Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•41 views

Moderate: jackson security update

Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats. Security Fixes: jackson-databind: denial of service via a large dept...

7.5CVSS8.7AI score0.0486EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•57 views

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: the functions orderhostkeyalgs and listhostkeytypes leads to double-free vulnerabili...

6.5CVSS6.9AI score0.89955EPSS
Exploits10References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•76 views

Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.32. BZ2177731, BZ2177732 Security Fixes: mysql: Server: Security:...

7.5CVSS6.7AI score0.43131EPSS
Exploits0References76
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•88 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP...

8.8CVSS8.7AI score0.03763EPSS
Exploits13References82
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•56 views

Moderate: git security and bug fix update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

8.8CVSS7.4AI score0.02938EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•116 views

Low: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...

5.9CVSS7AI score0.02511EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•65 views

Moderate: git-lfs security and bug fix update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang:...

7.5CVSS7.2AI score0.05623EPSS
Exploits4References22
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•77 views

Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.1.14. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

9.8CVSS8.9AI score0.49336EPSS
Exploits6References12
AlmaLinux
AlmaLinux
•added 2023/05/04 12:0 a.m.•47 views

Important: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and...

8.1CVSS8.2AI score0.02559EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/04 12:0 a.m.•27 views

Important: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

7.5CVSS7.1AI score0.01175EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/02 12:0 a.m.•44 views

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...

7.5CVSS6.9AI score0.00952EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/02 12:0 a.m.•30 views

Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: command injection vulnerability in org-mode CVE-2023-28617 For more details about the...

7.8CVSS8.2AI score0.00469EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/02 12:0 a.m.•32 views

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...

7.5CVSS6.9AI score0.00952EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/25 12:0 a.m.•74 views

Important: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.6AI score0.02474EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2023/04/25 12:0 a.m.•50 views

Important: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.6AI score0.02474EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2023/04/24 12:0 a.m.•25 views

Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: command injection vulnerability in org-mode CVE-2023-28617 For more details about the...

7.8CVSS8.2AI score0.00469EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/20 12:0 a.m.•39 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: use-after-free leads to arbitrary code execution CVE-2023-28205 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.8CVSS9.1AI score0.27076EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/20 12:0 a.m.•46 views

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.6AI score0.02474EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2023/04/20 12:0 a.m.•59 views

Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.6AI score0.02474EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2023/04/20 12:0 a.m.•29 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: use-after-free leads to arbitrary code execution CVE-2023-28205 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.8CVSS9.1AI score0.27076EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/19 12:0 a.m.•49 views

Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.6AI score0.02474EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2023/04/19 12:0 a.m.•59 views

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.6AI score0.02474EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2023/04/17 12:0 a.m.•28 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

8.8CVSS8.3AI score0.01185EPSS
Exploits0References24
AlmaLinux
AlmaLinux
•added 2023/04/17 12:0 a.m.•33 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

8.8CVSS8.3AI score0.01185EPSS
Exploits0References24
AlmaLinux
AlmaLinux
•added 2023/04/14 12:0 a.m.•41 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fixes: MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp BZ2186102 Mozilla: Fullscreen notification obscured CVE-2023-295...

8.8CVSS9.1AI score0.00741EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2023/04/14 12:0 a.m.•38 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fixes: MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp BZ2186102 Mozilla: Fullscreen notification obscured CVE-2023-295...

8.8CVSS9.1AI score0.00741EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2023/04/12 12:0 a.m.•40 views

Important: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.3. Security Fixes: decode-uri-component: improper input validation resulting i...

8.6CVSS7.8AI score0.24928EPSS
Exploits4References16
AlmaLinux
AlmaLinux
•added 2023/04/11 12:0 a.m.•32 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: FUSE filesystem low-privileged user privileges escalation CVE-2023-0386 For more details about the security issues, including the...

7.8CVSS7.9AI score0.0788EPSS
Exploits14References4
AlmaLinux
AlmaLinux
•added 2023/04/11 12:0 a.m.•41 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP multi-header compression denial of service CVE-2023-23916 For more details about the security issues, including...

6.5CVSS7.2AI score0.01703EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/04/11 12:0 a.m.•35 views

Moderate: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more...

8CVSS6.7AI score0.0152EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/04/11 12:0 a.m.•56 views

Moderate: haproxy security update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: segfault DoS CVE-2023-0056 haproxy: request smuggling attack in HTTP/1 header parsing CVE-2023-25725 For more details about the security issues, including...

9.1CVSS8.1AI score0.05493EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/04/11 12:0 a.m.•48 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: FUSE filesystem low-privileged user privileges escalation CVE-2023-0386 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.8CVSS7.7AI score0.0788EPSS
Exploits14References4
AlmaLinux
AlmaLinux
•added 2023/04/06 12:0 a.m.•74 views

Important: httpd and mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

9.8CVSS9.3AI score0.8377EPSS
Exploits5References4
AlmaLinux
AlmaLinux
•added 2023/04/06 12:0 a.m.•65 views

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

9.8CVSS9.3AI score0.8377EPSS
Exploits5References4
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•23 views

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: webpack: avoid cross-realm objects CVE-2023-28154 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

9.8CVSS9.2AI score0.01421EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•22 views

Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7.8CVSS7.5AI score0.0044EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•22 views

Important: pesign security update

The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Security Fixes: pesign: Local privilege escalation on pesign systemd service CVE-2022-3560 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

5.5CVSS6AI score0.00245EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•56 views

Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1. Security Fixes: glob-parent: Regular Expression Denial of Service...

8.6CVSS8AI score0.02209EPSS
Exploits5References18
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•24 views

Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7.8CVSS7.5AI score0.0044EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•24 views

Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more...

8CVSS6.7AI score0.0152EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•47 views

Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...

7.4CVSS7.8AI score0.01403EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•42 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF...

7.9CVSS7.6AI score0.0788EPSS
Exploits14References10
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•40 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

7.5CVSS7.4AI score0.02023EPSS
Exploits3References14
AlmaLinux
AlmaLinux
•added 2023/04/04 12:0 a.m.•130 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: FUSE filesystem low-privileged user...

7.9CVSS8.3AI score0.0788EPSS
Exploits14References10
AlmaLinux
AlmaLinux
•added 2023/03/27 12:0 a.m.•55 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-026...

7.9CVSS7.4AI score0.03702EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/03/27 12:0 a.m.•52 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: net: CPU soft lockup in TC mirred...

7.9CVSS7.4AI score0.03702EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/03/22 12:0 a.m.•32 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fixes: Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 CVE-2023-28176 Mozill...

8.8CVSS9.1AI score0.00713EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2023/03/22 12:0 a.m.•36 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fixes: Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 CVE-2023-28176 Mozill...

8.8CVSS9.2AI score0.00713EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2023/03/22 12:0 a.m.•81 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...

7.5CVSS7.5AI score0.59501EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/03/21 12:0 a.m.•44 views

Important: nss security and bug fix update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths large...

8.8CVSS7.7AI score0.00817EPSS
Exploits0References4
Total number of security vulnerabilities5323