Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•82 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: permission model improperly...

9.8CVSS7.5AI score0.99999EPSS
Exploits19References14
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•31 views

Moderate: protobuf-c security update

The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, ref...

5.5CVSS7.2AI score0.00366EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•41 views

Moderate: libfastjson security update

The libfastjson library provides essential JavaScript Object Notation JSON handling functions. The library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert JSON-formatted strings back to the C representation of JSON objects. Security Fixes: json-c,...

7.8CVSS7.3AI score0.01888EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•31 views

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow CVE-2023-3138 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.5AI score0.01656EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•51 views

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: insufficient sanitization of Host header CVE-2023-29406 For more details about the security issues, including the impact, a CVSS score,...

6.5CVSS7.2AI score0.0125EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•68 views

Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-38592...

9.8CVSS8.2AI score0.01521EPSS
Exploits0References38
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•35 views

Low: tpm2-tss security and enhancement update

The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to interact with TPM 2.0 devices Security Fixes: tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 For more details about the security issues,...

6.4CVSS6.9AI score0.00519EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•45 views

Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.8CVSS6.9AI score0.27095EPSS
Exploits4References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•65 views

Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

6.5CVSS7.2AI score0.01301EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•49 views

Moderate: fwupd security update

The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

6.5CVSS7.1AI score0.00602EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•57 views

Moderate: python3.11-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

9.8CVSS7AI score0.27095EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•40 views

Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more details about the security issues, including the...

3.7CVSS6.8AI score0.00616EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•98 views

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

8.8CVSS6.7AI score0.04127EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•36 views

Moderate: perl-HTTP-Tiny security update

HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•40 views

Moderate: cups security and bug fix update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: heap buffer overflow may lead to DoS CVE-2023-32324 cups: use-after-free in cupsdAcceptClient in scheduler/client.c CVE-2023-34241 For more details about t...

7.5CVSS7.6AI score0.01473EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•102 views

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.8CVSS7AI score0.27095EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•23 views

Moderate: xorg-x11-server-Xwayland security and bug fix update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability CVE-2023-1393 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

7.8CVSS7AI score0.0044EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•29 views

Moderate: edk2 security and bug fix update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 For more details...

6.8AI score
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•34 views

Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

9.8CVSS7AI score0.04094EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•35 views

Moderate: tang security and bug fix update

Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption NBDE project. Security Fixes: tang: Race condition exists in the key...

5.3CVSS7.1AI score0.00568EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•46 views

Moderate: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosure CVE-2023-28708 tomcat: Fix for...

7.5CVSS7AI score0.51547EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•55 views

Critical: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 squid: Request/Response smuggling in HTTP/1.1 and ICAP CVE-2023-46846 For more details about the...

9.3CVSS7.3AI score0.85944EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•50 views

Moderate: python-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

9.8CVSS7AI score0.27095EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•41 views

Moderate: flatpak security, bug fix, and enhancement update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. The following packages have been upgraded to a later upstream version: flatpak 1.10.8. BZ2222103 Security Fixes: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual consol...

10CVSS7.3AI score0.00887EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•39 views

Moderate: yajl security update

Yet Another JSON Library YAJL is a small event-driven SAX-style JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: yajl: Memory leak in yajltreeparse function CVE-2023-33460 For more details about the security issues, including the impact, a CVSS score,...

6.5CVSS6.9AI score0.01129EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•47 views

Moderate: linux-firmware security, bug fix, and enhancement update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw amd: Return Address Predictor vulnerability leading to information disclosure CVE-2023-20569 For more details about the security issues, including the impact, a CVSS...

4.7CVSS7AI score0.0616EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•30 views

Low: opensc security and bug fix update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: opensc: buffer overrun vulnerability in pkcs15...

7.1CVSS7.2AI score0.00295EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•36 views

Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: command execution via shell metacharacters CVE-2022-48337 emacs: command injection...

9.8CVSS7.3AI score0.01603EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•36 views

Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buffer over read in aresparsesoareply CVE-2020-22217 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 For more details about the security issues,...

6.4CVSS7.4AI score0.00838EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•53 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.8CVSS7AI score0.27095EPSS
Exploits3References6
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•57 views

Moderate: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7AI score0.13108EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•26 views

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

5.5CVSS6.8AI score0.00263EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•42 views

Moderate: wireshark security update

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: VMS TCPIPtrace file parser crash CVE-2023-2856 wireshark: NetScaler file parser crash...

6.5CVSS6.9AI score0.02256EPSS
Exploits4References10
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•164 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 kernel: net/sched: multiple vulnerabilities CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208...

8.8CVSS8.2AI score0.03882EPSS
Exploits8References105
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•34 views

Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 For more details about the security issues, including the impact, a CVSS score,...

8.6CVSS7.5AI score0.01232EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•46 views

Moderate: dnsmasq security and bug fix update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 CVE-2023-28450 For more details about the security issues,...

7.5CVSS6.9AI score0.01334EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•60 views

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

9.8CVSS6.7AI score0.04561EPSS
Exploits2References34
AlmaLinux
AlmaLinux
•added 2023/11/14 12:0 a.m.•60 views

Moderate: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

9.8CVSS6.7AI score0.04561EPSS
Exploits3References36
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•67 views

Moderate: haproxy security and bug fix update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: data leak via fcgi requests CVE-2023-0836 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...

7.5CVSS7.1AI score0.01201EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•60 views

Moderate: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

7.5CVSS7.2AI score0.62606EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•39 views

Moderate: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: smbd allows client access to unix domain sockets ...

9.8CVSS7.4AI score0.02409EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•83 views

Important: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file...

9.8CVSS8.2AI score0.78483EPSS
Exploits6References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•40 views

Moderate: ncurses security and bug fix update

The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo...

7.8CVSS7.3AI score0.00923EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•48 views

Moderate: python-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

9.8CVSS7.2AI score0.27095EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•37 views

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documen...

8.8CVSS8.3AI score0.0468EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•37 views

Moderate: krb5 security and bug fix update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

8.8CVSS7.3AI score0.02107EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•27 views

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow CVE-2023-3138 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.7AI score0.01656EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•60 views

Moderate: perl-HTTP-Tiny security update

HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...

8.1CVSS7.1AI score0.01742EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•42 views

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: NULL pointer dereference during rekeying with algorithm guessing CVE-2023-1667 libssh: authorization bypass in pkiverifydatasignature CVE-2023-2283 For more...

6.5CVSS7.1AI score0.01314EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•65 views

Moderate: httpd and mod_http2 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.57. BZ2184403 Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about th...

7.5CVSS7.2AI score0.02134EPSS
Exploits0References4
Total number of security vulnerabilities5315