1374 matches found
Advisory ROSA-SA-2026-3134
Software: flac 1.3.2 OS: ROSA Virtualization 2.1 unaffected versions = flac-1.3.2-9.rv3.1 affected versions flac-1.3.2-9.rv3.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...
Advisory ROSA-SA-2025-3108
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-c-1.51.0-10.rv3 CVE-ID: CVE-2021-46143 BDU-ID: 2022-01052 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the doProlog function of the xmlparse.c file of the Expat library is related to integer overflow. Exploitation of t...
Advisory ROSA-SA-2025-3103
Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3-20.rv3 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2025-3047
Software: libwebp 1.0.0 OS: ROSA Virtualization 3.1 unaffected versions = libwebp-1.0.0.0-10.0.1.rv31 affected versions libwebp-1.0.0.0-10.0.1.rv31 CVE-ID: CVE-2018-25009 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to...
Advisory ROSA-SA-2025-3036
Software: postgresql13 13.21 OS: rosa-server79 unaffected versions = postgresql13-13.21-1PGDG.res7 affected versions postgresql13-13.21-1PGDG.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, arraysubscripthandler functions o...
Advisory ROSA-SA-2025-2866
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.2.P2.res7.16 CVE-ID: CVE-2024-11187 BDU-ID: 2025-01459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to asymmetric resource consumption. Exploitation of the vulnerability allows an attacker...
Advisory ROSA-SA-2025-2837
Software: bubblewrap 0.4.0 OS: ROSA Virtualization 2.1 packageevrstring: bubblewrap-0.4.0-2.rv3 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...
Advisory ROSA-SA-2025-2818
Software: rsync 3.1.3 OS: ROSA Virtualization 3.0 packageevrstring: rsync-3.1.3-21.rv30 CVE-ID: CVE-2024-12087 BDU-ID: 2025-00377 CVE-Crit: HIGH CVE-DESC.: A configuration vulnerability in the --inc-recursive configuration of the rsyncd daemon of the Rsync file transfer and synchronization utilit...
Advisory ROSA-SA-2025-2796
Software: emacs 26.1 OS: ROSA Virtualization 3.0 packageevrstring: emacs-26.1-13.rv30 CVE-ID: CVE-2024-30203 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In Emacs, a vulnerability in Gnus allows embedded MIME content to be treated as trusted. CVE-STATUS: The vulnerability has been resolved CVE-REV: T...
Advisory ROSA-SA-2025-2663
Software: sysstat 12.7.2 OS: ROSA-CHROME packageevrstring: sysstat-12.7.2 CVE-ID: CVE-2023-33204 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in sysstat allows an attacker to perform multiplication with integer overflow due to an incomplete fix for vulnerability CVE-2022-39377...
Advisory ROSA-SA-2025-2634
Software: OpenImageIO 2.2.20.0 OS: ROSA-CHROME packageevrstring: OpenImageIO-2.2.20.0-6 CVE-ID: CVE-2023-36183 BDU-ID: 2023-07656 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the readimg function of the OpenImageIO image processing library involves buffer copying without input validation...
Advisory ROSA-SA-2025-2575
software: x11-server 1.20.14 OS: ROSA-CHROME packageevrstring: x11-server-1.20.14-11 CVE-ID: CVE-2024-9632 BDU-ID: 2024-09084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in dynamic...
Advisory ROSA-SA-2025-2564
Software: thunderbird 115.9.0 OS: rosa-server79 packageevrstring: thunderbird-115.9.0-1.0.1.res7 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain...
Advisory ROSA-SA-2024-2528
Software: libspf2 1.2.11 OS: rosa-server79 packageevrstring: libspf2-1.2.11-11.20210922git4915c308.res7 CVE-ID: CVE-2021-20314 BDU-ID: 2021-04420 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SPF protocol library libspf2 is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2021-1815
Software: cryptsetup 2.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-4484 CVE-Crit: MEDIUM CVE-DESC: Debian initrd script for cryptsetup package 2: 1.7.3-2 and earlier allows physically nearby attackers to gain access to the shell through multiple login attempts with an incorrect password. CVE-STATUS:...
Advisory ROSA-SA-2026-3311
Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...
Advisory ROSA-SA-2026-3303
Component: libpano13 2.9.20 OS: ROSA-CHROME Unaffected versions: = libpano13-2.9.20-4 Affected versions: libpano13-2.9.20-4 CVE-ID: CVE-2021-33293 BDU-ID: None CVE-Crit: CRITICAL CVE-DESCRIPTION: A vulnerability exists in Panorama Tools libpano13 v2.9.20, specifically in the panoParserFindOLine...
Advisory ROSA-SA-2026-3301
Component: libconfuse 3.3 Operating System: ROSA-CHROME Unaffected versions: = libconfuse-3.3-3 Affected versions: libconfuse-3.3-3 CVE-ID: CVE-2022-40320 BDU-ID: 2022-05795 CVE-Crit: LOW CVE-DESC.: The vulnerability in the cfgtildeexpand function of the configuration file parser library libConfu...
Advisory ROSA-SA-2026-3284
Software: tigervnc 1.13.1 OS: ROSA-CHROME unaffected versions = tigervnc-1.13.1-2 affected versions tigervnc-1.13.1-2 CVE-ID: CVE-2026-34352 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An invalid permissions vulnerability in the Image.cxx component of x0vncserver in TigerVNC allows other users to view...
Advisory ROSA-SA-2026-3283
Software: libvncserver 0.9.13 OS: ROSA-CHROME unaffected versions = libvncserver-0.9.13-3 affected versions libvncserver-0.9.13-3 CVE-ID: CVE-2026-32853 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read outside the heap buffer vulnerability in the UltraZip encoding handler in LibVNCServer allows a...
Advisory ROSA-SA-2026-3278
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-7 affected versions curl-8.7.1-7 CVE-ID: CVE-2026-3784 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in curl involves incorrectly reusing an existing HTTP proxy connection CONNECT when making requests with different...
Advisory ROSA-SA-2026-3273
software: libtiff 4.1.0 OS: ROSA-CHROME unaffected versions = libtiff-4.1.0-10 affected versions libtiff-4.1.0-10 CVE-ID: CVE-2025-61143 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing vulnerability in libtiff before version 4.7.1 via the tifopen.c component allows to cause ...
Advisory ROSA-SA-2026-3199
Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 unaffected versions = rsync-3.1.3-23.rv3 affected versions rsync-3.1.3-23.rv3 CVE-ID: CVE-2024-12087 BDU-ID: 2025-00377 CVE-Crit: HIGH CVE-DESC.: A configuration vulnerability in the --inc-recursive configuration of the rsyncd daemon of the Rsync...
Advisory ROSA-SA-2026-3202
Software: tcpdump 4.9.3 OS: ROSA Virtualization 2.1 unaffected versions = tcpdump-4.9.3-5.rv3 affected versions tcpdump-4.9.3-5.rv3 CVE-ID: CVE-2021-41043 BDU-ID: 2025-16161 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the extractslice function of the network traffic analysis software tcpdump i...
Advisory ROSA-SA-2026-3135
Software: git 2.43.5 OS: ROSA Virtualization 2.1 unaffected versions = git-2.43.5-3.rv3 affected versions git-2.43.5-3.rv3 CVE-ID: CVE-2023-25652 BDU-ID: 2023-03859 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path na...
Advisory ROSA-SA-2025-2902
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2025-2882
Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-5.rv3 CVE-ID: CVE-2024-12133 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libtasn1 causes the system to slow down or crash due to inefficient processing of certain certificate data. As a result, an...
Advisory ROSA-SA-2025-2874
Software: java-1.8.0-openjdk 1.8.0.442.b06 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.442.b06-1.0.3.res7 CVE-ID: CVE-2025-21587 BDU-ID: 2025-05070 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and...
Advisory ROSA-SA-2025-2870
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-29.0.1.res7 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org...
Advisory ROSA-SA-2025-2844
Software: gtk3 3.22.30 OS: ROSA Virtualization 2.1 packageevrstring: gtk3-3.22.30-12.rv3 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...
Advisory ROSA-SA-2025-2833
Software: binutils 2.30 OS: ROSA Virtualization 2.1 packageevrstring: binutils-2.30-125.0.1.rv3 CVE-ID: CVE-2018-12699 BDU-ID: 2021-01389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the finishstab function of the stabs.c file of the Binutils program development kit is related to an operation...
Advisory ROSA-SA-2025-2821
Software: perl-HTTP-Tiny 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-HTTP-Tiny-0.074-3.rv30 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authenticati...
Advisory ROSA-SA-2025-2715
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1.1k-12.0.1 CVE-ID: CVE-2022-1292 BDU-ID: 2022-03181 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library's crehash script implementation is related to failure to take measures to neutralize shell...
Advisory ROSA-SA-2025-2712
Software: lz4 1.8.3 OS: ROSA Virtualization 3.0 packageevrstring: lz4-1.8.3-3.0.1 CVE-ID: CVE-2021-3520 BDU-ID: 2021-05259 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the memmove function of the LZ4 lossless data compression algorithm is related to an operation exceeding the allowable data buffe...
Advisory ROSA-SA-2025-2689
Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...
Advisory ROSA-SA-2025-2666
software: postgresql 15.4 WASP: ROSA-CHROME packageevrstring: postgresql-15.4 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...
Advisory ROSA-SA-2025-2561
Software: tuned 2.11.0 OS: rosa-server79 packageevrstring: tuned-2.11.0-12.0.1.res7 CVE-ID: CVE-2024-52337 BDU-ID: 2024-10906 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the instancecreate method of the tuned system device monitoring and adaptive tuning program is related to insufficient input...
Advisory ROSA-SA-2025-2559
Software: krb5 1.15.1 OS: rosa-server79 packageevrstring: krb5-1.15.1-55.0.7.res7 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through capture-replay o...
Advisory ROSA-SA-2024-2535
software: cacti 1.2.25 AXIS: ROSA-CHROME packageevrstring: cacti-1.2.25-2 CVE-ID: CVE-2023-46490 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A SQL injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in managers.php. CVE-STATU...
Advisory ROSA-SA-2024-2512
Software: python3-setuptools 39.2.0 OS: rosa-server79 packageevrstring: python3-setuptools-39.2.0-10.0.3.res7 CVE-ID: CVE-2024-37891 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...
Advisory ROSA-SA-2024-2493
Software: libndp 1.2 OS: rosa-server79 packageevrstring: libndp-1.2-10.res7 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a...
Advisory ROSA-SA-2021-2004
Software: zlib 1.2.7 OS: Cobalt 7.9 CVE-ID: CVE-2013-0296 CVE-Crit: HIGH CVE-DESC: race condition in pigz before 2.2.5 uses permissions derived from umask when compressing a file before setting that file's permissions to match those of the source file, which may allow local users to bypass implie...
Advisory ROSA-SA-2021-1871
Software: libgsf 1.14.26 OS: Cobalt 7.9 CVE-ID: CVE-2016-9888 CVE-Crit: MEDIUM CVE-DESC: A bug in the tardirectoryforfile function gsf-infile-tar.c in the GNOME structured file library before 1.14.41 can be used to trigger null pointer dereferencing and then crash through a created TAR file...
Advisory ROSA-SA-2021-1825
Software: dracut 033 OS: Cobalt 7.9 CVE-ID: CVE-2016-8637 CVE-Crit: HIGH CVE-DESC: A local information disclosure issue was discovered in dracut before 045 when generating initramfs images with read-only permissions for everyone when using 'Early cpio', such as when enabling microcode updates. A...
Advisory ROSA-SA-2026-3299
Package: iputils 20221126 OS: ROSA-CHROME Unaffected versions: = iputils-20221126-2 Affected versions: iputils-20221126-2 CVE-ID: CVE-2025-47268 BDU-ID: 2025-11086 CVE-Crit: Medium CVE-DESC.: The vulnerability in the ICMP Echo Reply ping utility tool is related to a numerical overflow. Exploiting...
Advisory ROSA-SA-2026-3296
CVE-ID: CVE-2020-10809 BDU-ID: 2024-07119 CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in the Decompress function in the decompress.c file. This vulnerability is related to writing beyond the memory bounds. Exploitation of this vulnerability could allow an attacker to cause a service failure...
Advisory ROSA-SA-2026-3285
software: vim 9.2.0321 WASP: ROSA-CHROME unaffected versions = vim-9.2.0321-1 affected versions vim-9.2.0321-1 CVE-ID: CVE-2026-33412 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A command injection vulnerability in the Vim text editor allows an attacker to execute arbitrary shell commands via a...
Advisory ROSA-SA-2026-3272
software: harfbuzz 7.0.1 OS: ROSA-CHROME unaffected versions = harfbuzz-7.0.1-3 affected versions harfbuzz-7.0.1-3 CVE-ID: CVE-2026-22693 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing vulnerability in HarfBuzz is related to a lack of validation of the hbmalloc return value...
Advisory ROSA-SA-2026-3271
Software: open-vm-tools 12.5.2 OS: ROSA-CHROME unaffected versions = open-vm-tools-12.5.2-1 affected versions open-vm-tools-12.5.2-1 CVE-ID: CVE-2025-22247 BDU-ID: 2025-05681 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to incorrectly identifying a...
Advisory ROSA-SA-2026-3265
software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-9 affected versions kernel-6.12-6.12.74-9 CVE-ID: CVE-2026-43284 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in the Linux kernel's xfrm subsystem ESP allows data decryption over non-packet skb...