1374 matches found
Advisory ROSA-SA-2025-2624
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-6 CVE-ID: CVE-2024-25062 BDU-ID: 2024-01415 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to memory usage after it is...
Advisory ROSA-SA-2024-2530
Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...
Advisory ROSA-SA-2024-2525
Software: nghttp2 1.33.0 OS: rosa-server79 packageevrstring: nghttp2-1.33.0-1.3.res7 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established...
Advisory ROSA-SA-2024-2509
Software: freeradius 3.0.13 OS: rosa-server79 packageevrstring: freeradius-3.0.13-15.0.1.res7 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through...
Advisory ROSA-SA-2024-2448
Software: pcre2 10.32 OS: ROSA Virtualization 2.1 packageevrstring: pcre2-10.32 CVE-ID: CVE-2022-1587 BDU-ID: 2023-02635 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2jitcompile.c function of the PCRE2 regular expression library is related to reading outside of the allowed data buffer...
Advisory ROSA-SA-2024-2431
Software: lua 5.3.4 OS: ROSA Virtualization 2.1 packageevrstring: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in luaresume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...
Advisory ROSA-SA-2024-2430
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux M...
Advisory ROSA-SA-2024-2387
Software: slapi-nis 0.56.6 OS: ROSA Virtualization 2.1 packageevrstring: slapi-nis-0.56.6-2.rv3 CVE-ID: CVE-2021-3480 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dereferencing a null pointer during DN binding analysis could allow an unauthenticated attacker to cause the 389-ds-base directory server to...
Advisory ROSA-SA-2024-2380
Software: rpm 4.14.3 OS: ROSA Virtualization 2.1 packageevrstring: rpm-4.14.3-26.rv3 CVE-ID: CVE-2021-3521 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a flaw in RPM's proprietary functionality. OpenPGP connections are bound to the primary key via a "binding signature". RPM does not verify t...
Advisory ROSA-SA-2023-2315
Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14583 BDU-ID: 2020-03866 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libraries component of the Oracle Java SE and Oracle Java SE Embedded software platform...
Advisory ROSA-SA-2023-2249
software: xrdp 0.9.22.1 OS: ROSA-CHROME packageevrstring: xrdp-0.9.22.1-1.src.rpm CVE-ID: CVE-2022-23468 BDU-ID: 2022-07312 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the xrdploginwndcreate function of the XRDP server involves buffer copying without checking the size of the input data...
Advisory ROSA-SA-2023-2217
Software: libmicrohttpd 0.9.76 OS: ROSA-CHROME packageevrstring: libmicrohttpd-0.9.76-1.src.rpm CVE-ID: CVE-2023-27371 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: GNU libmicrohttpd before version 0.9.76 allowed remote DoS denial of service due to improper multipart/form-data boundary parsing in the...
Advisory ROSA-SA-2021-2001
Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...
Advisory ROSA-SA-2021-1981
Software: sysstat 10.1.5 OS: Cobalt 7.9 CVE-ID: CVE-2019-16167 CVE-Crit: MEDIUM CVE-DESC: sysstat before 12.1.6 has memory corruption due to an integer overflow in remapstruct in sacommon.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-19725 CVE-Crit: CRITICAL CVE-DESC: sysstat before...
Advisory ROSA-SA-2021-1931
Software: nmap 6.40 OS: Cobalt 7.9 CVE-ID: CVE-2018-15173 CVE-Crit: HIGH CVE-DESC: Nmap through 7.70, when the -sV parameter is used, allows remote attackers to cause a denial of service stack consumption and application failure via a TCP-based service created. CVE-STATUS: default CVE-REV: defaul...
Advisory ROSA-SA-2021-1889
Software: libseccomp 2.3.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-9893 CVE-Crit: CRITICAL CVE-DESC: libseccomp before 2.4.0 incorrectly generated argument comparisons of 64-bit system calls using arithmetic operators LT, GT, LE, GE, which could lead to seccomp filter bypass and potential privilege...
Advisory ROSA-SA-2021-1887
Software: libreswan 3.25 OS: Cobalt 7.9 CVE-ID: CVE-2019-10155 CVE-Crit: LOW CVE-DESC: The Libreswan project has discovered a vulnerability in the handling of IKEv1 information exchange packets that are encrypted and integrity protected using the established IKE SA encryption and integrity keys,...
Advisory ROSA-SA-2021-1882
Software: libpcap 1.5.3 OS: Cobalt 7.9 CVE-ID: CVE-2019-15165 CVE-Crit: MEDIUM CVE-DESC: sf-pcapng.c in libpcap before 1.9.1 incorrectly checks the length of the PHB header before allocating memory. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15161 CVE-Crit: MEDIUM CVE-DESC: rpcapd /...
Advisory ROSA-SA-2021-1816
Software: cups 1.6.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-6891 CVE-Crit: HIGH CVE-DESC: lppasswd in CUPS before 1.7.1 when run with setuid privileges allows local users to read parts of arbitrary files via modified HOME environment variable and symbolic link attack using .cups / client.conf. CVE-STATU...
Advisory ROSA-SA-2025-3034
software: opencv 4.10.0 AXIS: ROSA-CHROME affected versions: None CVE-ID: CVE-2025-53644 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in OpenCV 4.10.0 and 4.11.0 is the use of an uninitialized pointer when processing JPEGs, which can lead to arbitrary memory writes. CVE-STATUS: Not...
Advisory ROSA-SA-2025-2840
Software: expat 2.2.5 OS: ROSA Virtualization 2.1 packageevrstring: expat-2.2.5-16.0.1.rv3 CVE-ID: CVE-2021-45960 BDU-ID: 2022-01003 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the storeAtts function of the Expat library involves uncontrolled resource consumption. Exploitation of the vulnerabili...
Advisory ROSA-SA-2025-2830
Software: golang 1.19.13 OS: ROSA Virtualization 3.0 packageevrstring: golang-1.19.13-2.rv30 CVE-ID: CVE-2023-29402 BDU-ID: 2023-03201 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Cgo module of the Go programming language is related to incorrect code generation control when handling directory...
Advisory ROSA-SA-2025-2679
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent PUT an...
Advisory ROSA-SA-2025-2630
software: libde265 1.0.14 OS: ROSA-CHROME packageevrstring: libde265-1.0.14-1 CVE-ID: CVE-2021-36410 BDU-ID: 2023-01688 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the putepelhvfallback function of the fallback-motion.cc component of the h.265 Libde265 video codec implementation is related to...
Advisory ROSA-SA-2024-2543
software: trousers 0.3.14 WASP: ROSA-CHROME packageevrstring: trousers-0.3.14-5 CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in TrouSerS: Vulnerability to create system.data files when running the tcsd daemon with root privileges. CVE-STATUS: The vulnerability has...
Advisory ROSA-SA-2024-2475
Software: ipmitool 1.8.18 OS: ROSA-CHROME packageevrstring: ipmitool-1.8.18-22 CVE-ID: CVE-2020-5208 BDU-ID: 2020-04640 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the readfruareasection lib/ipmifru.c function of the ipmitool IPMI-enabled device management and configuration utility is related to...
Advisory ROSA-SA-2024-2474
software: libraw 0.20.2 OS: ROSA-CHROME packageevrstring: libraw-0.20.2-4 CVE-ID: CVE-2020-22628 BDU-ID: 2023-05897 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the LibRaw::stretch function of the LibRaw image processing library is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2412
software: libxpm 3.5.17 OS: ROSA-CHROME packageevrstring: libxpm-3.5.17-1 CVE-ID: CVE-2023-43788 BDU-ID: 2023-06887 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XpmCreateXpmImageFromBuffer function of the X Pixmap Image File XPM libXpm library is related to reading data beyond buffer...
Advisory ROSA-SA-2024-2391
Software: ImageMagick 6.9.10.68 OS: rosa-server79 packageevrstring: ImageMagick-6.9.10.68-7.res7 CVE-ID: CVE-2021-40211 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem was detected in ImageMagick via division by zero in the ReadEnhMetaFile function of the coders/emf.c file. CVE-STATUS: Fixed...
Advisory ROSA-SA-2024-2372
Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46-10.el8.src.rpm CVE-ID: CVE-2020-15719 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: libldap in some third-party OpenLDAP packages has a certificate validation error when the third-party package asserts support for...
Advisory ROSA-SA-2024-2328
Software: libpng 1.6.34 OS: ROSA Virtualization 2.1 packageevrstring: libpng-1.6.34-5.0.1.rv3.src.rpm CVE-ID: CVE-2019-7317 BDU-ID: 2019-03330 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pngimagefree function png.c of the PNG libpng bitmap graphics library involves the pngimagefreefunction...
Advisory ROSA-SA-2023-2309
Software: libcap 2.26 OS: ROSA Virtualization 2.1 packageevrstring: libcap-2.26-5.0.1.rv3.src.rpm CVE-ID: CVE-2023-2603 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: This issue occurs in libcapstrdup and can cause an integer overflow if the input string is close to 4 GB. CVE-STATUS: Fixed CVE-REV: To...
Advisory ROSA-SA-2023-2293
Software: glibc 2.28 OS: ROSA Virtualization 2.1 packageevrstring: glibc-2.28-225.rv3.src.rpm CVE-ID: CVE-2021-3999 BDU-ID: 2022-01635 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the getcwd function of the glibc system library is associated with a single offset error. Exploitation of the...
Advisory ROSA-SA-2023-2277
software: ffmpeg 4.4.3 OS: ROSA-CHROME packageevrstring: ffmpeg-4.4.3-2.src.rpm CVE-ID: CVE-2022-3109 BDU-ID: 2023-04787 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vp3decodeframe function of the libavcodec/vp3.c component of the FFmpeg multimedia library is related to a lack of validation o...
Advisory ROSA-SA-2023-2226
software: yara 4.3.1 AXIS: ROSA-CHROME packageevrstring: yara-4.3.1-1.src.rpm CVE-ID: CVE-2021-3402 BDU-ID: 2021-04875 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the YARA malware research and detection software is related to integer overflow. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2023-2175
Software: apr-util 1.5.2-6 OS: rosa-server79 packageevrstring: apr-util-1.5.2-6.res7.1 CVE-ID: CVE-2022-25147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Inte Overflow or Wraparound vulnerability in Apache Portable Runtime Utility APR-util aprbase64 functions allows an attacker to write data outside...
Advisory ROSA-SA-2021-1969
Software: sendmail 8.14.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-3956 CVE-Crit: CRITICAL CVE-DESC: The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order and therefore misses setting expected FDCLOEXEC flags, which allows local users to access unintended file...
Advisory ROSA-SA-2021-1952
Software: policycoreutils 2.5 OS: Cobalt 7.9 CVE-ID: CVE-2014-3215 CVE-Crit: CRITICAL CVE-DESC: seunshare in policycoreutils 2.2.5 belongs to the root user with permissions 4755 and executes programs in a way that changes the relationship between the setuid system call and the stored set-user-ID...
Advisory ROSA-SA-2021-1944
Software: p7zip 16.02 OS: Cobalt 7.9 CVE-ID: CVE-2018-5996 CVE-Crit: HIGH CVE-DESC: Insufficient exception handling in NCompress method :: NRar3 :: CDecoder :: Code of 7-Zip before 18.00 and p7zip can cause multiple memory corruptions in PPMd code, allowing remote attackers to cause a denial of...
Advisory ROSA-SA-2021-1924
Software: mpfr 3.1.1 OS: Cobalt 7.9 CVE-ID: CVE-2014-9474 CVE-Crit: CRITICAL CVE-DESC: Buffer overflow in mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-sensitive attackers to have undefined impact via vectors associated with incorrect documentation for mpnsetstr. CVE-STATUS:...
Advisory ROSA-SA-2021-1897
Software: libtirpc 0.2.4 OS: Cobalt 7.9 CVE-ID: CVE-2018-14621 CVE-Crit: HIGH CVE-DESC: An infinite loop vulnerability was discovered in libtirpc before version 1.0.2-rc2. If a port uses polling rather than selection, exhaustion of file descriptors will cause the server to enter an infinite loop,...
Advisory ROSA-SA-2021-1891
Software: libsolv 0.6.34 OS: Cobalt 7.9 CVE-ID: CVE-2019-20387 CVE-Crit: HIGH CVE-DESC: repodataschema2id in repodata.c in libsolv before version 0.7.6 has an excessive heap-based buffer read due to the last schema being less than the length of the input schema. CVE-STATUS: default CVE-REV: defau...
Advisory ROSA-SA-2021-1881
Software: libntlm 1.3 OS: Cobalt 7.9 CVE-ID: CVE-2019-17455 CVE-Crit: CRITICAL. CVE-DESC: Libntlm before 1.5 relies on fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge and tSmbNtlmAuthResponse for read and write operations, as demonstrated by stack-based buffer overflow in...
Advisory ROSA-SA-2021-1879
Software: libmwaw 0.3.5 OS: Cobalt 7.9 CVE-ID: CVE-2017-9433 CVE-Crit: CRITICAL CVE-DESC: The libmwaw document release project prior to 08.04.2017 had an out-of-range entry caused by a heap-based buffer overflow associated with the MsWrd1Parser :: readFootnoteCorrespondance function in lib /...
Advisory ROSA-SA-2021-1861
Software: less 458 OS: Cobalt 7.9 CVE-ID: CVE-2014-9488 CVE-Crit: CRITICAL. CVE-DESC: The isutf8wellformed function in GNU less to 475 allows remote attackers to have undefined impact using garbled UTF-8 characters, causing reads outside the valid range. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1838
Software: gcc 4.8.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-12886 CVE-Crit: HIGH CVE-DESC: stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate sequences of instructions when targeting ARM targets that...
Advisory ROSA-SA-2021-1822
Software: dhcp 4.2.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-2494 CVE-Crit: HIGH CVE-DESC: libdns in ISC DHCP 4.2.x through 4.2.5-P1 allows remote name servers to cause a denial of service memory consumption using vectors that include a regular expression, as demonstrated by a memory scarcity attack on a...
Advisory ROSA-SA-2026-3290
software: kernel-5.15 5.15.193 WASP: ROSA-CHROME unaffected versions = kernel-5.15-5.15.193-6 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption...
Advisory ROSA-SA-2025-2795
Software: dnsmasq 2.79 OS: ROSA Virtualization 3.0 packageevrstring: dnsmasq-2.79-33.0.1.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...
Advisory ROSA-SA-2025-2748
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...