Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•34 views

Moderate: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodi...

8.1CVSS7.4AI score0.77766EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•51 views

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8CVSS8AI score0.08325EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•98 views

Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...

9.8CVSS8.2AI score0.04127EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2022/09/13 12:0 a.m.•68 views

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS...

5.5CVSS7.1AI score0.06451EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/09/06 12:0 a.m.•64 views

Important: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: local root privilege escalation in the virtual...

7.8CVSS7.8AI score0.0054EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/06 12:0 a.m.•36 views

Important: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: local root privilege escalation in the virtual...

7.8CVSS7.8AI score0.0054EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/01 12:0 a.m.•22 views

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: obtaining an authentication token for hacluster user could lead to privilege escalation CVE-2022-2735 For more details about the security issues, including the impact, a CVS...

7.8CVSS8.1AI score0.00299EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/09/01 12:0 a.m.•19 views

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: obtaining an authentication token for hacluster user could lead to privilege escalation CVE-2022-2735 For more details about the security issues, including the impact, a CVS...

7.8CVSS8.1AI score0.00299EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/08/30 12:0 a.m.•105 views

Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification...

10CVSS8.8AI score0.95764EPSS
Exploits6References12
AlmaLinux
AlmaLinux
•added 2022/08/29 12:0 a.m.•30 views

Important: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

9.8CVSS9.3AI score0.01052EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•32 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have...

8.8CVSS8.9AI score0.00905EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•21 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-3847...

8.8CVSS8.9AI score0.00905EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•22 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have...

8.8CVSS8.9AI score0.00905EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•60 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP compression denial of service CVE-2022-32206 curl: FTP-KRB bad message verification CVE-2022-32208 For more...

6.5CVSS8.2AI score0.3197EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•27 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-3847...

8.8CVSS8.9AI score0.00905EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•49 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP compression denial of service CVE-2022-32206 curl: Unpreserved file permissions CVE-2022-32207 curl: FTP-KRB bad...

9.8CVSS8.2AI score0.3197EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•41 views

Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

7.4CVSS7.9AI score0.0165EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/08/24 12:0 a.m.•61 views

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.1CVSS8.4AI score0.03437EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/08/15 12:0 a.m.•36 views

Moderate: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8...

5.9CVSS6.5AI score0.0192EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/08/15 12:0 a.m.•27 views

Moderate: .NET Core 3.1 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28...

5.9CVSS6.5AI score0.0192EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/08/10 12:0 a.m.•37 views

Moderate: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8...

5.9CVSS6.5AI score0.0192EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/08/09 12:0 a.m.•44 views

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: information leak in scsiioctl CVE-2022-0494 use-after-free in tcnewtfilter in net/sched/clsapi.c CVE-2022-1055 For more details about the...

8.6CVSS6.9AI score0.005EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2022/08/09 12:0 a.m.•81 views

Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.11, mariadb 10.5.16, mysql-selinux 1.0.5. Security Fixes: mariadb: MariaDB through 10.5.9 allows attackers to trigge...

7.8CVSS8AI score0.02458EPSS
Exploits29References74
AlmaLinux
AlmaLinux
•added 2022/08/09 12:0 a.m.•36 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Out-of-bounds Write CVE-2022-1785 vim: out-of-bounds write in vimregsubboth in regexp.c CVE-2022-1897 vim: buffer over-read in utfptr2char in mbyte.c CVE-2022-1927 For more details about the security issues,...

7.8CVSS8.1AI score0.01601EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2022/08/09 12:0 a.m.•50 views

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: information leak in scsiioctl CVE-2022-0494 use-after-free in tcnewtfilter in net/sched/clsapi.c CVE-2022-1055 For more details about the security issues, including the impact, a CVSS score,...

8.6CVSS7AI score0.005EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2022/08/04 12:0 a.m.•28 views

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9.1AI score0.5838EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2022/08/03 12:0 a.m.•48 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: a use-after-free write in the netfilter subsystem can lead to...

8.2CVSS7.1AI score0.02972EPSS
Exploits6References6
AlmaLinux
AlmaLinux
•added 2022/08/03 12:0 a.m.•89 views

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: the crehash script allows command...

10CVSS8.7AI score0.95764EPSS
Exploits6References8
AlmaLinux
AlmaLinux
•added 2022/08/03 12:0 a.m.•26 views

Moderate: pcre2 security update

The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fixes: pcre2: Out-of-bounds read in compilexclassmatchingpath in pcre2jitcompile.c CVE-2022-15...

9.1CVSS2AI score0.02993EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/08/03 12:0 a.m.•54 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Out-of-bounds Write CVE-2022-1785 vim: out-of-bounds write in vimregsubboth in regexp.c CVE-2022-1897 vim: buffer over-read in utfptr2char in mbyte.c CVE-2022-1927 For more details about the security issues,...

7.8CVSS3.6AI score0.01601EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2022/08/02 12:0 a.m.•72 views

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

8.2CVSS7.6AI score0.02701EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2022/08/02 12:0 a.m.•41 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: a...

8.2CVSS7.3AI score0.02972EPSS
Exploits6References6
AlmaLinux
AlmaLinux
•added 2022/08/02 12:0 a.m.•57 views

Moderate: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: sending crafted message could result in DoS CVE-2022-0918...

7.5CVSS1.4AI score0.05914EPSS
Exploits3References6
AlmaLinux
AlmaLinux
•added 2022/08/02 12:0 a.m.•50 views

Moderate: mariadb:10.5 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.11, mariadb 10.5.16. Security Fixes: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint...

7.8CVSS8AI score0.02458EPSS
Exploits29References74
AlmaLinux
AlmaLinux
•added 2022/08/01 12:0 a.m.•69 views

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization...

7.5CVSS7.2AI score0.01875EPSS
Exploits3References20
AlmaLinux
AlmaLinux
•added 2022/08/01 12:0 a.m.•29 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 CVE-2022-2505 Mozilla: Directory indexes for bundled...

8.8CVSS8.4AI score0.00748EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/08/01 12:0 a.m.•33 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 CVE-2022-2505 Mozilla: Directory indexes for bundled...

8.8CVSS8.4AI score0.00748EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/08/01 12:0 a.m.•111 views

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in...

7.5CVSS1.1AI score0.03222EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/08/01 12:0 a.m.•76 views

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stac...

7.5CVSS7.2AI score0.01875EPSS
Exploits3References20
AlmaLinux
AlmaLinux
•added 2022/08/01 12:0 a.m.•40 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.12.0. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 CVE-2022-2505 Mozilla: Directory indexes for bundled resources reflected URL parameters CVE-2022-36318...

8.8CVSS8.4AI score0.00748EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2022/07/27 12:0 a.m.•39 views

Important: java-17-openjdk security, bug fix, and enhancement update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-17-openjdk 17.0.4.0.8. BZ2084779 Security Fixes: OpenJDK: integer truncation issue in Xalan-J...

7.5CVSS7.1AI score0.17673EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2022/07/26 12:0 a.m.•38 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: OAuth account takeover CVE-2022-31107 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7.7AI score0.02039EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/07/26 12:0 a.m.•28 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: OAuth account takeover CVE-2022-31107 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7.7AI score0.02039EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/07/25 12:0 a.m.•52 views

Important: java-11-openjdk security, bug fix, and enhancement update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk 11.0.16.0.8. BZ2084777 Security Fixes: OpenJDK: integer truncation issue in Xalan-J...

7.5CVSS7.1AI score0.17673EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2022/07/25 12:0 a.m.•48 views

Important: java-1.8.0-openjdk security, bug fix, and enhancement update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk 1.8.0.342.b07. BZ2084776 Security Fixes: OpenJDK: integer truncation issue in...

7.5CVSS7.1AI score0.17673EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2022/07/25 12:0 a.m.•54 views

Important: java-1.8.0-openjdk security, bug fix, and enhancement update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk 1.8.0.342.b07. BZ2084648 Security Fixes: OpenJDK: integer truncation issue in...

7.5CVSS7.2AI score0.17673EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2022/07/21 12:0 a.m.•44 views

Important: java-11-openjdk security, bug fix, and enhancement update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk 11.0.16.0.8. BZ2084649 Security Fixes: OpenJDK: integer truncation issue in Xalan-J...

7.5CVSS7.2AI score0.17673EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2022/07/18 12:0 a.m.•124 views

Important: pandoc security update

Pandoc is a markdown/markup conversion tool. The version of pandoc in AlmaLinux 8 CRB uses cmark-gfm GitHub's extended version of the C reference implementation of CommonMark for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which...

9.8CVSS9.7AI score0.04192EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2022/07/13 12:0 a.m.•77 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: race condition in perfeventopen leads to privilege escalation CVE-2022-1729 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7CVSS0.1AI score0.0031EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/07/13 12:0 a.m.•61 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: race condition in perfeventopen leads to privilege escalation CVE-2022-1729 For more details about the security issues, including...

7CVSS7.9AI score0.0031EPSS
Exploits0References4
Total number of security vulnerabilities5323