Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2022/12/15 12:0 a.m.•56 views

Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: nodejs: Improper handling of URI Subject...

9.8CVSS7.9AI score0.21514EPSS
Exploits3References16
AlmaLinux
AlmaLinux
•added 2022/12/15 12:0 a.m.•45 views

Important: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...

9.8CVSS1.7AI score0.99615EPSS
Exploits7References4
AlmaLinux
AlmaLinux
•added 2022/12/06 12:0 a.m.•48 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1. BZ2142809, BZ2142830, BZ2142834, BZ2142856 Security Fixes: nodejs-minimatch...

8.1CVSS8.2AI score0.14024EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/12/06 12:0 a.m.•38 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1, nodejs-nodemon 2.0.20. BZ2142818 Security Fixes: nodejs-minimatch: ReDoS vi...

8.1CVSS8.3AI score0.14024EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/28 12:0 a.m.•67 views

Important: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

8.8CVSS9.4AI score0.06419EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/28 12:0 a.m.•38 views

Important: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

8.8CVSS9.4AI score0.06419EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/28 12:0 a.m.•27 views

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: Request Forgery Vulnerability CVE-2022-45060 For more details about th...

7.5CVSS7.6AI score0.00936EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/28 12:0 a.m.•24 views

Important: varnish:6 security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: Request Forgery Vulnerability CVE-2022-45060 For more details about th...

7.5CVSS7.6AI score0.00936EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/22 12:0 a.m.•32 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen...

9.8CVSS9.8AI score0.01061EPSS
Exploits0References28
AlmaLinux
AlmaLinux
•added 2022/11/21 12:0 a.m.•51 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404 Mozilla:...

9.8CVSS9.8AI score0.01061EPSS
Exploits0References28
AlmaLinux
AlmaLinux
•added 2022/11/21 12:0 a.m.•36 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404 Mozilla:...

9.8CVSS9.8AI score0.01061EPSS
Exploits0References28
AlmaLinux
AlmaLinux
•added 2022/11/21 12:0 a.m.•34 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen...

9.8CVSS9.8AI score0.01061EPSS
Exploits0References28
AlmaLinux
AlmaLinux
•added 2022/11/16 12:0 a.m.•62 views

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.8AI score0.00603EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/16 12:0 a.m.•35 views

Important: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.8AI score0.00603EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•81 views

Moderate: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22628 webkitgtk: Buffer overflow leading to...

8.8CVSS9.1AI score0.03668EPSS
Exploits1References24
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•47 views

Moderate: rsync security and bug fix update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

9.8CVSS9.7AI score0.1593EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•75 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file CVE-2022-0562 libtiff: reachable...

7.7CVSS7.4AI score0.01542EPSS
Exploits10References22
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•87 views

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36516 use-after-free vulnerability in function scosocksendmsg CVE-2021-3640 smb2ioctlqueryinfo NULL pointer dereferenc...

7.8CVSS7.8AI score0.12746EPSS
Exploits30References63
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•29 views

Important: dpdk security and bug fix update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...

8.6CVSS7.8AI score0.0188EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•48 views

Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

7.5CVSS7.8AI score0.0198EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•101 views

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...

7.5CVSS8.3AI score0.06975EPSS
Exploits7References18
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•31 views

Moderate: ignition security, bug fix, and enhancement update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

6.5CVSS7AI score0.01158EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•50 views

Moderate: php security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.20. BZ2095752 Security Fixes: php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in...

9.8CVSS9.6AI score0.03437EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•99 views

Moderate: skopeo security and bug fix update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: containers/storage: DoS via malicious image CVE-2021-20291 golang: math/big.Rat: may cause a panic or an unrecoverable fatal erro...

7.5CVSS7.5AI score0.034EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•37 views

Moderate: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

4.3CVSS7AI score0.0099EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•25 views

Low: speex security update

Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates. Security Fixes: speex: divide by zero in readsamples via crafted WAV file CVE-2020-23903 For more details about the security issues, including the impact, a CVSS...

5.5CVSS5.6AI score0.0094EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•25 views

Moderate: fribidi security update

FriBidi is a library to handle bidirectional scripts for example Hebrew, Arabic, so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fixes: fribidi: Stack based buffer overflow CVE-2022-25308 fribidi: Heap-buffer-overflow in...

7.8CVSS7.2AI score0.00508EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•30 views

Moderate: flac security update

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files...

5.5CVSS5.7AI score0.00465EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•56 views

Low: redis security and bug fix update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

7.8CVSS7.3AI score0.02189EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•17 views

Moderate: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: exception handling and impedance match in tornadorequests CVE-2022-3500 For more details about the security issues, including the impact, a CVSS score,...

5.1CVSS5.7AI score0.00247EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•37 views

Low: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible...

7.1CVSS6.9AI score0.00331EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•21 views

Moderate: gimp security and enhancement update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: buffer...

5.5CVSS6AI score0.00721EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•30 views

Moderate: qt5 security and bug fix update

The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform application framework. Security Fixes: qt: QProcess could execute a binary from the current working directory when not found in the PATH CVE-2022-25255 For more details about the security issues, including the impact, a...

7.8CVSS7.7AI score0.00334EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•43 views

Moderate: yajl security update

Yet Another JSON Library YAJL is a small event-driven SAX-style JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: yajl: heap-based buffer overflow when handling large inputs due to an integer overflow CVE-2022-24795 For more details about the security issues,...

7.5CVSS8AI score0.03472EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•91 views

Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

9.8CVSS8.8AI score0.90407EPSS
Exploits2References22
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•56 views

Moderate: python3.9 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

8CVSS7.8AI score0.07017EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•55 views

Moderate: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: protobuf: Incorrect...

6.5CVSS5.9AI score0.0266EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•30 views

Low: wavpack security update

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fixes: wavpack: Heap out-of-bounds read in WavpackPackSamples CVE-2021-44269 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS5.4AI score0.01155EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•32 views

Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: A logic error in the Hints::Hints function can cause denial of service CVE-2022-27337 For more details about the security issues, including the impact, a CVSS score,...

6.5CVSS6.6AI score0.01547EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•30 views

Moderate: dovecot security and enhancement update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

8.8CVSS9.1AI score0.01748EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•29 views

Low: openjpeg2 security update

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fixes: openjpeg: segmentation fault in opj2decompress due to uninitialized pointer CVE-2022-1122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.5CVSS5.9AI score0.01078EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•42 views

Low: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: bad local IPv6 connection reuse CVE-2022-27775 For more details about the security issues, including the impact, a CV...

7.5CVSS7.7AI score0.02794EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•24 views

Moderate: e2fsprogs security update

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fixes: e2fsprogs: out-of-bounds read/write via crafted filesystem CVE-2022-1304 For more details about the security issues, including the impact, ...

7.8CVSS7.8AI score0.01382EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•29 views

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc CVE-2022-33068 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

5.5CVSS6.1AI score0.01134EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•37 views

Moderate: freetype security update

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fixes: FreeType: Buffer overflow in sfntinitface CVE-2022-27404 FreeType: Segmentation violation via FNTSizeRequest CVE-2022-27405...

9.8CVSS9AI score0.03243EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•29 views

Low: libguestfs security, bug fix, and enhancement update

The libguestfs packages contain a library used for accessing and modifying virtual machine disk images. Security Fixes: libguestfs: Buffer overflow in getkeys leads to DoS CVE-2022-2211 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

6.5CVSS6.6AI score0.00774EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•36 views

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

7.8CVSS7.8AI score0.00606EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•57 views

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36516 use-after-free vulnerability in function scosocksendmsg...

7.8CVSS7.9AI score0.12746EPSS
Exploits30References63
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•33 views

Low: mingw-gcc security and bug fix update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: gcc: uncontrolled recursion in libiberty/rust-demangle.c CVE-2021-46195 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS5.7AI score0.00779EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•32 views

Moderate: libldb security, bug fix, and enhancement update

The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb 2.5.2. BZ2077490 Security Fixes: samba: AD users can induce a use-after-free ...

5.4CVSS6.9AI score0.01064EPSS
Exploits0References4
Total number of security vulnerabilities5323