CVE coverage

Rocky Linux 9 CVE list & vulnerability tracker

Noxen pulls Rocky Linux 9 CVE data from the same upstream sources that Red Hat publishes against (RHEL 9 binary-compatible). NVD provides the upstream advisory; OSV's Red Hat ecosystem feed provides the rpm-level fix versions.

Live

Headline numbers

Total CVE records (all distros)Loading…
Last buildLoading…
OSV records (RH ecosystem + others)Loading…
NVD records (cross-platform)Loading…

How matching works

What Noxen does for a Rocky 9 host

Reads /etc/os-release to confirm Rocky Linux 9.x.
Reads rpm -qa for installed packages, including epoch and release.
Filters the local feed cache to OSV records tagged with ecosystem Red Hat:9 or Rocky Linux:9, plus NVD records whose CPE matches the installed packages.
Compares installed vs fix versions using rpm version semantics (epoch:version-release).
Emits findings only where installed version is strictly older than fix.

Live listings

Top recent critical CVEs (Red Hat ecosystem)

Most-recently-published critical CVEs in the Red Hat ecosystem (RHEL/Rocky/AlmaLinux). Auto-deduped to one row per CVE ID.

Loading…

Top recent high-severity CVEs (Red Hat ecosystem)

Loading…

New to severity terminology? CVE, CVSS, CWE, and CPE are explained in the blog.

Notable

Recent CVEs that Rocky 9 homelabs care about

CVE-2024-6387 (regreSSHion) — OpenSSH pre-auth RCE. Patched via Red Hat security errata.
CVE-2024-1086 (nf_tables UAF) — Linux kernel privilege-escalation, in KEV. RHEL 9 / Rocky 9 ship a backport.
CVE-2024-3094 (xz backdoor) — Rocky 9 / RHEL 9 stable were on a clean xz version.

Scan a Rocky fleet with Noxen

Add your Rocky 9 hosts via your existing ~/.ssh/config; Noxen reads rpm package state and matches against the live feed. $79 one-time at launch.