Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•79 views

Moderate: nginx:1.20 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•160 views

Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•41 views

Moderate: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•87 views

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...

7.5CVSS7AI score0.99999EPSS
Exploits19References8
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•51 views

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•103 views

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...

7.5CVSS7AI score0.99999EPSS
Exploits19References6
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•57 views

Important: dotnet6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•68 views

Important: dotnet7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/16 12:0 a.m.•61 views

Important: dotnet6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
•added 2023/10/12 12:0 a.m.•42 views

Important: galera and mariadb security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

7.5CVSS7.5AI score0.02082EPSS
Exploits5References18
AlmaLinux
AlmaLinux
•added 2023/10/12 12:0 a.m.•88 views

Important: mariadb:10.5 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

7.5CVSS7.5AI score0.02082EPSS
Exploits5References18
AlmaLinux
AlmaLinux
•added 2023/10/12 12:0 a.m.•59 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.1AI score0.02626EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/09 12:0 a.m.•25 views

Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvp...

8.8CVSS7.4AI score0.49013EPSS
Exploits3References6
AlmaLinux
AlmaLinux
•added 2023/10/09 12:0 a.m.•88 views

Important: nodejs security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...

9.8CVSS7AI score0.01484EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/10/09 12:0 a.m.•30 views

Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvp...

8.8CVSS7.4AI score0.49013EPSS
Exploits3References6
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•109 views

Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

7.8CVSS7.8AI score0.81422EPSS
Exploits27References10
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•44 views

Important: python3.11 security update

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fixes: python: TLS handshake bypass CVE-2023-40217 For mo...

5.3CVSS7.2AI score0.0079EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•54 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.1AI score0.02626EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•54 views

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.1AI score0.02626EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•115 views

Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

7.8CVSS7.8AI score0.81422EPSS
Exploits27References10
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•37 views

Important: python3.11 security update

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fixes: python: TLS handshake bypass CVE-2023-40217 For mo...

5.3CVSS7.2AI score0.0079EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•41 views

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: vulnerable to OS command injection due to mishandles permission validatio...

7.8CVSS7.6AI score0.03236EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/10/05 12:0 a.m.•44 views

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS7AI score0.0079EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/10/04 12:0 a.m.•38 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Security Fixes: firefox: use-after-free in workers CVE-2023-3600 Mozilla: Out-of-bounds write in PathOps CVE-2023-5169 Mozilla: Use-after-free in Ion Compiler CVE-2023-5171 Mozilla:...

9.8CVSS8.5AI score0.49013EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2023/10/04 12:0 a.m.•54 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Security Fixes: firefox: use-after-free in workers CVE-2023-3600 Mozilla: Out-of-bounds write in PathOps CVE-2023-5169 Mozilla:...

9.8CVSS8.5AI score0.49013EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2023/09/26 12:0 a.m.•60 views

Important: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18. BZ2234409 Security Fixes: nodejs: Permissions policies can be bypassed via...

9.8CVSS9.2AI score0.02761EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2023/09/26 12:0 a.m.•42 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: out-of-bounds write in extractContigSamplesShifted16bits in tools/tiffcrop.c CVE-2023-0800 libtiff: out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c when called...

6.8CVSS7AI score0.00435EPSS
Exploits5References12
AlmaLinux
AlmaLinux
•added 2023/09/26 12:0 a.m.•71 views

Important: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18. BZ2223313, BZ2234404 Security Fixes: nodejs: Permissions policies can be bypasse...

9.8CVSS9.2AI score0.02761EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2023/09/26 12:0 a.m.•62 views

Important: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. BZ2233891 Security Fixes: nodejs: Permissions policies can be bypassed via...

9.8CVSS9.2AI score0.02761EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2023/09/20 12:0 a.m.•238 views

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...

8.8CVSS9AI score0.99735EPSS
Exploits9References4
AlmaLinux
AlmaLinux
•added 2023/09/20 12:0 a.m.•47 views

Important: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: SAML token signature bypass CVE-2023-20900 For...

7.5CVSS7.6AI score0.01193EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/20 12:0 a.m.•74 views

Important: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: SAML token signature bypass CVE-2023-20900 For...

7.5CVSS7.6AI score0.01193EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•38 views

Important: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

7.8CVSS8AI score0.01606EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•38 views

Moderate: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: amd: Cross-Process Information Leak CVE-2023-20593 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.5CVSS7AI score0.05794EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•35 views

Moderate: ncurses security update

The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo...

7.8CVSS7.2AI score0.00923EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•64 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests...

7.8CVSS7.4AI score0.05794EPSS
Exploits7References18
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•47 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Security Fixes: libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9AI score0.99735EPSS
Exploits9References4
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•90 views

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...

8.8CVSS9AI score0.99735EPSS
Exploits9References4
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•32 views

Moderate: dmidecode security update

The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface EFI, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version...

7.1CVSS6.6AI score0.00523EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•30 views

Important: frr security and bug fix update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router CVE-2023-38802 For mo...

7.5CVSS7.6AI score0.01437EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•48 views

Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/09/19 12:0 a.m.•53 views

Moderate: mariadb:10.3 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3. BZ2223572, BZ2223574, BZ2223962, BZ2223965 Security Fixes: mariadb: segmentation fault via the component subselect...

7.5CVSS7.5AI score0.02082EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2023/09/18 12:0 a.m.•39 views

Important: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router CVE-2023-38802 For mo...

7.5CVSS7.6AI score0.01437EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/18 12:0 a.m.•42 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.1 ESR. Security Fixes: libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 For more details about the security issues, including the...

8.8CVSS9.1AI score0.99735EPSS
Exploits9References4
AlmaLinux
AlmaLinux
•added 2023/09/18 12:0 a.m.•38 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Security Fixes: libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9AI score0.99735EPSS
Exploits9References4
AlmaLinux
AlmaLinux
•added 2023/09/18 12:0 a.m.•46 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.1 ESR. Security Fixes: libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 For more details about the security issues, including the...

8.8CVSS9.1AI score0.99735EPSS
Exploits9References4
AlmaLinux
AlmaLinux
•added 2023/09/13 12:0 a.m.•36 views

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11...

6.5CVSS6.4AI score0.04661EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/13 12:0 a.m.•33 views

Moderate: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22...

6.5CVSS6.8AI score0.04661EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/13 12:0 a.m.•42 views

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11...

6.5CVSS6.8AI score0.04661EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/13 12:0 a.m.•49 views

Moderate: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22...

6.5CVSS6.4AI score0.04661EPSS
Exploits0References4
Total number of security vulnerabilities5315