1374 matches found
Advisory ROSA-SA-2024-2521
Software: device-mapper-multipath 0.4.9 OS: rosa-server79 packageevrstring: device-mapper-multipath-0.4.9-136 CVE-ID: CVE-2022-41974 BDU-ID: 2022-06669 CVE-Crit: HIGH CVE-DESC.: A vulnerability in multipath-tools multipath-tools driver management software is related to privilege management errors...
Advisory ROSA-SA-2024-2502
Software: libndp 1.7 OS: ROSA Virtualization 2.1 packageevrstring: libndp-1.7-7.rv3 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2024-2487
Software: flatpak 1.0.9 OS: rosa-server79 packageevrstring: flatpak-1.0.9-13.res7 CVE-ID: CVE-2021-41133 BDU-ID: 2022-00259 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to a lack of blocking in the seccomp filter of mount-related...
Advisory ROSA-SA-2024-2467
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-5 CVE-ID: CVE-2023-45322 BDU-ID: 2023-06827 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlUnlinkNode function tree.c of the libxml2 library is related to memory usage after it is freed. Exploitation of the vulnerabili...
Advisory ROSA-SA-2023-2283
software: dnsmasq 2.87 WASP: ROSA-CHROME packageevrstring: dnsmasq-2.87-2.src.rpm CVE-ID: CVE-2023-28450 BDU-ID: 2023-02265 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Dnsmasq DNS server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2023-2098
Software: samba 1.0 OS: testCVE-ID: test CVE-Crit: medium CVE-DESC: test CVE-STATUS: test CVE-REV: test...
Advisory ROSA-SA-2021-1970
Software: slapi-nis 0.56.5 OS: Cobalt 7.9 CVE-ID: CVE-2021-3480 CVE-Crit: HIGH CVE-DESC: A bug was discovered in slapi-nis in versions before 0.56.7. Dereferencing a null pointer during Binding DN parsing could allow an unauthenticated attacker to take down a 389-ds-base directory server. The...
Advisory ROSA-SA-2021-1892
Software: libspiro 20071029 OS: Cobalt 7.9 CVE-ID: CVE-2019-19847. CVE-Crit: HIGH CVE-DESC: Libspiro before 20190731 has a stack-based buffer overflow in the spirotobpath0 function in spiro.c. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1830
Software: evolution 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-11879 CVE-Crit: MEDIUM CVE-DESC: A problem was found in GNOME Evolution before 3.35.91. Using the proprietary not RFC6068 parameter mailto? Attach = ..., a website or other mailto link source could cause Evolution to attach local files or...
Advisory ROSA-SA-2021-1820
Software: cyrus-sasl 2.1.26 OS: Cobalt 7.9 CVE-ID: CVE-2020-8032 CVE-Crit: HIGH CVE-DESC: An insecure temporary file vulnerability in the cyrus-sasl openSUSE Factory package allows local attackers to escalate to the root level. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 an...
Advisory ROSA-SA-2026-3277
software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-8 affected versions binutils-2.38-8 CVE-ID: CVE-2025-69652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readelf utility of the GNU Binutils package is related to incorrect processing of specially...
Advisory ROSA-SA-2026-3276
software: ocaml 4.12.0 WASP: ROSA-CHROME unaffected versions = ocaml-4.12.0-3 affected versions ocaml-4.12.0-3 CVE-ID: CVE-2026-28364 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An out-of-buffer read vulnerability in the Marshal deserialization function runtime/intern.c in OCaml allows a remote attack...
Advisory ROSA-SA-2026-3241
software: openssl 1.1.1w OS: ROSA-CHROME unaffected versions = openssl-1.1.1.1w-5 affected versions openssl-1.1.1.1w-5 CVE-ID: CVE-2025-68160 BDU-ID: 2026-01216 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BIOflinebuffer function of the OpenSSL library is related to an operation exceeding...
Advisory ROSA-SA-2026-3141
Software: bind 9.11.36 OS: ROSA Virtualization 3.1 unaffected versions = bind-9.11.36-16.rv31.6 affected versions bind-9.11.36-16.rv31.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...
Advisory ROSA-SA-2025-3072
Software: libwebp 1.0.0 OS: ROSA Virtualization 3.0 unaffected versions = libwebp-1.0.0.0-10.0.1.rv30 affected versions libwebp-1.0.0.0-10.0.1.rv30 CVE-ID: CVE-2020-36332 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is associated...
Advisory ROSA-SA-2025-2896
Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-21.0.1.res7 CVE-ID: CVE-2025-4638 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: A vulnerability in the zlib library embedded in PointCloudLibrary PCL allows attackers to cause undefined behavior via incorrect pointer arithmetic...
Advisory ROSA-SA-2025-2845
Software: harfbuzz 1.7.5 OS: ROSA Virtualization 2.1 packageevrstring: harfbuzz-1.7.5-4.rv3 CVE-ID: CVE-2023-25193 BDU-ID: 2023-06149 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is associated with unrestricted resourc...
Advisory ROSA-SA-2025-2808
Software: libreswan 4.12 OS: ROSA Virtualization 3.0 packageevrstring: libreswan-4.12-2.rv30.4 CVE-ID: CVE-2024-2357 BDU-ID: 2024-03242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the VPN protocol library using "IPsec" libreswan is related to the use of the PreSharedKey secret to create an AUTH...
Advisory ROSA-SA-2025-2789
Software: java-11-openjdk 11.0.25.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.25.0.9-1.0.1.res7 CVE-ID: CVE-2024-21208 BDU-ID: 2024-11501 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Diagnostics components of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM f...
Advisory ROSA-SA-2025-2784
Software: libXpm 3.5.12 OS: ROSA Virtualization 3.0 packageevrstring: libXpm-3.5.12-11.rv30 CVE-ID: CVE-2023-43788 BDU-ID: 2023-06887 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XpmCreateXpmImageFromBuffer function of the X Pixmap Image File XPM libXpm library is related to reading data...
Advisory ROSA-SA-2025-2782
Software: c-ares 1.13.0 OS: ROSA Virtualization 3.0 packageevrstring: c-ares-1.13.0-11.rv30 CVE-ID: CVE-2024-25629 BDU-ID: 2024-01708 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the aresreadline function of the C-ares asynchronous DNS query library is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2772
Software: python-urllib3 1.25.10 OS: ROSA Virtualization 3.0 packageevrstring: python-urllib3-1.25.10-5.rv30 CVE-ID: CVE-2021-33503 BDU-ID: 2022-00586 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP client for Python urllib3 is related to uncontrolled resource consumption. Exploitation of t...
Advisory ROSA-SA-2025-2720
Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 packageevrstring: vim-8.0.1763 CVE-ID: CVE-2019-12735 BDU-ID: 2019-03251 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getchar.c library of the Vim text editor is related to the lack of filtering of the "!source" command, which allows arbitrar...
Advisory ROSA-SA-2025-2683
Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-148.0.3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2676
software: python3 3.8.13 WASP: ROSA-CHROME packageevrstring: python3-3.8.13-6 CVE-ID: CVE-2020-10735 BDU-ID: 2022-05599 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Python programming language interpreter is related to errors in the conversion of int and str data types. Exploitation of the...
Advisory ROSA-SA-2025-2640
software: newmoon 33.3.0 WASP: ROSA-CHROME packageevrstring: newmoon-33.3.0 CVE-ID: CVE-2024-9396 BDU-ID: 2024-09265 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to an operation exceeding buffer boundaries in memor...
Advisory ROSA-SA-2025-2635
software: ncurses 6.2 WASP: ROSA-CHROME packageevrstring: ncurses-6.2 CVE-ID: CVE-2023-29491 BDU-ID: 2023-05772 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the ncurses terminal I/O control library is related to the ability to write beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2615
Software: wireshark 4.0.12 OS: ROSA-CHROME packageevrstring: wireshark-4.0.12-1 CVE-ID: CVE-2023-6174 BDU-ID: 2023-08355 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH dissector of the Wireshark computer network traffic analyzer is related to insufficient cleaning of special elements in the...
Advisory ROSA-SA-2025-2593
software: qpdf 11.9.1 OS: ROSA-CHROME packageevrstring: qpdf-11.9.1-1 CVE-ID: CVE-2024-24246 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow vulnerability in qpdf allows attackers to cause application crashes via the std::sharedcount function in sharedptrbase.h. CVE-STATUS: The...
Advisory ROSA-SA-2025-2589
software: postgresql 12.20 WASP: ROSA-CHROME packageevrstring: postgresql-12.20-1 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to...
Advisory ROSA-SA-2025-2577
Software: wpasupplicant 2.11 WASP: ROSA-CHROME packageevrstring: wpasupplicant-2.11-3 CVE-ID: CVE-2023-52160 BDU-ID: 2024-01426 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Protected Extensible Authentication Protocol PEAP implementation of the Wi-Fi WPA Supplicant secure access client is...
Advisory ROSA-SA-2024-2520
Software: device-mapper-multipath 0.8.4 OS: ROSA Virtualization 2.1 packageevrstring: device-mapper-multipath-0.8.4-22 CVE-ID: CVE-2022-41974 BDU-ID: 2022-06669 CVE-Crit: HIGH CVE-DESC.: A vulnerability in multipath-tools multipath-tools driver management software is related to privilege manageme...
Advisory ROSA-SA-2024-2511
Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: LOW CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...
Advisory ROSA-SA-2024-2508
Software: flatpak 1.0.9 OS: rosa-server79 packageevrstring: flatpak-1.0.9-13.0.1.res7 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output elements use...
Advisory ROSA-SA-2023-2289
software: firejail 0.9.60 WASP: ROSA-CHROME packageevrstring: firejail-0.9.60-1.src.rpm CVE-ID: CVE-2021-26910 BDU-ID: 2021-03745 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OverlayFS SUID component of the Firejail sandbox is related to insufficient state checking of a shared resource...
Advisory ROSA-SA-2026-3292
CVE-ID: CVE-2026-46300 BDU-ID: None CVE-Crit: Not available CVE-DESCRIPTION: A vulnerability in the XFRM ESP-in-TCP subsystem of Linux kernels. A logical error occurs when transitioning a TCP socket to the espintcp mode after writing file data to the receive queue. The kernel processes file pages...
Advisory ROSA-SA-2026-3250
software: zlib 1.2.13 OS: ROSA-CHROME unaffected versions = zlib-1.2.13-2 affected versions zlib-1.2.13-2 CVE-ID: CVE-2026-27171 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In zlib before 1.3.2, excessive CPU consumption DoS via crc32combine64 and crc32combinegen64 functions is possible: the x2nmodp...
Advisory ROSA-SA-2025-3039
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 unaffected versions = cups-2.2.6-63.0.1.rv3 affected versions cups-2.2.6-63.0.1.rv3 CVE-ID: CVE-2025-58060 BDU-ID: 2025-11019 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CUPS Common UNIX Printing System is related to flaws in the authenticatio...
Advisory ROSA-SA-2025-3009
software: sos 4.10.0 WASP: ROSA-CHROME unaffected versions = sos-4.10.0-1 affected versions sos-4.10.0-1 CVE-ID: CVE-2022-2806 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: ovirt-log-collector/sosreport collects RHV admin password in plaintext. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2850
Software: libX11 1.6.8 OS: ROSA Virtualization 2.1 packageevrstring: libX11-1.6.8-9.0.1.rv3 CVE-ID: CVE-2020-14344 BDU-ID: 2020-03916 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the X Window System libX11 client API provisioning library is caused by an integer overflow. Exploitation of the...
Advisory ROSA-SA-2025-2841
Software: emacs 26.1 OS: ROSA Virtualization 2.1 packageevrstring: emacs-26.1-13.rv3 CVE-ID: CVE-2022-45939 BDU-ID: 2024-05926 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lib-src/etags.c file of the ctags component of the EMACS text editor is related to improper neutralization of special...
Advisory ROSA-SA-2025-2824
Software: python3x-dns 1.15.0 OS: ROSA Virtualization 3.0 packageevrstring: python3x-dns-1.15.0-12.rv30 CVE-ID: CVE-2023-29483 BDU-ID: 2025-03301 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Python toolkit dnspython is related to insufficient validation of user input. Exploitation of the...
Advisory ROSA-SA-2025-2812
Software: mariadb 10.5.27 OS: ROSA Virtualization 3.0 packageevrstring: mariadb-10.5.27-1.rv30 CVE-ID: CVE-2023-22084 BDU-ID: 2023-06913 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to insufficient input validation...
Advisory ROSA-SA-2025-2798
Software: flatpak 1.10.8 OS: ROSA Virtualization 3.0 packageevrstring: flatpak-1.10.8-2.rv30 CVE-ID: CVE-2023-28100 BDU-ID: 2024-04881 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ioctl component of the Flatpak application and environment management tool is related to copying text from the...
Advisory ROSA-SA-2025-2786
software: kernel-6.1 6.1.128 OS: ROSA-CHROME packageevrstring: kernel-6.1-generic-6.1.128-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating system kernel is related to memory usage after it has been...
Advisory ROSA-SA-2025-2778
Software: xmlrpc 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-3.1.3-1.0.1.1.rv3 CVE-ID: CVE-2019-17570 BDU-ID: 2020-01960 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library is related to ...
Advisory ROSA-SA-2025-2768
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 3.0 packageevrstring: python-jinja2-2.10.1-6.rv30 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...
Advisory ROSA-SA-2025-2765
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-6.rv3 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...
Advisory ROSA-SA-2025-2751
Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-18.rv3.2 CVE-ID: CVE-2023-39615 BDU-ID: 2023-05968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlsax2startelement function of the libxml2 library is caused by a buffer overflow. Exploitation of the...
Advisory ROSA-SA-2025-2704
Software: libarchive 3.3.2003 OS: ROSA Virtualization 3.0 packageevrstring: libarchive-3.3.2003 CVE-ID: CVE-2022-36227 BDU-ID: 2022-07496 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the calloc function of the libarchive archiving library is related to pointer dereferencing errors...