1374 matches found
Advisory ROSA-SA-2025-2765
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-6.rv3 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...
Advisory ROSA-SA-2025-2751
Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-18.rv3.2 CVE-ID: CVE-2023-39615 BDU-ID: 2023-05968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlsax2startelement function of the libxml2 library is caused by a buffer overflow. Exploitation of the...
Advisory ROSA-SA-2025-2704
Software: libarchive 3.3.2003 OS: ROSA Virtualization 3.0 packageevrstring: libarchive-3.3.2003 CVE-ID: CVE-2022-36227 BDU-ID: 2022-07496 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the calloc function of the libarchive archiving library is related to pointer dereferencing errors...
Advisory ROSA-SA-2025-2710
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1 CVE-ID: CVE-2021-3518 BDU-ID: 2021-05283 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xinclude.c component of the Libxml2 library is related to memory usage after it has been freed. Exploitation of th...
Advisory ROSA-SA-2025-2643
software: dcmtk 3.6.6 OS: ROSA-CHROME packageevrstring: dcmtk-3.6.6 CVE-ID: CVE-2022-2119 BDU-ID: 2023-03840 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the DICOM DCMTK format library is related to flaws in the directory path name restriction. Exploitation of the vulnerability allows an...
Advisory ROSA-SA-2025-2594
software: freerdp 2.11.7 OS: ROSA-CHROME packageevrstring: freerdp-2.11.7-1 CVE-ID: CVE-2024-22211 BDU-ID: 2024-00706 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the freerdpbitmapplanarcontextreset function of the FreeRDP RDP client is related to an integer overflow when processing the...
Advisory ROSA-SA-2025-2580
software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-2 CVE-ID: CVE-2023-40660 BDU-ID: 2024-02589 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSC smart card software toolkit and libraries is related to the fact that token/card authentication by one process can perform...
Advisory ROSA-SA-2025-2572
software: squid 5.10 OS: ROSA-CHROME packageevrstring: squid-5.10-1 CVE-ID: CVE-2024-45802 BDU-ID: 2024-08860 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to input processing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cau...
Advisory ROSA-SA-2025-2570
software: php 7.4.33 WASP: ROSA-CHROME packageevrstring: php-7.4.33-11 CVE-ID: CVE-2022-4900 BDU-ID: 2023-02666 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the phpcliserverstartupworkers sapi/cli/phpcliserver.c function of the PHP programming language interpreter is related to an operation...
Advisory ROSA-SA-2025-2560
Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.5.res7.10 CVE-ID: CVE-2024-45802 BDU-ID: 2024-08860 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to input processing errors. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2025-2549
Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.3.res7 CVE-ID: CVE-2018-19478 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Artifex Ghostscript allows an attacker to run a lengthy calculation when processing a PDF file. CVE-STATUS: The vulnerabili...
Advisory ROSA-SA-2024-2537
Software: openjpeg2 2.4.0 OS: ROSA-CHROME packageevrstring: openjpeg2-2.4.0-3 CVE-ID: CVE-2022-1122 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The opj2decompress program in openjpeg2 has discovered a flaw in the way it handles an input directory with a large number of files. When the program fails ...
Advisory ROSA-SA-2024-2518
software: memcached 1.6.22 OS: ROSA-CHROME packageevrstring: memcached-1.6.22-1 CVE-ID: CVE-2023-46852 BDU-ID: 2023-08094 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the proxyruncoroutine function protoproxy.c of the memcached data caching software tool is related to an operation exceeding buffe...
Advisory ROSA-SA-2024-2427
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3op2-10 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the vulnerability...
Advisory ROSA-SA-2021-1878
Software: libmicrohttpd 0.9.33 OS: Cobalt 7.9 CVE-ID: CVE-2021-3466 CVE-Crit: CRITICAL CVE-DESC: A bug was found in libmicrohttpd in versions before 0.9.71. The lack of bounds checking in the postprocessurlencoded function causes a buffer overflow, allowing a remote attacker to write arbitrary da...
Advisory ROSA-SA-2021-1840
Software: gegl 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-10111 CVE-Crit: HIGH CVE-DESC: An issue was discovered in GEGL before version 0.3.32. The renderrectangle function in process / gegl-processor.c has unlimited memory allocation, which causes a denial of service application crash if the allocati...
Advisory ROSA-SA-2026-3313
Component: xz 5.2.9 OS: ROSA-CHROME Unaffected versions: = xz-5.2.9-2 Affected versions: xz-5.2.9-2 CVE-ID: CVE-2026-34743 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The buffer overflow vulnerability in XZ Utils allows an attacker to cause memory corruption by using the lzmaindexdecoder...
Advisory ROSA-SA-2026-3291
software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption...
Advisory ROSA-SA-2026-3284
Software: tigervnc 1.13.1 OS: ROSA-CHROME unaffected versions = tigervnc-1.13.1-2 affected versions tigervnc-1.13.1-2 CVE-ID: CVE-2026-34352 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An invalid permissions vulnerability in the Image.cxx component of x0vncserver in TigerVNC allows other users to view...
Advisory ROSA-SA-2025-2876
Software: expat 2.2.5 OS: ROSA Virtualization 2.1 packageevrstring: expat-2.2.5-17.0.1.rv3 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-based buffer overflow. Exploitation of the vulnerability cou...
Advisory ROSA-SA-2025-2869
Software: libxslt 1.1.28 OS: rosa-server79 packageevrstring: libxslt-1.1.28-6.0.1.1.res7 CVE-ID: CVE-2024-55549 BDU-ID: 2025-03641 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xsltGetInheritedNsList function of the libxslt library is related to memory usage after it has been freed...
Advisory ROSA-SA-2025-2861
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 packageevrstring: kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2019-13631 BDU-ID: 2019-03626 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parsehidreportdescriptor function of the Linux operating system kernel is related to writing outside buffer...
Advisory ROSA-SA-2025-2848
Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 packageevrstring: libsndfile-1.0.28-16.rv3 CVE-ID: CVE-2022-33065 BDU-ID: 2025-03968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aureadheader function of the src/au.c component of the Libsndfile audio file reading and writing library...
Advisory ROSA-SA-2025-2781
Software: cairo 1.15.12 OS: ROSA Virtualization 2.1 packageevrstring: cairo-1.15.12-6.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...
Advisory ROSA-SA-2025-2777
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-c-1.51.0-10.rv3 CVE-ID: CVE-2021-46143 BDU-ID: 2022-01052 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the doProlog function of the xmlparse.c file of the Expat library is related to integer overflow. Exploitation of t...
Advisory ROSA-SA-2025-2724
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 packageevrstring: gnutls-3.6.16-8.0.1.rv30.1 CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the implementation of the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...
Advisory ROSA-SA-2025-2713
Software: openblas 2000.3.15 OS: ROSA Virtualization 3.0 packageevrstring: openblas-2000.3.15 CVE-ID: CVE-2021-4048 BDU-ID: 2021-05061 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Microsoft Visio vector graphics, diagram and flowchart editor is related to memory usage after memory has be...
Advisory ROSA-SA-2025-2703
Software: jbig2dec 0.16 OS: ROSA Virtualization 3.0 packageevrstring: jbig2dec-0.16 CVE-ID: CVE-2020-12268 BDU-ID: 2022-05687 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the jbig2imagecompose function of the jbig2imagecompose component of the jbig2image.c decoder of the JBIG2 Jbig2dec image...
Advisory ROSA-SA-2025-2691
Software: dnsmasq 2.79 OS: ROSA Virtualization 3.0 packageevrstring: dnsmasq-2.79-31 CVE-ID: CVE-2020-25682 BDU-ID: 2021-01118 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the extractname function rfc1035.c of the dnsmasq DNS server is related to a buffer overflow in dynamic memory. Exploitation ...
Advisory ROSA-SA-2025-2648
software: ghostscript 9.54.0 OS: ROSA-CHROME packageevrstring: ghostscript-9.54.0 CVE-ID: CVE-2023-43115 BDU-ID: 2023-06329 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the gdevijs.c component of the Ghostscript document processing software suite is related to incorrect code generation...
Advisory ROSA-SA-2025-2636
software: audiofile 0.3.6 OS: ROSA-CHROME packageevrstring: audiofile-0.3.6 CVE-ID: CVE-2015-7747 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow vulnerability in audiofile allows an attacker to cause a denial of service or execute arbitrary code through a specially crafted audio file...
Advisory ROSA-SA-2025-2616
software: opusfile 0.12 WASP: ROSA-CHROME packageevrstring: opusfile-0.12-3 CVE-ID: CVE-2022-47021 BDU-ID: 2023-00624 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the opgetdata and opopen1 opusfile.c functions in the xiph of the opusfile stream decoder library is related to null pointer...
Advisory ROSA-SA-2024-2546
software: tinyxml 2.6.2 OS: ROSA-CHROME packageevrstring: tinyxml-2.6.2-8 CVE-ID: CVE-2021-42260 BDU-ID: 2022-06895 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TiXmlParsingData::Stamp function of the tinyxmlParser.cpp component of the TinyXML XML parser is related to the execution of a loop...
Advisory ROSA-SA-2024-2541
software: tcl 8.6.13 WASP: ROSA-CHROME packageevrstring: tcl-8.6.13-1 CVE-ID: CVE-2021-35331 BDU-ID: 2022-01774 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nmakehlp.c component of the Tcl programming language is related to insufficient format string handling. Exploitation of the...
Advisory ROSA-SA-2024-2538
software: libgsf 1.14.53 WASP: ROSA-CHROME packageevrstring: libgsf-1.14.53-1 CVE-ID: CVE-2024-42415 BDU-ID: 2024-08625 CVE-Crit: HIGH CVE-DESC.: A vulnerability in The GNOME Project's structured file library libgsf involves a dynamic memory-based integer overflow when processing the sector...
Advisory ROSA-SA-2023-2275
software: irssi 1.4.2 OS: ROSA-CHROME packageevrstring: irssi-1.4.2-2.src.rpm CVE-ID: CVE-2023-29132 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Irssi 1.3.x and 1.4.x before 1.4.4 has post-release usage due to the use of an obsolete special builder reference. This occurs when printing an unformatted...
Advisory ROSA-SA-2023-2236
software: nuitka 1.5 WASP: ROSA-CHROME packageevrstring: nuitka-1.5-3.src.rpm CVE-ID: CVE-2022-2054 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Deploy code to the GitHub nuitka/nuitka repository to version 0.9. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update nuitka...
Advisory ROSA-SA-2023-2107
kernel 123 rosa-server79 test00 software: kernel 123xxxxxxxxxzzzzzzzzzzzz CVE-Crit: packageevrstring: test00 CVE-ID: test CVE-Crit: Not Current...
Advisory ROSA-SA-2021-1883
Software: libplist 1.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-6435 CVE-Crit: MEDIUM CVE-DESC: The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a created plist file. CVE-STATUS: default CVE-REV: default CVE-I...
Advisory ROSA-SA-2026-3310
CVE-ID: CVE-2021-33454 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: Vulnerability related to the pointer manipulation in yasm version 1.3.0, within the function yasmexprgetintnum in libyasm/expr.c. CVE-STATUS: The vulnerability has been fixed. CVE-REVIEW: To address this vulnerability, execute...
Advisory ROSA-SA-2026-3305
CVE-ID: CVE-2016-10506 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: Vulnerabilities involving division by zero in functions opjpinextcprl, opjpinextpcrl, and opjpinextrpcl in the pi.c file of OpenJPEG allow a malicious attacker to cause a service failure abrupt termination of the application...
Advisory ROSA-SA-2026-3298
Software: wget 1.21.3 Operating System: ROSA-CHROME Unaffected versions: = wget-1.21.3-2 Affected versions: wget-1.21.3-2 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the userinfo URI of the GNU Wget download manager is related to insecure...
Advisory ROSA-SA-2026-3295
Component: kernel-ml 5.15.208 OS: rosa-server79 Unaffected versions: = kernel-ml-5.15.208-1.0.1.res7 Affected versions: kernel-ml-5.15.208-1.0.1.res7 CVE-ID: CVE-2026-46300 BDU-ID: None CVE-Crit: Not available CVE-DESCRIPTION: A vulnerability in the XFRM ESP-in-TCP subsystem of Linux kernels. A...
Advisory ROSA-SA-2026-3282
software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-5 affected versions libssh-0.9.8-5 CVE-ID: CVE-2026-0965 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in libssh is related to the ability to open arbitrary files during configuration parsing. A local attacker could...
Advisory ROSA-SA-2026-3274
software: vim 9.2.0173 WASP: ROSA-CHROME unaffected versions = vim-9.2.0173-1 affected versions vim-9.2.0173-1 CVE-ID: CVE-2026-28417 BDU-ID: 2026-02589 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vim text editor is related to failure to take measures to neutralize special elements...
Advisory ROSA-SA-2026-3270
software: nginx 1.30.1 OS: ROSA-CHROME unaffected versions = nginx-1.30.1-1 affected versions nginx-1.30.1-1 CVE-ID: CVE-2026-42926 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX Open Source allows an attacker to inject frame headers and data into the upstream when proxying...
Advisory ROSA-SA-2026-3264
Software: kernel 4.18.0 OS: ROSA Virtualization 3.1 unaffected versions = kernel-4.18.0-553.123.1.el810 affected versions lock, allowing a local attacker to cause a denial of service or execute arbitrary code when frequently switching a thread simultaneously with opening/closing a related...
Advisory ROSA-SA-2026-3223
software: cups-filters 2.0.1 OS: ROSA-CHROME unaffected versions = cups-filters-2.0.1-1 affected versions cups-filters-2.0.1-1 CVE-ID: CVE-2025-64524 BDU-ID: 2026-03142 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CUPS Filters print package is related to an operation exceeding buffer boundarie...
Advisory ROSA-SA-2026-3201
Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 unaffected versions = sysstat-11.7.3-13.rv3 affected versions sysstat-11.7.3-13.rv3 CVE-ID: CVE-2023-33204 BDU-ID: 2025-00980 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the common.c component of the sysstat system performance measurement and...
Advisory ROSA-SA-2026-3183
Software: sysstat 11.7.3 OS: ROSA Virtualization 3.0 unaffected versions = sysstat-11.7.3-13.rv30 affected versions sysstat-11.7.3-13.rv30 CVE-ID: CVE-2019-16167 BDU-ID: 2022-06244 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the remapstruct function of the sacommon.c component of the Sysstat...