157 matches found
Advisory ROSA-SA-2021-2005
Software: zsh 5.0.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-10070 CVE-Crit: HIGH CVE-DESC: zsh before 5.0.7 allows the initial values of integer variables imported from the environment to be evaluated instead of treating them as literal numbers. This may allow local privilege escalation under some specif...
Advisory ROSA-SA-2021-2004
Software: zlib 1.2.7 OS: Cobalt 7.9 CVE-ID: CVE-2013-0296 CVE-Crit: HIGH CVE-DESC: race condition in pigz before 2.2.5 uses permissions derived from umask when compressing a file before setting that file's permissions to match those of the source file, which may allow local users to bypass implie...
Advisory ROSA-SA-2021-2003
Software: yum-utils 1.1.31 OS: Cobalt 7.9 CVE-ID: CVE-2018-10897 CVE-Crit: HIGH CVE-DESC: A directory traversal issue was discovered in reposync, part of yum-utils, where reposync cannot clear paths in remote repository configuration files. If an attacker controls the repository, they can copy...
Advisory ROSA-SA-2021-2002
Software: yum 3.4.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-1910 CVE-Crit: CRITICAL CVE-DESC: yum mishandles bad metadata, allowing an attacker to cause a denial of service and possibly other undefined impact via a Trojan horse file in the metadata of a remote repository. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-2001
Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...
Advisory ROSA-SA-2021-2000
Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1999
Software: xchat 2.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2011-5129 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service failure and possibly execute arbitrary code using a long response string. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1998
Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...
Advisory ROSA-SA-2021-1996
Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...
Advisory ROSA-SA-2021-1995
Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...
Advisory ROSA-SA-2021-1994
Software: vorbis-tools 1.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9638 CVE-Crit: MEDIUM CVE-DESC: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service division-by-zero error and crash via a WAV file with the number of channels set to zero. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1993
Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1992
Software: util-linux 2.23.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-5224 CVE-Crit: CRITICAL CVE-DESC: The mkostemp function in login-utils in util-linux, when misused, allows remote attackers to cause file name conflict and possibly other attacks. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2016-501...
Advisory ROSA-SA-2021-1991
Software: unzip 6.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9913 CVE-Crit: MEDIUM CVE-DESC: Buffer overflow in listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service failure using vectors associated with the compression method. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1987
Software: tigervnc 1.8.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-26117 CVE-Crit: HIGH CVE-DESC: In the files rfb / CSecurityTLS.cxx and rfb / CSecurityTLS.java in TigerVNC before 1.11.0, the viewers do not handle TLS certificate exceptions correctly. They store certificates as authoritative sources, whic...
Advisory ROSA-SA-2021-1985
Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...
Advisory ROSA-SA-2021-1983
Software: talk 0.17 OS: Cobalt 7.9 CVE-ID: CVE-2018-3781 CVE-Crit: MEDIUM CVE-DESC: The lack of cleanup of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to persistence of XSS requiring user interaction. The lack of cleanup only affected usernames, so malicious search...
Advisory ROSA-SA-2021-1982
Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...
Advisory ROSA-SA-2021-1981
Software: sysstat 10.1.5 OS: Cobalt 7.9 CVE-ID: CVE-2019-16167 CVE-Crit: MEDIUM CVE-DESC: sysstat before 12.1.6 has memory corruption due to an integer overflow in remapstruct in sacommon.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-19725 CVE-Crit: CRITICAL CVE-DESC: sysstat before...
Advisory ROSA-SA-2021-1980
Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...