Lucene search
K
AlmalinuxRecent

5313 matches found

AlmaLinux
AlmaLinux
•added 2026/04/20 12:0 a.m.•11 views

Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

8.4CVSS6.2AI score0.00201EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•19 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

9.8CVSS6.7AI score0.01052EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•12 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.126 and .NET Runtime...

7.5CVSS6.3AI score0.02279EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•10 views

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

9.8CVSS6.2AI score0.01073EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•9 views

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

9.8CVSS6.2AI score0.01073EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•24 views

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/url:...

7.5CVSS5.3AI score0.00728EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•13 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK SDKVERSION and .NET Runtime...

7.5CVSS5.8AI score0.02279EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•15 views

Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.116 and .NET Runtime...

7.5CVSS5.8AI score0.02279EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•18 views

Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

7.5CVSS5.8AI score0.02279EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/16 12:0 a.m.•13 views

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution v...

7.5CVSS6.6AI score0.00426EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2026/04/15 12:0 a.m.•14 views

Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

7.8CVSS6.4AI score0.01162EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2026/04/15 12:0 a.m.•15 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/15 12:0 a.m.•6 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

8.7CVSS6.9AI score0.26356EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2026/04/15 12:0 a.m.•11 views

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 For...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2026/04/14 12:0 a.m.•7 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/14 12:0 a.m.•10 views

Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 For more details about the security...

5.9CVSS6.9AI score0.00368EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/14 12:0 a.m.•9 views

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/14 12:0 a.m.•13 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bound...

9.8CVSS6.6AI score0.01052EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2026/04/14 12:0 a.m.•9 views

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 For more details about the security issues, including the impact, a CVSS score,...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•5 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bound...

9.8CVSS6.6AI score0.01052EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•6 views

Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

9.8CVSS5.8AI score0.00604EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•11 views

Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•10 views

Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•9 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

8.7CVSS6.9AI score0.26356EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•6 views

Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

9.8CVSS5.8AI score0.00604EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•11 views

Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•9 views

Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...

9.8CVSS6.7AI score0.26356EPSS
Exploits1References36
AlmaLinux
AlmaLinux
•added 2026/04/13 12:0 a.m.•9 views

Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...

8.8CVSS7.9AI score0.00581EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/10 12:0 a.m.•9 views

Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: ws: be more explicit when handling hostnames on cli...

9.8CVSS5.8AI score0.142EPSS
Exploits3References3
AlmaLinux
AlmaLinux
•added 2026/04/09 12:0 a.m.•15 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details abou...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/09 12:0 a.m.•18 views

Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion...

9.8CVSS6.7AI score0.26356EPSS
Exploits1References38
AlmaLinux
AlmaLinux
•added 2026/04/09 12:0 a.m.•54 views

Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/08 12:0 a.m.•18 views

Important: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/08 12:0 a.m.•14 views

Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

9.8CVSS6.9AI score0.26356EPSS
Exploits2References20
AlmaLinux
AlmaLinux
•added 2026/04/08 12:0 a.m.•9 views

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more...

8.6CVSS5.8AI score0.00728EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2026/04/08 12:0 a.m.•7 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/08 12:0 a.m.•18 views

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/07 12:0 a.m.•8 views

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/07 12:0 a.m.•11 views

Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/07 12:0 a.m.•6 views

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP...

9.8CVSS6.5AI score0.00656EPSS
Exploits5References28
AlmaLinux
AlmaLinux
•added 2026/04/07 12:0 a.m.•6 views

Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2026/04/07 12:0 a.m.•9 views

Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

8.8CVSS7.8AI score0.00867EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2026/04/07 12:0 a.m.•9 views

Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

7.8CVSS6.2AI score0.01162EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2026/04/07 12:0 a.m.•10 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and...

10CVSS7.3AI score0.00773EPSS
Exploits0References80
AlmaLinux
AlmaLinux
•added 2026/04/06 12:0 a.m.•4 views

Moderate: crun security update

crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

7.8CVSS5.9AI score0.00159EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2026/04/06 12:0 a.m.•5 views

Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: nouveau: fix instmem race condition around ptr stores CVE-2024-26984 kernel: scsi: target: iscsi: Fix use-after-free in...

8.8CVSS6.6AI score0.00812EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2026/04/06 12:0 a.m.•12 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel net/mlx5: Use-after-free in ECVF vports unload leads to denial of service CVE-2025-38109 kernel: Kernel: Privilege escalation or denial of service in nftables via inverted...

7.8CVSS6.4AI score0.00812EPSS
Exploits8References10
AlmaLinux
AlmaLinux
•added 2026/04/06 12:0 a.m.•6 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nouveau: fix instmem race condition around ptr stores CVE-2024-26984 kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount CVE-2026-23193 kernel: kernel: Privilege...

8.8CVSS6.5AI score0.00812EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2026/04/06 12:0 a.m.•8 views

Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via malicious SFD file...

8.8CVSS7.4AI score0.00581EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2026/04/02 12:0 a.m.•5 views

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized...

8.2CVSS6.7AI score0.0218EPSS
Exploits0References4
Total number of security vulnerabilities5313