Advisory ROSA-SA-2025-3008

software: mono 6.12.0 WASP: ROSA-CHROME unaffected versions = mono-6.12.0-206.1 affected versions mono-6.12.0-206.1 CVE-ID: CVE-2021-24112 BDU-ID: 2021-00929 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the .NET Core software platform is related to insufficient input validation. Exploitation of t...

Advisory ROSA-SA-2025-2677

software: qt4 4.8.7 OS: ROSA-CHROME packageevrstring: qt4-4.8.7-18 CVE-ID: CVE-2023-32763 BDU-ID: 2023-03802 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the QTextLayout component of the Qt cross-platform software development framework is related to buffer copying without input validation...

Advisory ROSA-SA-2025-2579

software: suricata 6.0.20 WASP: ROSA-CHROME packageevrstring: suricata-6.0.20-2 CVE-ID: CVE-2024-45796 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Suricata allows an attacker to cause a failure in the reassembly of traffic fragments. CVE-STATUS: The vulnerability has been resolved...

Important: python3.12

Issue Overview: Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the...

Important: composer

Issue Overview: Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches fo...