...

6.2CVSS7.2AI score0.0045EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2023/12/14 12:0 a.m.•34 views

Important: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 For more details about the...

8.8CVSS7.3AI score0.01744EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/12/13 12:0 a.m.•39 views

Important: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer: AV1 codec parser heap-based buffer overflow CVE-2023-44429 gstreamer: MXF demuxer...

8.8CVSS7.4AI score0.02189EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/12/13 12:0 a.m.•38 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...

8.8CVSS8.3AI score0.04322EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2023/12/13 12:0 a.m.•44 views

Important: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.8CVSS7.5AI score0.04322EPSS
Exploits0References4
Total number of security vulnerabilities5315