18 matches found
Advisory ROSA-SA-2024-2535
software: cacti 1.2.25 AXIS: ROSA-CHROME packageevrstring: cacti-1.2.25-2 CVE-ID: CVE-2023-46490 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A SQL injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in managers.php. CVE-STATU...
Advisory ROSA-SA-2024-2478
software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...
Advisory ROSA-SA-2024-2477
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...
Advisory ROSA-SA-2024-2461
software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-20 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems loader is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2460
software: gnuplot 5.4.10 OS: ROSA-CHROME packageevrstring: gnuplot-5.4.10-1 CVE-ID: CVE-2020-25412 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: comline in command.c in gnuplot causes writes outside the memory buffer from strncpy, which may lead to arbitrary code execution. CVE-STATUS: Fixed CVE-REV...
Advisory ROSA-SA-2024-2453
Software: e2fsprogs 1.46.6 WASP: ROSA-CHROME packageevrstring: e2fsprogs-1.46.6-1 CVE-ID: CVE-2022-1304 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read/write vulnerability outside the allocated area has been detected in e2fsprogs. This issue leads to a segmentation error and possible execution of...
Advisory ROSA-SA-2024-2452
software: redis 7.0.14 OS: ROSA-CHROME packageevrstring: redis-7.0.14-1 CVE-ID: CVE-2023-41053 BDU-ID: 2023-05475 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system is related to insecure privilege management. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2425
software: aspell 0.60.8 WASP: ROSA-CHROME packageevrstring: aspell-0.60.8-3 CVE-ID: CVE-2019-25051 BDU-ID: None CVE-Crit: N/A CVE-DESC.: objstack in GNU Aspell has a heap buffer overflow in acommon::ObjStack::duptop CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update aspell...
Advisory ROSA-SA-2024-2414
software: upx 4.2.1 OS: ROSA-CHROME packageevrstring: upx-4.2.1-1 CVE-ID: CVE-2023-23456 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack in the file ptmt.cpp. This thread allows an attacker to cause a denial of service interrupt using...
Advisory ROSA-SA-2024-2400
Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...
Advisory ROSA-SA-2024-2337
software: flatpak 1.14.4 AXIS: ROSA-CHROME packageevrstring: flatpak-1.14.4-1.src.rpm CVE-ID: CVE-2023-28100 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: If the Flatpak application runs on a Linux virtual console, such as /dev/tty1, it can copy text from the virtual console and paste it into a comman...
Advisory ROSA-SA-2024-2335
software: xterm 386 WASP: ROSA-CHROME packageevrstring: xterm-386-1.src.rpm CVE-ID: CVE-2023-40359 BDU-ID: 2023-07914 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting ReGIS Reporting feature of the XTerm terminal emulator is related to an operation exceeding...
Advisory ROSA-SA-2024-2321
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...
Advisory ROSA-SA-2023-2319
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...
Advisory ROSA-SA-2023-2311
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...
Advisory ROSA-SA-2023-2248
software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...
Advisory ROSA-SA-2023-2216
software: subversion 1.14.2 OS: ROSA-CHROME packageevrstring: subversion-1.14.2-1.src.rpm CVE-ID: CVE-2020-17525 BDU-ID: 2022-00306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrect handling of reques...
Advisory ROSA-SA-2023-2208
software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-38431 BDU-ID: 2023-03952 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ksmbdconnhandlerloop function in the fs/smb/server/connection.c module of the KSMBD file system of the...