1374 matches found
Advisory ROSA-SA-2025-2621
software: xerces-j2 2.12.0 WASP: ROSA-CHROME packageevrstring: xerces-j2-2.12.0-4 CVE-ID: CVE-2022-23437 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Xerces Java XercesJ XML parser causes it to hang in an infinite loop when processing specially crafted XML documents...
Advisory ROSA-SA-2025-2618
software: libid3tag 0.15.1b WASP: ROSA-CHROME packageevrstring: libid3tag-0.15.1b-24 CVE-ID: CVE-2017-11550 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libid3tag allows remote attackers to cause a denial of service via a special mp3 file. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2603
software: dbus 1.12.20 WASP: ROSA-CHROME packageevrstring: dbus-1.12.20-8 CVE-ID: CVE-2022-42010 BDU-ID: 2022-06389 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the D-Bus interprocess communication system is related to the reachability of an assertion in debug assemblies caused by a syntactical...
Advisory ROSA-SA-2025-2600
software: qt5-qtnetworkauth 5.15.10 WASP: ROSA-CHROME packageevrstring: qt5-qtnetworkauth-5.15.10-2 CVE-ID: CVE-2024-36048 BDU-ID: None CVE-Crit: DATA LOSS. CVE-DESC.: Vulnerability in Qt Network Authorization allows guessing values due to using only time for PRNG initialization. CVE-STATUS: The...
Advisory ROSA-SA-2025-2563
Software: firefox 128.4.0 OS: rosa-server79 packageevrstring: firefox-128.4.0-1.0.1.res7 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special form...
Advisory ROSA-SA-2024-2504
Software: iperf3 3.5 OS: ROSA Virtualization 2.1 packageevrstring: iperf3-3.5-10.rv3 CVE-ID: CVE-2023-38403 BDU-ID: 2023-03980 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to integer overflow during field length processing. Exploitation of...
Advisory ROSA-SA-2024-2465
Software: uuid 1.6.2 OS: ROSA Virtualization 2.1 packageevrstring: uuid-1.6.2 CVE-ID: CVE-2013-4184 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Perl Data::UUID module from CPAN is vulnerable to symbolic link attacks CVE-STATUS: Not Relevant CVE-REV:...
Advisory ROSA-SA-2024-2455
software: avahi 0.8 WASP: ROSA-CHROME packageevrstring: avahi-0.8-12.git35bb1b.2 CVE-ID: CVE-2021-26720 BDU-ID: 2022-05969 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the avahi-daemon-check-dns.sh component of the Avahi local area network service discovery system involves the execution of a scri...
Advisory ROSA-SA-2024-2449
Software: postgresql 12.1 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.1 CVE-ID: CVE-2020-1720 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability has been discovered in PostgreSQL "ALTER ... DEPENDS ON EXTENSION" where subcommands did not perform authorization checks. An...
Advisory ROSA-SA-2024-2375
Software: resteasy 3.0.26 OS: ROSA Virtualization 2.1 packageevrstring: resteasy-c-3.0.26-6.0.1.rv3 CVE-ID: CVE-2020-10688 BDU-ID: 2024-01096 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RESTEasy software tool is related to the failure to take measures to protect the structure of a web page...
Advisory ROSA-SA-2024-2327
Software: libnbd 1.6.0 OS: ROSA Virtualization 2.1 packageevrstring: libnbd-1.6.0-5.rv3.src.rpm CVE-ID: CVE-2022-0485 BDU-ID: 2022-01701 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libnbd library's nbdcopy tool is related to an exception handling flaw. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2288
software: libreoffice 7.6.2 OS: ROSA-CHROME packageevrstring: libreoffice-7.6.2-4.src.rpm CVE-ID: CVE-2023-1183 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in the Libreoffice package. An attacker could create an odb containing a "database/script" file using the SCRIPT...
Advisory ROSA-SA-2023-2265
Software: openjpeg 1.5.2 OS: ROSA-CHROME packageevrstring: openjpeg-1.5.2-7.src.rpm CVE-ID: CVE-2016-3182 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The coloresycctorgb function in bin/common/color.c in OpenJPEG before version 2.1.1 allows attackers to cause a denial of service memory corruption vi...
Advisory ROSA-SA-2023-2213
Software: java-11-openjdk 11.0.19.0.7 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.19.0.7-1.res7 CVE-ID: CVE-2023-21930 BDU-ID: 2023-02179 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition...
Advisory ROSA-SA-2023-2204
Software: pcre2 10.32 OS: ROSA Virtualization 2.1 packageevrstring: pcre2-10.32-3.rv3.src.rpm CVE-ID: CVE-2022-1586 BDU-ID: 2022-03770 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the compilexclassmatchingpath function of the PCRE2 library is related to reading data beyond buffer boundaries in...
Advisory ROSA-SA-2021-1933
Software: numpy 1.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-12852 CVE-Crit: HIGH CVE-DESC: There is no input validation for the numpy.pad function in Numpy 1.13.1 and earlier. An empty list or ndarray will remain in an infinite loop, which may allow attackers to launch a DoS attack. CVE-STATUS: default...
Advisory ROSA-SA-2021-1903
Software: libwmf 0.2.8.4 OS: Cobalt 7.9 CVE-ID: CVE-2016-9011 CVE-Crit: MEDIUM CVE-DESC: The wmfmalloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service application crash via a crafted wmf file, causing a memory allocation failure. CVE-STATUS: default CVE-RE...
Advisory ROSA-SA-2021-1875
Software: libjpeg-turbo 1.2.90 OS: Cobalt 7.9 CVE-ID: CVE-2014-9092 CVE-Crit: MEDIUM CVE-DESC: libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service crash via a crafted JPEG file associated with an Exif token. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1810
Software: cairo 1.15.12 OS: Cobalt 7.9 CVE-ID: CVE-2018-18064 CVE-Crit: MEDIUM CVE-DESC: cairo before version 1.15.14 has an off-stack write while processing a generated document with WebKitGTK + due to interaction between cairo-rectangular-scan-converter.c generate and renderrows functions and...
Advisory ROSA-SA-2025-3078
Software: openssh 8.0p1 OS: ROSA Virtualization 3.1 CVE-ID: CVE-2019-16905 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the implementation of the OpenSSH cryptographic security tool is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker to execute...
Advisory ROSA-SA-2025-2899
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...
Advisory ROSA-SA-2025-2868
Software: libxml2 2.9.1 OS: rosa-server79 packageevrstring: libxml2-2.9.1-6.0.1.res7.6 CVE-ID: CVE-2024-56171 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in libxml2: use-after-free in xmlschemas.c. CVE-STATUS: Vulnerability resolved. CVE-REV: To close the vulnerability, run the command:...
Advisory ROSA-SA-2025-2858
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...
Advisory ROSA-SA-2025-2750
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-33.rv3 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-2708
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9 CVE-ID: CVE-2018-18557 BDU-ID: 2019-00884 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the JBIGDecode function "tifjbig.c" of the LibTIFF library for viewing, editing, and converting TIFF files involves bugs th...
Advisory ROSA-SA-2025-2701
Software: gzip 1.9 OS: ROSA Virtualization 3.0 packageevrstring: gzip-1.9 CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker acting remotely to...
Advisory ROSA-SA-2025-2688
Software: perl 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-0.074-2 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authentication procedure. Exploitatio...
Advisory ROSA-SA-2025-2658
software: tidy 5.7.28 WASP: ROSA-CHROME packageevrstring: tidy-5.7.28-2 CVE-ID: CVE-2021-33391 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in HTML Tidy's HTACG allows an attacker to execute arbitrary code via the -g option of the CleanNode function in gdoc.c. CVE-STATUS: The...
Advisory ROSA-SA-2024-2517
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-3 CVE-ID: CVE-2019-16275 BDU-ID: 2019-04775 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Wi-Fi WPA Supplicant secure access component is related to a flaw in the input validation mechanism. Exploitation of the...
Advisory ROSA-SA-2024-2476
software: ldns 1.8.3 OS: ROSA-CHROME packageevrstring: ldns-1.8.3-1 CVE-ID: CVE-2020-19861 BDU-ID: 2022-05917 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ldnsnsec3saltdata function of the DNS LDNS library is related to reading outside the allowed data buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2024-2464
Software: util-linux 2.32.1 OS: ROSA Virtualization 2.1 packageevrstring: util-linux-2.32.1 CVE-ID: CVE-2022-0563 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A compilation vulnerability with Readline support has been discovered in the util-linux utilities chfn and chsh. The Readline library uses the...
Advisory ROSA-SA-2024-2413
software: mariadb 10.5.23 AXIS: ROSA-CHROME packageevrstring: mariadb-10.5.23-1 CVE-ID: CVE-2022-47015 BDU-ID: 2023-03856 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the spiderdbmbase::printwarnings function of the MariaDB DBMS is related to pointer dereferencing errors. Exploitation of the...
Advisory ROSA-SA-2024-2330
software: epiphany 42.2 WASP: ROSA-CHROME packageevrstring: epiphany-42.2-4.src.rpm CVE-ID: CVE-2023-26081 BDU-ID: 2023-01753 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Epiphany web browser is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2023-2243
Software: avahi 0.7 OS: ROSA Virtualization 2.1 packageevrstring: avahi-0.7-19.0.1.rv3 CVE-ID: CVE-2021-3468 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in avahi in versions 0.6 through 0.8. The event used to signal the termination of a client connection in the avahi Unix socket...
Advisory ROSA-SA-2021-2005
Software: zsh 5.0.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-10070 CVE-Crit: HIGH CVE-DESC: zsh before 5.0.7 allows the initial values of integer variables imported from the environment to be evaluated instead of treating them as literal numbers. This may allow local privilege escalation under some specif...
Advisory ROSA-SA-2021-1958
Software: pywbem 0.7.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-6418 CVE-Crit: HIGH CVE-DESC: PyWBEM 0.7 and earlier versions use a separate connection to validate X.509 certificates, which allows "attacker-in-the-middle" attackers to trick a peer node with an arbitrary certificate. CVE-STATUS: default...
Advisory ROSA-SA-2021-1941
Software: orc 0.4.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-8015 CVE-Crit: HIGH CVE-DESC: In Apache ORC 1.0.0-1.4.3, a corrupted ORC file can trigger an infinitely recursive function call in a C ++ or Java parser. The consequence of this error is likely to be a denial of service for software that uses t...
Advisory ROSA-SA-2021-1904
Software: libxkbcommon 0.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-15858 CVE-Crit: MEDIUM CVE-DESC: Unchecked use of NULL pointer when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp / keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash dereference NULL pointer...
Advisory ROSA-SA-2021-1895
Software: libtasn1 4.10 OS: Cobalt 7.9 CVE-ID: CVE-2017-10790 CVE-Crit: HIGH CVE-DESC: The asn1checkidentifier function in GNU Libtasn1 - 4.12 causes the dereferencing of a NULL pointer and a failure to read the created input, which triggers the assignment of a NULL value in the asn1node structur...
Advisory ROSA-SA-2021-1870
Software: libgcrypt 1.5.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-5270 CVE-Crit: CRITICAL CVE-DESC: Libgcrypt before 1.5.4, used in GnuPG and other products, incorrectly performs ciphertext normalization and ciphertext randomization, making it easier for physically proximate attackers to conduct key...
Advisory ROSA-SA-2021-1827
Software: elinks 0.12 OS: Cobalt 7.9 CVE-ID: CVE-2012-6709 CVE-Crit: MEDIUM CVE-DESC: ELinks 0.12 and Twibright Links 2.3 lack SSL certificate validation. CVE-STATUS: Default CVE-REV: Default...
Advisory ROSA-SA-2026-3145
Software: git 2.43.5 OS: ROSA Virtualization 3.1 unaffected versions = git-2.43.5-3.rv31 affected versions git-2.43.5-3.rv31 CVE-ID: CVE-2023-25652 BDU-ID: 2023-03859 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path...
Advisory ROSA-SA-2025-3073
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 unaffected versions = libxml2-2.9.7-21.0.1.rv30.3 affected versions libxml2-2.9.7-21.0.1.1.rv30.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...
Advisory ROSA-SA-2025-2873
Software: python3-base 3.6.8 OS: rosa-server79 packageevrstring: python3-base-3.6.8-21.0.3.res7 CVE-ID: CVE-2021-3177 BDU-ID: 2021-01781 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyCArgrepr ctypes/callproc.c function of the Python programming language interpreter is related to buffer...
Advisory ROSA-SA-2025-2846
Software: iperf3 3.5 OS: ROSA Virtualization 2.1 packageevrstring: iperf3-3.5-11.rv3 CVE-ID: CVE-2024-53580 BDU-ID: 2024-11145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to improper handling of test parameters passed to the server in json...
Advisory ROSA-SA-2025-2788
Software: postgresql 9.2.24 OS: rosa-server79 packageevrstring: postgresql-9.2.24-9.0.4.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, arraysubscripthandler functions of the PostgreSQL database management system is related...
Advisory ROSA-SA-2025-2759
Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.5.res7.13 CVE-ID: CVE-2023-46846 BDU-ID: 2023-08063 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Squid proxy server chunked decoder is related to the server interpreting fragmented encoding syntax. Exploitation of...
Advisory ROSA-SA-2025-2639
software: faad2 2.11.1 OS: ROSA-CHROME packageevrstring: faad2-2.11.1-1 CVE-ID: CVE-2023-38858 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Buffer overflow vulnerability in infaad2 allows a remote attacker to execute arbitrary code via the mp4info function. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2631
software: libheif 1.12.0 WASP: ROSA-CHROME packageevrstring: libheif-1.12.0-4 CVE-ID: CVE-2021-36410 BDU-ID: 2023-01688 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the putepelhvfallback function of the fallback-motion.cc component of the h.265 Libde265 video codec implementation is related to...
Advisory ROSA-SA-2024-2539
software: zabbix5.0 5.0.40 WASP: ROSA-CHROME packageevrstring: zabbix5.0-5.0.40-1 CVE-ID: CVE-2023-32721 BDU-ID: 2023-06803 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System interface is related to insufficient input validation when processing the URL field of th...