1374 matches found
Advisory ROSA-SA-2024-2400
Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...
Advisory ROSA-SA-2023-2127
Software: openssh 7.4 OS: rosa-server79 packageevrstring: openssh-7.4p1-21 CVE-ID: CVE-2023-25136 BDU-ID: 2023-00711 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the options.kexalgorithms component of the OpenSSH cryptographic security tool server is associated with a memory re-release error...
Advisory ROSA-SA-2021-1966
Software: ruby 2.0.0.648 OS: Cobalt 7.9 CVE-ID: CVE-2012-6684 CVE-Crit: MEDIUM CVE-DESC: A cross-site scripting XSS vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2024-2479
Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.1.res7.10 CVE-ID: CVE-2023-46728 BDU-ID: 2024-01221 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacke...
Advisory ROSA-SA-2023-2189
Software: kernel-ml 5.15.117 OS: rosa-server79 packageevrstring: kernel-ml-5.15.117-1.res7 CVE-ID: CVE-2023-31085 BDU-ID: 2023-02516 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the mtddivbyeb function in the include/linux/mtd/mtd/mtd.h module of the Linux operating system kernel is related to...
Advisory ROSA-SA-2024-2354
Software: shim-signed 15 OS: rosa-server79 packageevrstring: shim-signed-15-8.0.1.res7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the UEFI shim bootloader due to failure to take measures to neutralize special elements. Exploitation of the...
Advisory ROSA-SA-2023-2262
Software: openvswitch 2.16.1 OS: ROSA-CHROME packageevrstring: openvswitch-2.16.1-3.src.rpm CVE-ID: CVE-2019-25076 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The TSS Tuple Space Search algorithm in Open vSwitch versions 2.x-2.17.2 and 3.0.0 allows remote attackers to cause denial of service delayin...
Advisory ROSA-SA-2021-1818
Software: curl 7.29.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-4545 CVE-Crit: CRITICAL CVE-DESC: cURL and libcurl from 7.18.0 through 7.32.0 when built with OpenSSL disables validation of CN and SAN certificate name fields CURLOPTSSLVERIFYHOST when digital signature validation CURLOPTSSLVERIFYPEER is...
Advisory ROSA-SA-2021-1950
Software: php 5.4.16 OS: Cobalt 7.9 CVE-ID: CVE-2011-4718 CVE-Crit: MEDIUM CVE-DESC: A session commit vulnerability in the session subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2011-4718...
Advisory ROSA-SA-2024-2353
Software: shim 15 OS: rosa-server79 packageevrstring: shim-15-8.0.1.el7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2158
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: 2.4.6-98.7 CVE-ID: CVE-2021-40438 BDU-ID: 2021-04820 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2023-2155
Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: 1.15.7 CVE-ID: CVE-2020-11993 BDU-ID: 2021-00779 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Apache HTTP Server's implementation of the HTTP/2 web server mechanism is related to inconsistent interpretation of http...
Advisory ROSA-SA-2024-2370
software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2007-3670 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An argument injection vulnerability in Microsoft Internet Explorer when running on systems with Firefox installed and registered specific URIs allow...
Advisory ROSA-SA-2023-2222
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1-19.rv3.src.rpm CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security to...
Advisory ROSA-SA-2023-2184
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-8.rv3.src.rpm CVE-ID: CVE-2020-36329 BDU-ID: 2021-03101 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to memory usage after memory is freed...
Advisory ROSA-SA-2025-3064
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 unaffected versions = libwebp-1.0.0.0-10.0.1.rv3 affected versions libwebp-1.0.0.0-10.0.1.rv3 CVE-ID: CVE-2023-4863 BDU-ID: TO600, TO601, TO675, TO797, TO826 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the libwebp library for WebP image...
Advisory ROSA-SA-2024-2371
software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2011-0064 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The hbbufferensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory reallocatio...
Advisory ROSA-SA-2024-2408
Software: xz 5.2.4 OS: ROSA Virtualization 2.1 packageevrstring: xz-5.2.4-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process...
Advisory ROSA-SA-2023-2134
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-35603 BDU-ID: None CVE-Crit: LOW CVE-DESC: A vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE component: JSSE. A...
Advisory ROSA-SA-2023-2269
Software: vsftpd 3.0.5 OS: ROSA-CHROME packageevrstring: vsftpd-3.0.5-1.src.rpm CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2021-1809
Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...
Advisory ROSA-SA-2023-2159
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2025-2983
software: qt6-qtbase 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtbase-6.8.3-3 affected versions qt6-qtbase-6.8.3-3 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCore cross-platform software...
Advisory ROSA-SA-2024-2366
Software: openssl 1.1.1v OS: ROSA-CHROME packageevrstring: openssl-1.1.1.1v-1.src.rpm CVE-ID: CVE-2023-2650 BDU-ID: 2023-03652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2023-2161
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...
Advisory ROSA-SA-2023-2160
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2021-36160 BDU-ID: 2021-06099 CVE-Crit: HIGH CVE-DESC: A vulnerability in the modproxyuwsgi function of the Apache HTTP Server web server is related to reading data outside of the specified buffer. Exploitatio...
Advisory ROSA-SA-2021-1940
Software: openvpn 2.4.9 OS: Cobalt 7.9 CVE-ID: CVE-2020-11462 CVE-Crit: HIGH CVE-DESC: The issue was found in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. When the full-featured RPC2 interface is enabled, a temporary management interface DoS state can be reached when sending an XML...
Advisory ROSA-SA-2024-2355
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...
Advisory ROSA-SA-2023-2245
Software: bind 9.11.26 OS: ROSA Virtualization 2.1 packageevrstring: bind-9.11.26-6.rv3.src.rpm CVE-ID: CVE-2019-6470 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: There was a bug in a function in one of the ISC BIND libraries that dhcpd used when running in DHCPv6 mode. There was also a bug in dhcpd's...
Advisory ROSA-SA-2021-1979
Software: subversion 1.7.14 OS: Cobalt 7.9 CVE-ID: CVE-2014-3504 CVE-Crit: HIGH CVE-DESC: The functions 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate in Serf 0.2.0 - 1.3.x through 1.3.7 incorrectly handle the NUL byte in the domain name in the subject common name. CN in...
Advisory ROSA-SA-2024-2409
Software: xz 5.2.2 OS: rosa-server79 packageevrstring: xz-5.2.2.2-2 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts...
Advisory ROSA-SA-2024-2367
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...
Advisory ROSA-SA-2024-2332
Software: glibc 2.28 OS: ROSA Virtualization 2.1 packageevrstring: glibc-2.28-225.rv3.src.rpm CVE-ID: CVE-2023-4527 BDU-ID: 2023-06332 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the glibc system library is related to reading data outside of buffer boundaries in...
Advisory ROSA-SA-2024-2379
software: curl 8.4.0 WASP: ROSA-CHROME packageevrstring: curl-8.4.0-1.src.rpm CVE-ID: CVE-2023-38545 BDU-ID: 2023-06576 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SOCKS5 protocol implementation of the cURL command line utility is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2023-2113
Software: kernel 3.10.0-1160.83.1.el7 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-0179 BDU-ID: 2023-00383 CVE-Crit: HIGH CVE-DESC: A vulnerability in the netfilter component of the Linux operating system kernel is related to a stack buffer overflow in nftables...
Advisory ROSA-SA-2024-2359
software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16-1.src.rpm CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access delimitation flaws...
Advisory ROSA-SA-2023-2125
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-common-1.20.4-16. CVE-ID: CVE-2023-0494 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be used b...
Advisory ROSA-SA-2025-2862
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 packageevrstring: kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2023-52864 BDU-ID: 2024-10416 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the wmicharopen function of the Linux operating system kernel is related to the driver not binding to a devi...
Advisory ROSA-SA-2025-2835
Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 2.1 packageevrstring: bind-dyndb-ldap-11.6-5.rv3 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithm...
Advisory ROSA-SA-2024-2382
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.3.res7 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiatio...
Advisory ROSA-SA-2024-2351
Software: xorg-x11-server 0.19.4 OS: rosa-server79 packageevrstring: xorg-x11-server-0.19.4-2.res7 CVE-ID: CVE-2023-6816 BDU-ID: 2024-00405 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related ...
Advisory ROSA-SA-2023-2258
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-3.src.rpm CVE-ID: CVE-2020-9484 BDU-ID: 2020-03620 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PersistenceManager component of the Apache Tomcat application server is related to the recovery of invalid data in memory...
Advisory ROSA-SA-2025-2984
software: qt6-qtimageformats 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtimageformats-6.8.3-2 affected versions qt6-qtimageformats-6.8.3-2 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCor...
Advisory ROSA-SA-2024-2348
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.0.1.res7.11 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...
Advisory ROSA-SA-2023-2272
software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...
Advisory ROSA-SA-2023-2229
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.res7 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool is related to...
Advisory ROSA-SA-2022-2012
Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...
Advisory ROSA-SA-2024-2338
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3.src.rpm CVE-ID: CVE-2022-0561 BDU-ID: 2022-05790 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TIFFFetchStripThing function of the tifdirread.c component of the LibTIFF library is related to pointer...
Advisory ROSA-SA-2023-2296
software: redis 7.0.12 OS: ROSA-CHROME packageevrstring: redis-7.0.12-1.src.rpm CVE-ID: CVE-2022-24834 BDU-ID: 2023-07213 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory...
Advisory ROSA-SA-2023-2254
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-27447 BDU-ID: 2022-06909 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Binarystring::freebuffer function of the /sql/sqlstring.h component of the MariaDB DBMS is related to memory usage after...