Lucene search
K

157 matches found

Rosalinux
Rosalinux
added 2021/07/02 6:22 p.m.24 views

Advisory ROSA-SA-2021-2005

Software: zsh 5.0.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-10070 CVE-Crit: HIGH CVE-DESC: zsh before 5.0.7 allows the initial values of integer variables imported from the environment to be evaluated instead of treating them as literal numbers. This may allow local privilege escalation under some specif...

9.8CVSS8.8AI score0.02633EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.12 views

Advisory ROSA-SA-2021-2004

Software: zlib 1.2.7 OS: Cobalt 7.9 CVE-ID: CVE-2013-0296 CVE-Crit: HIGH CVE-DESC: race condition in pigz before 2.2.5 uses permissions derived from umask when compressing a file before setting that file's permissions to match those of the source file, which may allow local users to bypass implie...

4.4CVSS6.2AI score0.0034EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.18 views

Advisory ROSA-SA-2021-2003

Software: yum-utils 1.1.31 OS: Cobalt 7.9 CVE-ID: CVE-2018-10897 CVE-Crit: HIGH CVE-DESC: A directory traversal issue was discovered in reposync, part of yum-utils, where reposync cannot clear paths in remote repository configuration files. If an attacker controls the repository, they can copy...

9.3CVSS8AI score0.0571EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.39 views

Advisory ROSA-SA-2021-2002

Software: yum 3.4.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-1910 CVE-Crit: CRITICAL CVE-DESC: yum mishandles bad metadata, allowing an attacker to cause a denial of service and possibly other undefined impact via a Trojan horse file in the metadata of a remote repository. CVE-STATUS: default CVE-REV:...

9.8CVSS8.9AI score0.02496EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.23 views

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

8.8CVSS9.1AI score0.03256EPSS
Exploits1
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.35 views

Advisory ROSA-SA-2021-2000

Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...

8.8CVSS9.1AI score0.04157EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.19 views

Advisory ROSA-SA-2021-1999

Software: xchat 2.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2011-5129 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service failure and possibly execute arbitrary code using a long response string. CVE-STATUS: default CVE-REV:...

5CVSS7.8AI score0.07696EPSS
Exploits1
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.46 views

Advisory ROSA-SA-2021-1998

Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...

8.1CVSS7.2AI score0.05372EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:19 p.m.38 views

Advisory ROSA-SA-2021-1996

Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...

8.1CVSS8.3AI score0.07499EPSS
Exploits7
Rosalinux
Rosalinux
added 2021/07/02 6:19 p.m.46 views

Advisory ROSA-SA-2021-1995

Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...

7.8CVSS6.3AI score0.03044EPSS
Exploits12
Rosalinux
Rosalinux
added 2021/07/02 6:19 p.m.19 views

Advisory ROSA-SA-2021-1994

Software: vorbis-tools 1.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9638 CVE-Crit: MEDIUM CVE-DESC: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service division-by-zero error and crash via a WAV file with the number of channels set to zero. CVE-STATUS: default CVE-REV:...

5.5CVSS5.6AI score0.03793EPSS
Exploits6
Rosalinux
Rosalinux
added 2021/07/02 6:19 p.m.24 views

Advisory ROSA-SA-2021-1993

Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...

5.5CVSS5.8AI score0.00504EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:18 p.m.40 views

Advisory ROSA-SA-2021-1992

Software: util-linux 2.23.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-5224 CVE-Crit: CRITICAL CVE-DESC: The mkostemp function in login-utils in util-linux, when misused, allows remote attackers to cause file name conflict and possibly other attacks. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2016-501...

9.8CVSS6.9AI score0.04526EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:18 p.m.35 views

Advisory ROSA-SA-2021-1991

Software: unzip 6.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9913 CVE-Crit: MEDIUM CVE-DESC: Buffer overflow in listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service failure using vectors associated with the compression method. CVE-STATUS: default CVE-REV:...

7.8CVSS7.9AI score0.30469EPSS
Exploits2
Rosalinux
Rosalinux
added 2021/07/02 6:17 p.m.28 views

Advisory ROSA-SA-2021-1987

Software: tigervnc 1.8.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-26117 CVE-Crit: HIGH CVE-DESC: In the files rfb / CSecurityTLS.cxx and rfb / CSecurityTLS.java in TigerVNC before 1.11.0, the viewers do not handle TLS certificate exceptions correctly. They store certificates as authoritative sources, whic...

8.1CVSS8AI score0.0306EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:15 p.m.32 views

Advisory ROSA-SA-2021-1985

Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...

9.8CVSS7.2AI score0.05342EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 6:14 p.m.23 views

Advisory ROSA-SA-2021-1983

Software: talk 0.17 OS: Cobalt 7.9 CVE-ID: CVE-2018-3781 CVE-Crit: MEDIUM CVE-DESC: The lack of cleanup of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to persistence of XSS requiring user interaction. The lack of cleanup only affected usernames, so malicious search...

9.9CVSS4.8AI score0.01668EPSS
Exploits1
Rosalinux
Rosalinux
added 2021/07/02 6:13 p.m.42 views

Advisory ROSA-SA-2021-1982

Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...

10CVSS8.3AI score0.55116EPSS
Exploits18
Rosalinux
Rosalinux
added 2021/07/02 6:12 p.m.29 views

Advisory ROSA-SA-2021-1981

Software: sysstat 10.1.5 OS: Cobalt 7.9 CVE-ID: CVE-2019-16167 CVE-Crit: MEDIUM CVE-DESC: sysstat before 12.1.6 has memory corruption due to an integer overflow in remapstruct in sacommon.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-19725 CVE-Crit: CRITICAL CVE-DESC: sysstat before...

9.8CVSS8.1AI score0.02762EPSS
Exploits2
Rosalinux
Rosalinux
added 2021/07/02 6:12 p.m.28 views

Advisory ROSA-SA-2021-1980

Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...

7.8CVSS6.5AI score0.01066EPSS
Exploits2
Rows per page
Query Builder