1374 matches found
Advisory ROSA-SA-2024-2505
SOFTWARE: 389-ds-base 1.4.3.8 OS: ROSA Virtualization 2.1 packageevrstring: 389-ds-base-1.4.3.8-5.0.2.rv3 CVE-ID: CVE-2020-35518 BDU-ID: 2023-02645 CVE-Crit: MEDIUM CVE-DESC.: A 389 Directory Server authentication vulnerability involves information disclosure when verifying the existence of a...
Advisory ROSA-SA-2024-2456
Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...
Advisory ROSA-SA-2024-2424
Software: libsolv 0.7.11 OS: ROSA Virtualization 2.1 packageevrstring: libsolv-0.7.11 CVE-ID: CVE-2021-44568 BDU-ID: 2023-05482 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the resolvedependencies function of the libsolv library is related to writing beyond buffer boundaries in memory. Exploitati...
Advisory ROSA-SA-2024-2392
Software: python-pillow 2.0.0-25 OS: rosa-server79 packageevrstring: python-pillow-2.0.0.0-25.gitd1c6db8.res7 CVE-ID: CVE-2023-44271 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem has been detected in Pillow. It is a denial of service that uncontrollably allocates memory to process a given task...
Advisory ROSA-SA-2024-2350
Software: LibRaw 0.19.4 OS: rosa-server79 packageevrstring: LibRaw-0.19.4-2.res7 CVE-ID: CVE-2021-32142 BDU-ID: 2023-03833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LibRawbufferdatastream::gets function of the src/librawdatastream.cpp component of the LibRaw image processing library is...
Advisory ROSA-SA-2024-2342
software: ostree 2022.7 WASP: ROSA-CHROME packageevrstring: ostree-2022.7-1.src.rpm CVE-ID: CVE-2022-47085 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The issue detected in ostree allows attackers to cause a denial of service or other unspecified consequences using the printpanic function in...
Advisory ROSA-SA-2024-2324
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-25.res7 CVE-ID: CVE-2023-6377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An error has been detected in xorg-server. Requesting or modifying XKB button actions, such as switching from touchpad to mouse, can...
Advisory ROSA-SA-2023-2294
software: emacs 28.1 WASP: ROSA-CHROME packageevrstring: emacs-28.1-4.src.rpm CVE-ID: CVE-2023-27985 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: emacsclient-mail.desktop in Emacs 28.1-28.2 is vulnerable to injecting shell commands via the generated mailto: URI. This is due to an inconsistency with the...
Advisory ROSA-SA-2023-2263
software: ncurses 6.2 WASP: ROSA-CHROME packageevrstring: ncurses-6.2-6.src.rpm CVE-ID: CVE-2022-29458 BDU-ID: 2023-00296 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the convertstrings function of the convertstrings component of the tinfo/readentry.c component of the Ncurses terminal I/O contr...
Advisory ROSA-SA-2023-2244
Software: babel 2.5.1 OS: ROSA Virtualization 2.1 packageevrstring: babel-2.5.1-7.rv3 CVE-ID: CVE-2021-42771 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary local .dat files containing serialized Python objects via directory traversal,...
Advisory ROSA-SA-2023-2238
software: less 608 WASP: ROSA-CHROME packageevrstring: less-608-2.src.rpm CVE-ID: CVE-2022-46663 BDU-ID: 2023-00696 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Less UNIX-like UNIX text terminal utility is related to incorrect filtering of embedded ANSI sequences when processing the -R...
Advisory ROSA-SA-2023-2199
Software: aspell 0.60.6.1 OS: ROSA Virtualization 2.1 packageevrstring: aspell-0.60.6.1.1-21.rv3.1.src.rpm CVE-ID: CVE-2019-17544 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer that is reloaded in acommon::unescape in common/getdata.cpp...
Advisory ROSA-SA-2023-2195
software: salt 3004.2 WASP: ROSA-CHROME packageevrstring: salt-3004.2-1.src.rpm CVE-ID: CVE-2022-22967 BDU-ID: 2022-03745 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PAM auth function of the Salt configuration management and remote operations execution system is related to the lack of a vali...
Advisory ROSA-SA-2021-1974
Software: vdagent spices 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-15108 CVE-Crit: HIGH CVE-DESC: spices vdagent up to 0.17.0 in a way that does not avoid saving the directory before going to the shell, allowing an attacker with access to the session running the agent to inject arbitrary commands to...
Advisory ROSA-SA-2021-1934
Software: oddjob 0.31.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-10737 CVE-Crit: MEDIUM CVE-DESC: A race condition was discovered in the mkhomedir tool provided with the oddjob package in versions prior to 0.34.5 and 0.34.6, whereby during the creation of the home directory, mkhomedir copies the / etc /...
Advisory ROSA-SA-2021-1921
Software: modauthmellon 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-3878 CVE-Crit: HIGH CVE-DESC: A vulnerability was discovered in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy server and modauthmellon is configured to allow only authenticated users with the require...
Advisory ROSA-SA-2021-1912
Software: lz4 1.8.3 OS: Cobalt 7.9 CVE-ID: CVE-2019-17543 CVE-Crit: HIGH CVE-DESC: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize affecting applications that call LZ4compressfast with large input. This issue can also cause data corruption. NOTE: the...
Advisory ROSA-SA-2021-1886
Software: librepo 1.8.1 OS: Cobalt 7.9 CVE-ID: CVE-2020-14352 CVE-Crit: HIGH CVE-DESC: A bug was discovered in librepo in versions prior to 1.12.1. A directory traversal vulnerability was discovered where paths in remote repository metadata could not be cleared. An attacker controlling a remote...
Advisory ROSA-SA-2021-1858
Software: keepalived 1.3.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-19115 CVE-Crit: CRITICAL CVE-DESC: keepalived before 2.0.7 has a heap-based buffer overflow when analyzing HTTP status codes leading to DoS or possibly unspecified other impacts, because extractstatuscode in lib / html.c does not check th...
Advisory ROSA-SA-2021-1821
Software: dcraw 9.19 OS: Cobalt 7.9 CVE-ID: CVE-2018-19565 CVE-Crit: HIGH CVE-DESC: Buffer re-reading in cropmaskedpixels in dcraw before 9.28 could have been used by attackers who could provide malicious files to crash the application that binds the dcraw code or leak private information...
Advisory ROSA-SA-2021-1812
Software: cifs-utils 6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-2830 CVE-Crit: MEDIUM CVE-DESC: stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, used in pamcifscreds, allows remote attackers to have undefined impact via unknown vectors. CVE-STATUS: default CVE-REV: defau...
Advisory ROSA-SA-2021-1805
Software: ant 1.9.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-1945 CVE-Crit: MEDIUM CVE-DESC: Apache Ant 1.1 through 1.9.14 and 1.10.0 through 1.10.7 uses the default temporary directory defined by the Java system property java.io.tmpdir for several tasks, and thus may leak sensitive information. The fixcr...
Advisory ROSA-SA-2026-3266
software: kernel-6.6 6.6.126 WASP: ROSA-CHROME unaffected versions = kernel-6.6-6.6.6.126-3 affected versions kernel-6.6-6.6.6.126-3 CVE-ID: CVE-2026-43284 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in the xfrm subsystem ESP of the Linux kernel allows data decryption over non-packe...
Advisory ROSA-SA-2025-3076
Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 unaffected versions = openssh-8.0p1-26.0.2.2.rv30 affected versions openssh-8.0p1-26.0.2.2.rv30 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool...
Advisory ROSA-SA-2025-2839
Software: dnsmasq 2.79 OS: ROSA Virtualization 2.1 packageevrstring: dnsmasq-2.79-33.0.1.rv3 CVE-ID: CVE-2020-25682 BDU-ID: 2021-01118 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the extractname function rfc1035.c of the dnsmasq DNS server is related to a buffer overflow in dynamic memory...
Advisory ROSA-SA-2025-2757
Software: rsync 3.1.2 OS: rosa-server79 packageevrstring: rsync-3.1.2-12.0.2.res7 CVE-ID: CVE-2024-12085 BDU-ID: 2025-00376 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation exceeding buffer boundaries ...
Advisory ROSA-SA-2025-2743
Software: postgresql14 14.13 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.13-2PGDG.0.1.rv30 CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access...
Advisory ROSA-SA-2025-2641
Software: qemu 7.2.7 OS: ROSA-CHROME packageevrstring: qemu-7.2.7-1 CVE-ID: CVE-2023-3301 BDU-ID: 2024-04418 CVE-Crit: LOW CVE-DESC.: A vulnerability in the virtio-net interface of the QEMU hardware emulator is related to the asynchronous nature of the shutdown allowing a race scenario...
Advisory ROSA-SA-2025-2638
software: heimdal 7.8.0 WASP: ROSA-CHROME packageevrstring: heimdal-7.8.0-2 CVE-ID: CVE-2022-45142 BDU-ID: 2023-02156 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Kerberos5 heimdal protocol implementation is related to incorrect validation of the integrity check value. Exploitation of the...
Advisory ROSA-SA-2025-2620
software: lua 5.3.6 WASP: ROSA-CHROME packageevrstring: lua-5.3.6-1 CVE-ID: CVE-2020-15945 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Lua: Vulnerability segmentation fault due to incorrect update of oldpc value during function control return. CVE-STATUS: Vulnerability resolved CVE-REV: To close the...
Advisory ROSA-SA-2025-2609
software: shadow-utils 4.10 WASP: ROSA-CHROME packageevrstring: shadow-utils-4.10-7 CVE-ID: CVE-2023-4641 BDU-ID: 2024-02776 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the shadow-utils package involves requesting a password twice and failing to clear the memory buffer. Exploitation of the...
Advisory ROSA-SA-2025-2606
software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-22 CVE-ID: CVE-2023-4692 BDU-ID: 2023-06822 CVE-Crit: LOW CVE-DESC.: A vulnerability in the fs/ntfs.c component of the Grub2 operating systems loader is related to a buffer overflow in dynamic memory. Exploitation of the...
Advisory ROSA-SA-2025-2551
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.6.res7 CVE-ID: CVE-2018-20685 BDU-ID: 2019-00773 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is caused by errors in the validation of the scp.c directory name in the scp clien...
Advisory ROSA-SA-2024-2536
software: re2c 3.1 AXIS: ROSA-CHROME packageevrstring: re2c-3.1-1 CVE-ID: CVE-2022-23901 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: The re2c 2.2 stack overflow is due to infinite recursion issues in src/dfa/deadrules.cc. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update re2c...
Advisory ROSA-SA-2024-2529
Software: libtommath 0.42.0 OS: rosa-server79 packageevrstring: libtommath-0.42.0-6.res7 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to integer overflow. Exploitation of the vulnerability coul...
Advisory ROSA-SA-2024-2492
Software: krb5 1.15.1 OS: rosa-server79 packageevrstring: krb5-1.15.1-55.res7 CVE-ID: CVE-2022-42898 BDU-ID: 2022-06933 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PAC Privileged Attribute Certificate parameters of the krb5parsepac function of the Heimdal and MIT Kerberos packets of the...
Advisory ROSA-SA-2024-2480
Software: java-1.8.0-openjdk 1.8.0.412.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.412.b08-1.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM...
Advisory ROSA-SA-2024-2445
software: xrdp 0.9.23.1 OS: ROSA-CHROME packageevrstring: xrdp-0.9.23.1-1 CVE-ID: CVE-2023-40184 BDU-ID: 2023-07659 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the authstartsession function of the XRDP server is related to the bypassing of session restrictions. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2023-2295
software: tang 11 WASP: ROSA-CHROME packageevrstring: tang-11-4.src.rpm CVE-ID: CVE-2023-1672 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a race condition in the Tang server functions for key generation and key rotation. This flaw results in a small time interval during which Tang private...
Advisory ROSA-SA-2023-2291
Software: gdb 8.2 OS: ROSA Virtualization 2.1 packageevrstring: gdb-8.2-19.rv3.src.rpm CVE-ID: CVE-2019-1010180 BDU-ID: 2019-03222 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdb module of the GDB debugger is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2023-2278
Software: libssh2 1.8.0 OS: rosa-server79 packageevrstring: libssh2-1.8.0-4.res7.1.x8664.rpm CVE-ID: CVE-2020-22218 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An issue was discovered in the libssh2packetadd function in libssh2 1.10.0 that allows attackers to access external memory. CVE-STATUS: Fixed...
Advisory ROSA-SA-2023-2231
SOFTWARE: 389-ds-base 1.4.3.8 OS: ROSA Virtualization 2.1 packageevrstring: 389-ds-base-1.4.3.8.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...
Advisory ROSA-SA-2023-2197
software: suricata 6.0.12 WASP: ROSA-CHROME packageevrstring: suricata-6.0.12-1.src.rpm CVE-ID: CVE-2021-37592 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a TCP/IP stack created that can send a specific sequence of...
Advisory ROSA-SA-2023-2196
Software: bookkeeper 4.3.2 OS: ROSA-CHROME packageevrstring: bookkeeper-4.3.2-7.src.rpm CVE-ID: CVE-2022-32531 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The Apache Bookkeeper Java client before 4.14.6, and also 4.15.0 does not close the connection to the accounting server when TLS hostname validatio...
Advisory ROSA-SA-2021-1920
Software: minicom 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-7467 CVE-Crit: CRITICAL CVE-DESC: A buffer overflow error was detected in the way minicom pre-2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially exploit this vulnerability to crash minicom or execute arbitrar...
Advisory ROSA-SA-2021-1880
Software: libnotify 0.7.7 OS: Cobalt 7.9 CVE-ID: CVE-2013-7381 CVE-Crit: CRITICAL CVE-DESC: libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands using undefined characters when libnotify.notify is called. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1877
Software: libmad 0.15.1b OS: Cobalt 7.9 CVE-ID: CVE-2018-7263 CVE-Crit: CRITICAL CVE-DESC: The maddecoderrun function in decoder.c in Underbit libmad before 0.15.1b allows remote attackers to cause a denial of service SIGABRT due to double release or corruption or possibly have unspecified other...
Advisory ROSA-SA-2021-1876
Software: liblouis 2.5.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-17294 CVE-Crit: MEDIUM CVE-DESC: The matchCurrentInput function inside loutranslateString.c in Liblouis before version 3.7 does not check the length of the input string, allowing attackers to cause a denial of service application failure du...
Advisory ROSA-SA-2021-1864
Software: libcaca 0.99 OS: Cobalt 7.9 CVE-ID: CVE-2018-20544 CVE-Crit: MEDIUM CVE-DESC: floating-point exception in caca / dither.c function cacaditherbitmap in libcaca 0.99.beta19. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-20545 CVE-Crit: HIGH CVE-DESC: There is an invalid WRITE memo...
Advisory ROSA-SA-2021-1863
Software: libass 0.13.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-24994 CVE-Crit: HIGH CVE-DESC: Stack overflow in the parsetag function in libass / assparse.c in libass before version 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. CVE-STATUS: defau...