Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2024/04/17 1:35 p.m.•138 views

Advisory ROSA-SA-2024-2400

Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...

9.1CVSS7.7AI score0.05493EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/02/28 10:34 a.m.•114 views

Advisory ROSA-SA-2023-2127

Software: openssh 7.4 OS: rosa-server79 packageevrstring: openssh-7.4p1-21 CVE-ID: CVE-2023-25136 BDU-ID: 2023-00711 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the options.kexalgorithms component of the OpenSSH cryptographic security tool server is associated with a memory re-release error...

6.5CVSS7.2AI score0.89955EPSS
Exploits10
Rosalinux
Rosalinux
•added 2021/07/02 6:6 p.m.•107 views

Advisory ROSA-SA-2021-1966

Software: ruby 2.0.0.648 OS: Cobalt 7.9 CVE-ID: CVE-2012-6684 CVE-Crit: MEDIUM CVE-DESC: A cross-site scripting XSS vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. CVE-STATUS: default CVE-REV:...

9.8CVSS9.3AI score0.07511EPSS
Exploits14
Rosalinux
Rosalinux
•added 2024/10/03 8:11 p.m.•101 views

Advisory ROSA-SA-2024-2479

Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.1.res7.10 CVE-ID: CVE-2023-46728 BDU-ID: 2024-01221 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacke...

8.6CVSS7.3AI score0.88864EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/11 2:30 p.m.•90 views

Advisory ROSA-SA-2023-2189

Software: kernel-ml 5.15.117 OS: rosa-server79 packageevrstring: kernel-ml-5.15.117-1.res7 CVE-ID: CVE-2023-31085 BDU-ID: 2023-02516 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the mtddivbyeb function in the include/linux/mtd/mtd/mtd.h module of the Linux operating system kernel is related to...

9.8CVSS8.1AI score0.46428EPSS
Exploits9
Rosalinux
Rosalinux
•added 2024/02/20 9:39 a.m.•88 views

Advisory ROSA-SA-2024-2354

Software: shim-signed 15 OS: rosa-server79 packageevrstring: shim-signed-15-8.0.1.res7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the UEFI shim bootloader due to failure to take measures to neutralize special elements. Exploitation of the...

8.3CVSS8.5AI score0.04852EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 5:27 a.m.•85 views

Advisory ROSA-SA-2023-2262

Software: openvswitch 2.16.1 OS: ROSA-CHROME packageevrstring: openvswitch-2.16.1-3.src.rpm CVE-ID: CVE-2019-25076 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The TSS Tuple Space Search algorithm in Open vSwitch versions 2.x-2.17.2 and 3.0.0 allows remote attackers to cause denial of service delayin...

9.8CVSS8.1AI score0.01836EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 4:36 p.m.•85 views

Advisory ROSA-SA-2021-1818

Software: curl 7.29.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-4545 CVE-Crit: CRITICAL CVE-DESC: cURL and libcurl from 7.18.0 through 7.32.0 when built with OpenSSL disables validation of CN and SAN certificate name fields CURLOPTSSLVERIFYHOST when digital signature validation CURLOPTSSLVERIFYPEER is...

9.8CVSS9.8AI score0.09327EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:57 p.m.•83 views

Advisory ROSA-SA-2021-1950

Software: php 5.4.16 OS: Cobalt 7.9 CVE-ID: CVE-2011-4718 CVE-Crit: MEDIUM CVE-DESC: A session commit vulnerability in the session subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2011-4718...

7.5CVSS9.4AI score0.22319EPSS
Exploits11
Rosalinux
Rosalinux
•added 2024/02/20 9:38 a.m.•82 views

Advisory ROSA-SA-2024-2353

Software: shim 15 OS: rosa-server79 packageevrstring: shim-15-8.0.1.el7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could...

8.3CVSS8.5AI score0.04852EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/04/25 11:30 a.m.•82 views

Advisory ROSA-SA-2023-2158

Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: 2.4.6-98.7 CVE-ID: CVE-2021-40438 BDU-ID: 2021-04820 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

9.8CVSS8.3AI score0.99999EPSS
Exploits14
Rosalinux
Rosalinux
•added 2023/04/18 12:9 p.m.•82 views

Advisory ROSA-SA-2023-2155

Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: 1.15.7 CVE-ID: CVE-2020-11993 BDU-ID: 2021-00779 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Apache HTTP Server's implementation of the HTTP/2 web server mechanism is related to inconsistent interpretation of http...

9.8CVSS8.9AI score0.8377EPSS
Exploits8
Rosalinux
Rosalinux
•added 2024/03/12 8:35 a.m.•81 views

Advisory ROSA-SA-2024-2370

software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2007-3670 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An argument injection vulnerability in Microsoft Internet Explorer when running on systems with Firefox installed and registered specific URIs allow...

10CVSS8.6AI score0.29355EPSS
Exploits9
Rosalinux
Rosalinux
•added 2023/08/29 11:57 a.m.•78 views

Advisory ROSA-SA-2023-2222

Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1-19.rv3.src.rpm CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security to...

9.8CVSS10AI score0.76768EPSS
Exploits10
Rosalinux
Rosalinux
•added 2023/07/11 11:9 a.m.•78 views

Advisory ROSA-SA-2023-2184

Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-8.rv3.src.rpm CVE-ID: CVE-2020-36329 BDU-ID: 2021-03101 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to memory usage after memory is freed...

9.8CVSS9AI score0.02319EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/11/10 6:20 a.m.•77 views

Advisory ROSA-SA-2025-3064

Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 unaffected versions = libwebp-1.0.0.0-10.0.1.rv3 affected versions libwebp-1.0.0.0-10.0.1.rv3 CVE-ID: CVE-2023-4863 BDU-ID: TO600, TO601, TO675, TO797, TO826 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the libwebp library for WebP image...

8.8CVSS9.1AI score0.99735EPSS
Exploits9
Rosalinux
Rosalinux
•added 2024/03/12 12:37 p.m.•77 views

Advisory ROSA-SA-2024-2371

software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2011-0064 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The hbbufferensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory reallocatio...

9.3CVSS7.9AI score0.13983EPSS
Exploits3
Rosalinux
Rosalinux
•added 2024/04/23 12:20 p.m.•76 views

Advisory ROSA-SA-2024-2408

Software: xz 5.2.4 OS: ROSA Virtualization 2.1 packageevrstring: xz-5.2.4-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process...

10CVSS9.6AI score0.85974EPSS
Exploits40
Rosalinux
Rosalinux
•added 2023/03/21 12:45 p.m.•76 views

Advisory ROSA-SA-2023-2134

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-35603 BDU-ID: None CVE-Crit: LOW CVE-DESC: A vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE component: JSSE. A...

7.1CVSS6AI score0.14839EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:5 a.m.•74 views

Advisory ROSA-SA-2023-2269

Software: vsftpd 3.0.5 OS: ROSA-CHROME packageevrstring: vsftpd-3.0.5-1.src.rpm CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...

7.4CVSS6.7AI score0.02037EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 4:34 p.m.•73 views

Advisory ROSA-SA-2021-1809

Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...

8.8CVSS6.8AI score0.38611EPSS
Exploits12
Rosalinux
Rosalinux
•added 2023/04/25 11:49 a.m.•72 views

Advisory ROSA-SA-2023-2159

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the...

9.8CVSS8.9AI score0.90039EPSS
Exploits3
Rosalinux
Rosalinux
•added 2025/09/09 10:46 a.m.•69 views

Advisory ROSA-SA-2025-2983

software: qt6-qtbase 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtbase-6.8.3-3 affected versions qt6-qtbase-6.8.3-3 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCore cross-platform software...

9.2CVSS6.3AI score0.00403EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/03/05 8:46 a.m.•69 views

Advisory ROSA-SA-2024-2366

Software: openssl 1.1.1v OS: ROSA-CHROME packageevrstring: openssl-1.1.1.1v-1.src.rpm CVE-ID: CVE-2023-2650 BDU-ID: 2023-03652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an...

7.5CVSS7.4AI score0.73461EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/05/03 11:17 a.m.•69 views

Advisory ROSA-SA-2023-2161

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...

9.8CVSS8.8AI score0.90407EPSS
Exploits6
Rosalinux
Rosalinux
•added 2023/04/25 12:2 p.m.•69 views

Advisory ROSA-SA-2023-2160

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2021-36160 BDU-ID: 2021-06099 CVE-Crit: HIGH CVE-DESC: A vulnerability in the modproxyuwsgi function of the Apache HTTP Server web server is related to reading data outside of the specified buffer. Exploitatio...

9.8CVSS8.1AI score0.99999EPSS
Exploits10
Rosalinux
Rosalinux
•added 2021/07/02 5:39 p.m.•69 views

Advisory ROSA-SA-2021-1940

Software: openvpn 2.4.9 OS: Cobalt 7.9 CVE-ID: CVE-2020-11462 CVE-Crit: HIGH CVE-DESC: The issue was found in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. When the full-featured RPC2 interface is enabled, a temporary management interface DoS state can be reached when sending an XML...

9.8CVSS7.3AI score0.02251EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/20 9:45 a.m.•68 views

Advisory ROSA-SA-2024-2355

Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...

8.8CVSS6.6AI score0.00416EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/17 12:3 p.m.•68 views

Advisory ROSA-SA-2023-2245

Software: bind 9.11.26 OS: ROSA Virtualization 2.1 packageevrstring: bind-9.11.26-6.rv3.src.rpm CVE-ID: CVE-2019-6470 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: There was a bug in a function in one of the ISC BIND libraries that dhcpd used when running in DHCPv6 mode. There was also a bug in dhcpd's...

7.5CVSS7.4AI score0.08813EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:11 p.m.•68 views

Advisory ROSA-SA-2021-1979

Software: subversion 1.7.14 OS: Cobalt 7.9 CVE-ID: CVE-2014-3504 CVE-Crit: HIGH CVE-DESC: The functions 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate in Serf 0.2.0 - 1.3.x through 1.3.7 incorrectly handle the NUL byte in the domain name in the subject common name. CN in...

8CVSS8.3AI score0.30216EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/23 12:23 p.m.•67 views

Advisory ROSA-SA-2024-2409

Software: xz 5.2.2 OS: rosa-server79 packageevrstring: xz-5.2.2.2-2 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts...

10CVSS9.6AI score0.85974EPSS
Exploits40
Rosalinux
Rosalinux
•added 2024/03/05 9:0 a.m.•67 views

Advisory ROSA-SA-2024-2367

software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...

9.8CVSS6.2AI score0.02944EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/30 8:26 a.m.•67 views

Advisory ROSA-SA-2024-2332

Software: glibc 2.28 OS: ROSA Virtualization 2.1 packageevrstring: glibc-2.28-225.rv3.src.rpm CVE-ID: CVE-2023-4527 BDU-ID: 2023-06332 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the glibc system library is related to reading data outside of buffer boundaries in...

7.8CVSS8.2AI score0.81422EPSS
Exploits28
Rosalinux
Rosalinux
•added 2024/03/26 11:18 a.m.•65 views

Advisory ROSA-SA-2024-2379

software: curl 8.4.0 WASP: ROSA-CHROME packageevrstring: curl-8.4.0-1.src.rpm CVE-ID: CVE-2023-38545 BDU-ID: 2023-06576 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SOCKS5 protocol implementation of the cURL command line utility is related to an operation exceeding buffer boundaries in memory...

9.8CVSS8.1AI score0.78483EPSS
Exploits6
Rosalinux
Rosalinux
•added 2023/02/14 1:1 p.m.•65 views

Advisory ROSA-SA-2023-2113

Software: kernel 3.10.0-1160.83.1.el7 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-0179 BDU-ID: 2023-00383 CVE-Crit: HIGH CVE-DESC: A vulnerability in the netfilter component of the Linux operating system kernel is related to a stack buffer overflow in nftables...

7.8CVSS8AI score0.01944EPSS
Exploits5
Rosalinux
Rosalinux
•added 2024/02/27 9:1 a.m.•64 views

Advisory ROSA-SA-2024-2359

software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16-1.src.rpm CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access delimitation flaws...

8.8CVSS8.8AI score0.01572EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/02/28 10:13 a.m.•64 views

Advisory ROSA-SA-2023-2125

Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-common-1.20.4-16. CVE-ID: CVE-2023-0494 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be used b...

7.8CVSS8.3AI score0.00899EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/05/19 5:10 p.m.•63 views

Advisory ROSA-SA-2025-2862

Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 packageevrstring: kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2023-52864 BDU-ID: 2024-10416 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the wmicharopen function of the Linux operating system kernel is related to the driver not binding to a devi...

7.8CVSS10AI score0.28058EPSS
Exploits16
Rosalinux
Rosalinux
•added 2025/04/11 10:8 p.m.•63 views

Advisory ROSA-SA-2025-2835

Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 2.1 packageevrstring: bind-dyndb-ldap-11.6-5.rv3 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithm...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/03/26 11:47 a.m.•63 views

Advisory ROSA-SA-2024-2382

Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.3.res7 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiatio...

5.9CVSS7.8AI score0.93305EPSS
Exploits4
Rosalinux
Rosalinux
•added 2024/02/20 9:31 a.m.•62 views

Advisory ROSA-SA-2024-2351

Software: xorg-x11-server 0.19.4 OS: rosa-server79 packageevrstring: xorg-x11-server-0.19.4-2.res7 CVE-ID: CVE-2023-6816 BDU-ID: 2024-00405 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related ...

9.8CVSS10AI score0.02106EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/21 4:49 p.m.•62 views

Advisory ROSA-SA-2023-2258

software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-3.src.rpm CVE-ID: CVE-2020-9484 BDU-ID: 2020-03620 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PersistenceManager component of the Apache Tomcat application server is related to the recovery of invalid data in memory...

8.6CVSS8.9AI score0.75353EPSS
Exploits21
Rosalinux
Rosalinux
•added 2025/09/09 10:46 a.m.•61 views

Advisory ROSA-SA-2025-2984

software: qt6-qtimageformats 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtimageformats-6.8.3-2 affected versions qt6-qtimageformats-6.8.3-2 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCor...

9.2CVSS6.3AI score0.00403EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/20 8:52 a.m.•61 views

Advisory ROSA-SA-2024-2348

Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.0.1.res7.11 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...

8.6CVSS7.7AI score0.00872EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:16 a.m.•61 views

Advisory ROSA-SA-2023-2272

software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...

9.8CVSS6.8AI score0.162EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/09/05 9:40 a.m.•61 views

Advisory ROSA-SA-2023-2229

Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.res7 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool is related to...

9.8CVSS7.5AI score0.76768EPSS
Exploits10
Rosalinux
Rosalinux
•added 2022/01/27 1:18 p.m.•61 views

Advisory ROSA-SA-2022-2012

Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...

7.8CVSS8.2AI score0.94921EPSS
Exploits152
Rosalinux
Rosalinux
•added 2024/02/06 8:15 a.m.•60 views

Advisory ROSA-SA-2024-2338

Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3.src.rpm CVE-ID: CVE-2022-0561 BDU-ID: 2022-05790 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TIFFFetchStripThing function of the tifdirread.c component of the LibTIFF library is related to pointer...

8.8CVSS8AI score0.01542EPSS
Exploits5
Rosalinux
Rosalinux
•added 2023/11/21 12:45 p.m.•60 views

Advisory ROSA-SA-2023-2296

software: redis 7.0.12 OS: ROSA-CHROME packageevrstring: redis-7.0.12-1.src.rpm CVE-ID: CVE-2022-24834 BDU-ID: 2023-07213 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory...

9.8CVSS8.5AI score0.80919EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/21 3:52 p.m.•60 views

Advisory ROSA-SA-2023-2254

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-27447 BDU-ID: 2022-06909 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Binarystring::freebuffer function of the /sql/sqlstring.h component of the MariaDB DBMS is related to memory usage after...

7.5CVSS7.1AI score0.02246EPSS
Exploits11
Total number of security vulnerabilities1374