Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•67 views

Moderate: haproxy security and bug fix update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: data leak via fcgi requests CVE-2023-0836 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...

7.5CVSS7.1AI score0.01201EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•38 views

Moderate: sysstat security and bug fix update

The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fixes: sysstat: checkoverflow function can work incorrectly, which could lead to an overflow CVE-2023-33204 For more details about the security...

7.8CVSS7.5AI score0.00327EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•76 views

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

9.8CVSS7.2AI score0.04561EPSS
Exploits1References24
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•44 views

Moderate: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosure CVE-2023-28708 tomcat: Fix for...

7.5CVSS7.1AI score0.51547EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•34 views

Moderate: java-21-openjdk security and bug fix update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

5.3CVSS7.5AI score0.014EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•39 views

Moderate: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: smbd allows client access to unix domain sockets ...

9.8CVSS7.4AI score0.02409EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•43 views

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: NULL pointer dereference during rekeying with algorithm guessing CVE-2023-1667 libssh: authorization bypass in pkiverifydatasignature CVE-2023-2283 For more...

6.5CVSS7.1AI score0.01314EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•87 views

Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CV...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•32 views

Moderate: yajl security update

Yet Another JSON Library YAJL is a small event-driven SAX-style JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: yajl: Memory leak in yajltreeparse function CVE-2023-33460 For more details about the security issues, including the impact, a CVSS score,...

6.5CVSS7.1AI score0.01129EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•36 views

Low: gmp security and enhancement update

The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point numbers. Security Fixes: gmp: Integer overflow and resultant buffer overflow via crafted input CVE-2021-43618 For more details about the security issues...

7.5CVSS7.7AI score0.03425EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/02 12:0 a.m.•28 views

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.113 and .NET Runtime 7.0.13...

6.5CVSS7.1AI score0.04661EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/02 12:0 a.m.•30 views

Critical: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and ICAP CVE-2023-46846 Fo...

9.3CVSS7.4AI score0.85944EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/02 12:0 a.m.•25 views

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documen...

8.8CVSS8.2AI score0.0468EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/02 12:0 a.m.•40 views

Critical: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and ICAP CVE-2023-46846...

9.3CVSS7.3AI score0.85944EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/11/01 12:0 a.m.•24 views

Moderate: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24...

6.5CVSS7.1AI score0.04661EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/01 12:0 a.m.•38 views

Moderate: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

5.5CVSS7AI score0.00437EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/01 12:0 a.m.•30 views

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.113 and .NET Runtime 7.0.13...

6.5CVSS6.6AI score0.04661EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/01 12:0 a.m.•37 views

Moderate: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24...

6.5CVSS6.6AI score0.04661EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/30 12:0 a.m.•50 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.4.0 ESR. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixe...

9.8CVSS8AI score0.01936EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2023/10/30 12:0 a.m.•30 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and...

9.8CVSS7.8AI score0.01936EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2023/10/30 12:0 a.m.•42 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.4.0 ESR. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixe...

9.8CVSS8.2AI score0.01936EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2023/10/30 12:0 a.m.•29 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and...

9.8CVSS8.1AI score0.01936EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2023/10/30 12:0 a.m.•44 views

Low: libguestfs-winsupport security update

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine VM disk images. Security Fixes: NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS imag...

7.8CVSS8.2AI score0.00347EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/25 12:0 a.m.•55 views

Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/24 12:0 a.m.•16 views

Moderate: toolbox security update

The rhel9/toolbox container image can be used with Toolbox to obtain AlmaLinux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the rhel9/toolbox image in...

7AI score
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/10/23 12:0 a.m.•27 views

Important: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

5.3CVSS7AI score0.0079EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/23 12:0 a.m.•46 views

Important: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS7AI score0.0079EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/23 12:0 a.m.•49 views

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS7AI score0.0079EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/23 12:0 a.m.•53 views

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS7AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/19 12:0 a.m.•67 views

Important: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

9.8CVSS9.5AI score0.08003EPSS
Exploits6References14
AlmaLinux
AlmaLinux
•added 2023/10/19 12:0 a.m.•73 views

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

9.8CVSS9.5AI score0.08003EPSS
Exploits6References14
AlmaLinux
AlmaLinux
•added 2023/10/19 12:0 a.m.•54 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/19 12:0 a.m.•59 views

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/19 12:0 a.m.•48 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•37 views

Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 For more details about the security issues, including the...

5.3CVSS7.1AI score0.014EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•43 views

Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

5.3CVSS6AI score0.014EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•57 views

Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 OpenJDK: certificate path...

5.3CVSS5.8AI score0.014EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•49 views

Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 OpenJDK: certificate path...

5.3CVSS5.8AI score0.014EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•43 views

Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 For more details about the security issues, including the...

5.3CVSS5.8AI score0.014EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•38 views

Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

5.3CVSS6AI score0.014EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•46 views

Important: nghttp2 security update

nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•65 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according t...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References10
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•58 views

Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CV...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•50 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulletin which...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References10
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•48 views

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•95 views

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References6
AlmaLinux
AlmaLinux
•added 2023/10/18 12:0 a.m.•90 views

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 golang: net/http, x/net/http2: rapid stream resets can cause...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References6
AlmaLinux
AlmaLinux
•added 2023/10/17 12:0 a.m.•33 views

Important: python-reportlab security update

Python-reportlab is a library used for generation of PDF documents. Security Fixes: python-reportlab: code injection in paraparser.py allows code execution CVE-2019-19450 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information...

9.8CVSS7.9AI score0.04452EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/17 12:0 a.m.•54 views

Important: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file...

9.8CVSS7.8AI score0.78483EPSS
Exploits6References6
AlmaLinux
AlmaLinux
•added 2023/10/17 12:0 a.m.•63 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulleti...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
Total number of security vulnerabilities5315