5 matches found
Advisory ROSA-SA-2024-2535
software: cacti 1.2.25 AXIS: ROSA-CHROME packageevrstring: cacti-1.2.25-2 CVE-ID: CVE-2023-46490 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A SQL injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in managers.php. CVE-STATU...
Advisory ROSA-SA-2024-2407
software: xz 5.2.9 AXIS: ROSA-CHROME packageevrstring: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extrac...
Advisory ROSA-SA-2024-2337
software: flatpak 1.14.4 AXIS: ROSA-CHROME packageevrstring: flatpak-1.14.4-1.src.rpm CVE-ID: CVE-2023-28100 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: If the Flatpak application runs on a Linux virtual console, such as /dev/tty1, it can copy text from the virtual console and paste it into a comman...
Advisory ROSA-SA-2024-2336
software: hiredis 0.13.3 AXIS: ROSA-CHROME packageevrstring: hiredis-0.13.3-2.src.rpm CVE-ID: CVE-2021-32765 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In vulnerable versions, Hiredis is vulnerable to integer overflow if provided with maliciously crafted or corrupted RESP mult-bulk protocol data. Whe...
Advisory ROSA-SA-2023-2227
software: buildah 1.30.0 AXIS: ROSA-CHROME packageevrstring: buildah-1.30.0-2.src.rpm CVE-ID: CVE-2022-27651 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There was a bug in the build that caused containers to incorrectly start with non-empty default permissions. A bug was discovered in Moby Docker...