1374 matches found
Advisory ROSA-SA-2021-1848
Software: gparted 0.33.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-7208 CVE-Crit: HIGH CVE-DESC: GParted before version 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the created file system label. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1845
Software: gnome-keyring 3.28.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-19358 CVE-Crit: HIGH CVE-DESC: The GNOME keyring up to version 3.28.2 allows local users to obtain login credentials through the Secret Service API call and the D-Bus interface if the keyring is unlocked, similar to CVE-2008-7320. On...
Advisory ROSA-SA-2021-1814
Software: coreutils 8.22 OS: Cobalt 7.9 CVE-ID: CVE-2017-18018 CVE-Crit: MEDIUM CVE-DESC: In GNU Coreutils before 8.29, chown-core.c in chown and chgrp does not prevent replacing a simple file with a symbolic link while using POSIX "-R -L" parameters, allowing local users to change ownership of...
Advisory ROSA-SA-2026-3288
software: kernel-6.6 6.6.126 WASP: ROSA-CHROME unaffected versions = kernel-6.6-6.6.6.126-6 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption an...
Advisory ROSA-SA-2025-2857
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...
Advisory ROSA-SA-2025-2853
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2024-5535 BDU-ID: 2024-06988 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSLselectnextproto function of the TLS and SSL OpenSSL protocol toolkit is related to information disclosure...
Advisory ROSA-SA-2025-2827
Software: postgresql 13.20 OS: ROSA Virtualization 3.0 packageevrstring: postgresql-13.20-1.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is related to a...
Advisory ROSA-SA-2025-2791
Software: bind 9.11.36 OS: ROSA Virtualization 3.0 packageevrstring: bind-9.11.36-16.rv30.4 CVE-ID: CVE-2022-3094 BDU-ID: 2023-00580 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the named component of the DNS BIND server is related to the ability to use memory after it has been freed. Exploitatio...
Advisory ROSA-SA-2025-2783
Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 packageevrstring: libssh-0.9.6-14.rv30 CVE-ID: CVE-2023-6004 BDU-ID: 2024-00199 CVE-Crit: LOW CVE-DESC.: A vulnerability in the ProxyCommand/ProxyJump component of the libssh library is related to improper code generation controls. Exploitation o...
Advisory ROSA-SA-2025-2732
Software: pam 1.3.1 OS: ROSA Virtualization 3.0 packageevrstring: pam-1.3.1-36.0.1.rv30 CVE-ID: CVE-2024-10041 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in PAM allows an attacker to access sensitive information stored in memory through the execution of a victim program by sending...
Advisory ROSA-SA-2025-2705
Software: libjpeg-turbo 1.5.2003 OS: ROSA Virtualization 3.0 packageevrstring: libjpeg-turbo-1.5.2003 CVE-ID: CVE-2020-17541 BDU-ID: 2023-07622 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the Libjpeg-turbo image manipulation library is related to writing beyond buffer boundaries. Exploitatio...
Advisory ROSA-SA-2025-2699
Software: perl-HTTP-Tiny 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-HTTP-Tiny-0.074-2 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authentication...
Advisory ROSA-SA-2025-2655
Software: webkit4 2.44.1 OS: ROSA-CHROME packageevrstring: webkit4-2.44.1-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...
Advisory ROSA-SA-2025-2647
software: fuseiso 20070708 WASP: ROSA-CHROME packageevrstring: fuseiso-20070708-12 CVE-ID: CVE-2015-8836 BDU-ID: 2016-00922 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the isofsrealreadzf isofs.c function of the FuseISO disk image mount software tool is caused by an integer overflow...
Advisory ROSA-SA-2025-2555
Software: cups 1.6.3 OS: rosa-server79 packageevrstring: cups-1.6.3-52.res7 CVE-ID: CVE-2023-32360 BDU-ID: 2023-07653 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authentication procedure. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2498
Software: python-jwcrypto 0.5.0 OS: ROSA Virtualization 2.1 packageevrstring: python-jwcrypto-0.5.0-2.rv3 CVE-ID: CVE-2024-28102 BDU-ID: 2024-01978 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the deserialize JavaScript library function for Jwcrypto is associated with uncontrolled resource...
Advisory ROSA-SA-2024-2473
software: net-snmp 5.9 WASP: ROSA-CHROME packageevrstring: net-snmp-5.9-3 CVE-ID: CVE-2022-44792 BDU-ID: 2024-06510 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the handleipDefaultTTL function of the Net-SNMP software suite of the Linux operating system is associated with a NULL Pointer...
Advisory ROSA-SA-2024-2452
software: redis 7.0.14 OS: ROSA-CHROME packageevrstring: redis-7.0.14-1 CVE-ID: CVE-2023-41053 BDU-ID: 2023-05475 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system is related to insecure privilege management. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2023-2280
Software: cockpit 264.2 OS: ROSA Virtualization 2.1 packageevrstring: cockpit-264.2-1.0.1.rv3c.src.rpm CVE-ID: CVE-2021-3660 BDU-ID: 2021-04029 CVE-Crit: MEDIUM CVE-DESC.: A manager vulnerability for Cockpit servers is related to errors in the display of the user interface or frames. Exploitation...
Advisory ROSA-SA-2023-2224
software: mosquitto 2.0.15 WASP: ROSA-CHROME packageevrstring: mosquitto-2.0.15-2.src.rpm CVE-ID: CVE-2021-34431 BDU-ID: 2022-01775 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message i...
Advisory ROSA-SA-2023-2132
Software: pesign 0.109 OS: rosa-server79 packageevrstring: pesign-0.109-11 CVE-ID: CVE-2022-3560 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: A flaw has been found in the design. The pesign package provides a systemd service used to run the pesign daemon. This service module runs a script to set ACLs...
Advisory ROSA-SA-2021-2003
Software: yum-utils 1.1.31 OS: Cobalt 7.9 CVE-ID: CVE-2018-10897 CVE-Crit: HIGH CVE-DESC: A directory traversal issue was discovered in reposync, part of yum-utils, where reposync cannot clear paths in remote repository configuration files. If an attacker controls the repository, they can copy...
Advisory ROSA-SA-2021-1978
Software: stunnel 4.56 OS: Cobalt 7.9 CVE-ID: CVE-2014-0016 CVE-Crit: MEDIUM CVE-DESC: stunnel before 5.00 when using fork streaming does not properly update the OpenSSL pseudo-random number generator PRNG state, which causes subsequent children with the same process ID to use the same entropy po...
Advisory ROSA-SA-2021-1953
Software: poppler 0.26.5 OS: Cobalt 7.9 CVE-ID: CVE-2017-7511 CVE-Crit: MEDIUM CVE-DESC: poppler, since version 0.17.3, was vulnerable to null pointer dereferencing in pdfunite caused by specially crafted documents. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2017-7515 CVE-Crit: MEDIUM...
Advisory ROSA-SA-2021-1946
Software: path 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2014-9637 CVE-Crit: MEDIUM CVE-DESC: GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation error with a crafted diff file. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2015-1196...
Advisory ROSA-SA-2021-1943
Software: p11-kit 0.23.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-29361 CVE-Crit: HIGH CVE-DESC: A problem was found in p11-kit 0.21.1 to 0.23.21. Multiple integer overflows were found in array allocation in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling...
Advisory ROSA-SA-2021-1923
Software: modwsgi 3.4 OS: Cobalt 7.9 CVE-ID: CVE-2014-8583 CVE-Crit: CRITICAL CVE-DESC: modwsgi before 4.2.4 for Apache when creating a daemon process group does not handle properly when group privileges cannot be discarded, which could allow attackers to gain privileges via undefined vectors...
Advisory ROSA-SA-2021-1920
Software: minicom 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-7467 CVE-Crit: CRITICAL CVE-DESC: A buffer overflow error was detected in the way minicom pre-2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially exploit this vulnerability to crash minicom or execute arbitrar...
Advisory ROSA-SA-2021-1819
Software: cvs 1.11.23 OS: Cobalt 7.9 CVE-ID: CVE-2020-2324 CVE-Crit: HIGH CVE-DESC: The Jenkins CVS 2.16 and earlier plug-in does not configure its XML syntactic parser to prevent attacks on XML external objects XXE. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2026-3142
Software: cups 2.2.6 OS: ROSA Virtualization 3.1 unaffected versions = cups-2.2.6-66.rv31 affected versions cups-2.2.6-66.rv31 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer dereferencing du...
Advisory ROSA-SA-2025-3066
Software: dhcp 4.4.2 OS: ROSA Virtualization 3.0 unaffected versions = dhcp-4.4.2-19.b1.rv30 affected versions dhcp-4.4.2-19.b1.rv30 CVE-ID: CVE-2021-25217 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A software vulnerability providing the DHCP Dynamic Host Configuration Protocol service to the network is...
Advisory ROSA-SA-2025-2897
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...
Advisory ROSA-SA-2025-2825
Software: python-pip 9.0.3 OS: ROSA Virtualization 3.0 packageevrstring: python-pip-9.0.3-24.rv30 CVE-ID: CVE-2007-4559 BDU-ID: 2022-05975 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the extract and extractall functions of the tarfile module of the Python programming language interpreter is...
Advisory ROSA-SA-2025-2702
Software: ipmitool 1.8.18 OS: ROSA Virtualization 3.0 packageevrstring: ipmitool-1.8.18 CVE-ID: CVE-2020-5208 BDU-ID: 2020-03947 CVE-Crit: HIGH CVE-DESC.: An implementation vulnerability in multiple functions readfruarea, readfruareasection, ipmispdprintfru, ipmigetsessioninfo,...
Advisory ROSA-SA-2025-2675
software: libssh2 1.10.0 OS: ROSA-CHROME packageevrstring: libssh2-1.10.0-3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process...
Advisory ROSA-SA-2025-2661
software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3 CVE-ID: CVE-2023-47100 BDU-ID: 2023-08382 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Sparseunipropstring function of the regcomp.c file of the Perl programming language interpreter is related to an operation exceeding...
Advisory ROSA-SA-2025-2657
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0 CVE-ID: CVE-2022-4645 BDU-ID: 2023-05401 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility tools/tiffcp.c:948 of the libtiff library involves reading beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2656
Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5 CVE-ID: CVE-2024-24575 BDU-ID: 2024-01378 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/libgit2/revparse.c component of the C Libgit2 implementation of Git methods is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2025-2650
Software: webmin 2.105 WASP: ROSA-CHROME packageevrstring: webmin-2.105-1 CVE-ID: CVE-2022-3844 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Webmin allows basic client-side scripting to be run via the xterm/index.cgi function. CVE-STATUS: The vulnerability has been resolved CVE-REV...
Advisory ROSA-SA-2025-2633
software: mosquitto 2.0.15 WASP: ROSA-CHROME packageevrstring: mosquitto-2.0.15 CVE-ID: CVE-2023-0809 BDU-ID: 2024-04210 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CONNECT component of the Eclipse Mosquitto message broker is related to memory allocation based on an unreliable value of lar...
Advisory ROSA-SA-2025-2627
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-6 CVE-ID: CVE-2023-3576 BDU-ID: 2023-05973 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility of the LibTIFF library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2567
software: curl 8.7.1 OS: ROSA-CHROME packageevrstring: curl-8.7.1-1 CVE-ID: CVE-2024-0853 BDU-ID: 2024-01014 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TLS protocol implementation of the cURL command line utility is related to erroneous storage of the session ID as a result of a lack of...
Advisory ROSA-SA-2024-2472
software: zip 3.0 WASP: ROSA-CHROME packageevrstring: zip-3.0-15 CVE-ID: CVE-2018-13410 BDU-ID: 2021-03766 CVE-Crit: HIGH CVE-DESC.: A vulnerability in zip file compression software is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2470
software: systemd 249 WASP: ROSA-CHROME packageevrstring: systemd-249-1.gitfab79a.21 CVE-ID: CVE-2022-3821 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An off-by-one error problem was discovered in Systemd in the formattimespan function time-util.c. An attacker could provide specific values for time...
Advisory ROSA-SA-2024-2428
software: djvulibre 3.5.28 WASP: ROSA-CHROME packageevrstring: djvulibre-3.5.28-4 CVE-ID: CVE-2021-3500 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A flaw was discovered in djvulibre. A stack overflow in DJVU::DjVuDocument::getdjvufile via a created djvu file may cause the application to crash and...
Advisory ROSA-SA-2024-2423
Software: libmpeg2 0.5.1 OS: ROSA Virtualization 2.1 packageevrstring: libmpeg2-0.5.1 CVE-ID: CVE-2022-37416 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Ittiam libmpeg2 uses memcpy with overlapping memory blocks in impeg2mcfullxfullxfullx8x8. CVE-STATUS: Not Relevant CVE-REV:...
Advisory ROSA-SA-2023-2303
software: poppler 22.05.0 WASP: ROSA-CHROME packageevrstring: poppler-22.05.0-7.src.rpm CVE-ID: CVE-2023-34872 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Outline.cc for Poppler before version 23.06.0 allows a remote attacker to cause a denial of service DoS crash via a created PD...
Advisory ROSA-SA-2023-2261
software: mujs 1.3.3 AXIS: ROSA-CHROME packageevrstring: mujs-1.3.3.3-1.src.rpm CVE-ID: CVE-2016-10141 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS to...
Advisory ROSA-SA-2023-2186
software: pidgin 2.14.12 WASP: ROSA-CHROME packageevrstring: pidgin-2.14.12-1.src.rpm CVE-ID: CVE-2022-26491 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A remote attacker who can spoof DNS responses can redirect the client connection to a malicious server. The client will perform TLS certificate...
Advisory ROSA-SA-2023-2095
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-22 CVE-ID: CVE-2022-4283 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting i...