Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2022/10/24 12:0 a.m.•29 views

Important: libksba security update

KSBA pronounced Kasbah is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fixes: libksba: integer overflow may lead to remote code execution CVE-2022-3515 For more details about th...

9.8CVSS10AI score0.01635EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/10/20 12:0 a.m.•50 views

Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...

5.3CVSS6.7AI score0.02376EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2022/10/20 12:0 a.m.•28 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Security Fixes: Mozilla: Same-origin policy violation could have leaked cross-origin URLs CVE-2022-42927 Mozilla: Memory Corruption ...

8.8CVSS8.9AI score0.0083EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2022/10/20 12:0 a.m.•34 views

Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: excessive memory allocation in X.509 certificate parsing Security, 8286533 CVE-2022-21626 OpenJDK: HttpServer no connection count limit...

5.3CVSS6.2AI score0.02376EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2022/10/20 12:0 a.m.•38 views

Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...

5.3CVSS6.7AI score0.02376EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2022/10/20 12:0 a.m.•32 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Security Fixes: Mozilla: Same-origin policy violation could have leaked cross-origin URLs CVE-2022-42927 Mozilla: Memory Corruption ...

8.8CVSS8.9AI score0.0083EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2022/10/19 12:0 a.m.•54 views

Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...

5.3CVSS6.7AI score0.02376EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2022/10/19 12:0 a.m.•60 views

Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...

5.3CVSS6.7AI score0.02376EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2022/10/19 12:0 a.m.•41 views

Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: excessive memory allocation in X.509 certificate parsing Security, 8286533 CVE-2022-21626 OpenJDK: HttpServer no connection count limit...

5.3CVSS6.2AI score0.02376EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2022/10/18 12:0 a.m.•43 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security...

8.1CVSS8.6AI score0.01659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/18 12:0 a.m.•33 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score,...

5.1CVSS8.6AI score0.01659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/18 12:0 a.m.•39 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.17.1. Security Fixes: nodejs: weak randomness in WebCrypto keygen CVE-2022-35255...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/10/18 12:0 a.m.•31 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS8.6AI score0.01659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/18 12:0 a.m.•29 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security...

8.1CVSS8.6AI score0.01659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/17 12:0 a.m.•37 views

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. Security Fixes: nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodej...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/10/12 12:0 a.m.•39 views

Moderate: .NET 6.0 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10...

7.8CVSS7.5AI score0.01057EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/12 12:0 a.m.•40 views

Moderate: .NET 6.0 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10...

7.8CVSS7.5AI score0.01057EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/12 12:0 a.m.•32 views

Moderate: .NET Core 3.1 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30...

7.8CVSS7.5AI score0.01057EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/11 12:0 a.m.•42 views

Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

8.1CVSS8.5AI score0.01659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/11 12:0 a.m.•29 views

Moderate: gnutls and nettle security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...

7.5CVSS7.8AI score0.01492EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/06 12:0 a.m.•43 views

Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

8.6CVSS8.7AI score0.0282EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/06 12:0 a.m.•40 views

Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

8.1CVSS8.5AI score0.01659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/06 12:0 a.m.•38 views

Moderate: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 For more details about the security issues,...

7.5CVSS7.8AI score0.02191EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2022/10/04 12:0 a.m.•37 views

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

8.6CVSS8.4AI score0.0282EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/04 12:0 a.m.•42 views

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS8.1AI score0.02299EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/10/04 12:0 a.m.•48 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS8.1AI score0.02299EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/10/03 12:0 a.m.•44 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS8.1AI score0.02299EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/09/26 12:0 a.m.•30 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: Mozilla: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40959 Mozilla: Data-race when parsing...

8.8CVSS8.9AI score0.01342EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2022/09/26 12:0 a.m.•32 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 Mozilla: Bypassing FeaturePolicy...

8.8CVSS8.4AI score0.01342EPSS
Exploits0References22
AlmaLinux
AlmaLinux
•added 2022/09/26 12:0 a.m.•27 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: Mozilla: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40959 Mozilla: Data-race when parsing...

8.8CVSS8.9AI score0.01342EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2022/09/26 12:0 a.m.•49 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 Mozilla: Bypassing FeaturePolicy...

8.8CVSS8.4AI score0.01342EPSS
Exploits0References22
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•38 views

Moderate: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.36.7. Security Fixes: webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution CVE-2022-328...

8.8CVSS9.2AI score0.09785EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•84 views

Moderate: ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109428 Security Fixes: Ruby: Double free in Regexp compilati...

9.8CVSS8.1AI score0.04127EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•27 views

Moderate: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...

6.5CVSS6.3AI score0.00924EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•69 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For more details about the security issues, including the...

7.8CVSS7.4AI score0.05451EPSS
Exploits10References6
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•37 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For...

7.8CVSS7.5AI score0.05451EPSS
Exploits10References6
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•31 views

Moderate: dbus-broker security update

dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features...

7.5CVSS7.6AI score0.01749EPSS
Exploits4References6
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•28 views

Moderate: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: gpg: Signature spoofing via status line injection CVE-2022-34903 For more details about the security issues, including the impact, a CVSS...

6.5CVSS7.3AI score0.02551EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•41 views

Moderate: nodejs and nodejs-nodemon security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...

9.8CVSS7.7AI score0.77766EPSS
Exploits6References22
AlmaLinux
AlmaLinux
•added 2022/09/20 12:0 a.m.•41 views

Moderate: mysql security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.30. BZ2122589 Security Fixes: mysql: Server: Optimizer multiple...

6.5CVSS7.2AI score0.02092EPSS
Exploits0References90
AlmaLinux
AlmaLinux
•added 2022/09/15 12:0 a.m.•41 views

Moderate: .NET 6.0 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9...

7.5CVSS7.7AI score0.03074EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/15 12:0 a.m.•36 views

Moderate: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.36.7. Security Fixes: webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution CVE-2022-328...

8.8CVSS9.2AI score0.09785EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/15 12:0 a.m.•48 views

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References8
AlmaLinux
AlmaLinux
•added 2022/09/14 12:0 a.m.•39 views

Moderate: .NET 6.0 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9...

7.5CVSS7.7AI score0.03074EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/14 12:0 a.m.•44 views

Moderate: .NET Core 3.1 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29...

7.5CVSS7.7AI score0.03074EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•55 views

Moderate: mariadb:10.3 security and bug fix update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.35, galera 25.3.35. Security Fixes: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint...

7.8CVSS8.1AI score0.02458EPSS
Exploits27References72
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•67 views

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS...

5.5CVSS7.1AI score0.06451EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•51 views

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8CVSS8AI score0.08325EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•98 views

Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...

9.8CVSS8.2AI score0.04127EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•55 views

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS CVE-2022-21125 Incomplete cleanup in specific special regist...

5.5CVSS7.5AI score0.06451EPSS
Exploits0References8
Total number of security vulnerabilities5323