1374 matches found
Advisory ROSA-SA-2026-3261
Software: kernel 4.18.0 OS: ROSA Virtualization 2.1 unaffected versions = kernel-4.18.0-553.123.1.el810 affected versions lock, allowing a local attacker to cause a denial of service or execute arbitrary code when frequently switching a thread simultaneously with opening/closing a related subt...
Advisory ROSA-SA-2026-3259
software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-2 affected versions kernel-5.10-5.10.244-2 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD...
Advisory ROSA-SA-2026-3231
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-5 affected versions curl-8.7.1-5 CVE-ID: CVE-2025-14524 BDU-ID: 2026-02955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cURL server communication software tool is related to URL redirection to an untrusted site...
Advisory ROSA-SA-2026-3217
software: runc 1.3.4 OS: ROSA-CHROME unaffected versions = runc-1.3.4-1 affected versions runc-1.3.4-1 CVE-ID: CVE-2024-45310 BDU-ID: 2024-06891 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Runc isolated container tool is associated with a race condition that allows link tracking. Exploitation...
Advisory ROSA-SA-2026-3216
software: libpng 1.6.53 WASP: ROSA-CHROME unaffected versions = libpng-1.6.53-1 affected versions libpng-1.6.53-1 CVE-ID: CVE-2025-64505 BDU-ID: 2026-02923 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pngdoquantize function of the pngrtran.c component of the PNG Libpng bitmap graphics libra...
Advisory ROSA-SA-2026-3214
software: nginx 1.26.3 WASP: ROSA-CHROME unaffected versions = nginx-1.26.3-1 affected versions nginx-1.26.3-1 CVE-ID: CVE-2025-23419 BDU-ID: 2025-03281 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TLS 1.3 protocol implementation of the NGINX Plus and NGINX Open Source web servers is relate...
Advisory ROSA-SA-2026-3187
Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 unaffected versions = jackson-databind-2.10.0-1.0.2.rv3 affected versions jackson-databind-2.10.0-1.0.2.rv3 CVE-ID: CVE-2020-25649 BDU-ID: 2022-05602 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DOMDeserializer component of the...
Advisory ROSA-SA-2025-3102
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-5.8.rv3 CVE-ID: CVE-2022-3204 BDU-ID: 2023-03846 CVE-Crit: HIGH CVE-DESC.: Unbound's DNS server vulnerability involves uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acti...
Advisory ROSA-SA-2025-3044
Software: dhcp 4.4.2 OS: ROSA Virtualization 3.1 unaffected versions = dhcp-4.4.2-19.b1.rv31 affected versions dhcp-4.4.2-19.b1.rv31 CVE-ID: CVE-2021-25217 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A software vulnerability providing the DHCP Dynamic Host Configuration Protocol service to the network is...
Advisory ROSA-SA-2025-2970
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-8 affected versions tomcat-9.0.37-8 CVE-ID: CVE-2025-31651 BDU-ID: 2025-05707 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the Apache Tomcat application server is related to a flaw in the output encoding or escaping...
Advisory ROSA-SA-2025-2903
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of whic...
Advisory ROSA-SA-2025-2844
Software: gtk3 3.22.30 OS: ROSA Virtualization 2.1 packageevrstring: gtk3-3.22.30-12.rv3 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...
Advisory ROSA-SA-2025-2807
Software: less 530 OS: ROSA Virtualization 3.0 packageevrstring: less-530-3.rv30 CVE-ID: CVE-2022-48624 BDU-ID: 2024-04438 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the closealtfile filename.c function for UNIX-like Less text terminals is related to the skipping of Shellquote calls for...
Advisory ROSA-SA-2025-2802
Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-156.0.3.rv30 CVE-ID: CVE-2023-4692 BDU-ID: 2023-06822 CVE-Crit: LOW CVE-DESC.: A vulnerability in the fs/ntfs.c component of the Grub2 operating systems boot loader is related to a buffer overflow in dynamic memory...
Advisory ROSA-SA-2025-2806
Software: krb5 1.18.2 OS: ROSA Virtualization 3.0 packageevrstring: krb5-1.18.2-31.0.1.rv30 CVE-ID: CVE-2024-37370 BDU-ID: 2024-07016 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the implementation of the Kerberos network authentication protocol is associated with a change to the public Extra Cou...
Advisory ROSA-SA-2025-2763
Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3-20.rv3 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2025-2762
Software: python-jinja2 2.7.2 OS: rosa-server79 packageevrstring: python-jinja2-2.7.2-4.0.1.res7 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the jinja html templating tool is related to the failure to neutralize special element...
Advisory ROSA-SA-2025-2711
Software: libxslt 1.1.32 OS: ROSA Virtualization 3.0 packageevrstring: libxslt-1.1.32 CVE-ID: CVE-2019-11068 BDU-ID: 2019-04263 CVE-Crit: CRITICAL. CVE-DESC.: An XSLT C vulnerability in the libxslt library is related to access control flaws. Exploitation of the vulnerability could allow an attack...
Advisory ROSA-SA-2025-2670
software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.7 CVE-ID: CVE-2024-21626 BDU-ID: 2024-00973 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Runc isolated container launch tool is related to a flaw in the controlled area delimitations of the system. Exploitation of the vulnerabili...
Advisory ROSA-SA-2025-2651
software: libde265 1.0.14 OS: ROSA-CHROME packageevrstring: libde265-1.0.14 CVE-ID: CVE-2023-4965 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in phpipam allows a remote attacker to perform an open redirect via the Header Handler component. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2025-2608
software: pam 1.5.1 OS: ROSA-CHROME packageevrstring: pam-1.5.1-5 CVE-ID: CVE-2024-22365 BDU-ID: 2024-00829 CVE-Crit: LOW CVE-DESC.: A vulnerability in the protectdir pamnamespace.so function of the Linux-PAM authentication module is related to incorrect resource sweep or release. Exploitation of...
Advisory ROSA-SA-2025-2595
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-5 CVE-ID: CVE-2024-23638 BDU-ID: 2024-00895 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Squid proxy server is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2025-2553
Software: rsync 3.1.2 OS: rosa-server79 packageevrstring: rsync-3.1.2-12.0.1.res7 CVE-ID: CVE-2017-16548 BDU-ID: 2021-01395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the receivexattr function in xattrs.c of the Rsync file transfer and synchronization utility is related to the lack of a check f...
Advisory ROSA-SA-2024-2483
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-33.res7 CVE-ID: CVE-2024-31080 BDU-ID: 2024-03132 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ProcXIGetSelectedEvents function of the X Window System Xorg-server is related to an operation exceeding buffer boundaries...
Advisory ROSA-SA-2021-1868
Software: libesmtp 1.0.6 OS: Cobalt 7.9 CVE-ID: CVE-2019-19977 CVE-Crit: CRITICAL CVE-DESC: libESMTP before 1.0.6 incorrectly handles domain copying to a fixed-size buffer in ntlmbuildtype2 in ntlm / ntlmstruct.c, as demonstrated by a stack-based buffer overflow. CVE-STATUS: default CVE-REV: defa...
Advisory ROSA-SA-2026-3312
Software: ffmpeg 4.4.6 OS: ROSA-CHROME Unaffected versions: = ffmpeg-4.4.6-4 Affected versions: ffmpeg-4.4.6-4 CVE-ID: CVE-2026-40962 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability related to integer overflow in FFmpeg allows an attacker to execute write operations beyond the...
Advisory ROSA-SA-2026-3309
CVE-ID: CVE-2014-9636 BDU-ID: None CVE-Crit: MEDIAN CVE-DESC.: The vulnerability in unzip 6.0 allows a remote attacker to cause a service failure reading or writing beyond the buffer and crashing the process through a specially created ZIP archive with an incorrect Extra-field size. CVE-STATUS: T...
Advisory ROSA-SA-2026-3304
Software: mupdf 1.26.10 Operating System: ROSA-CHROME Unaffected versions: = mupdf-1.26.10-2 Affected versions: mupdf-1.26.10-2 CVE-ID: CVE-2026-25556 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability related to double-freeing memory exists in MuPDF versions from 1.23.0 to 1.27.0. This...
Advisory ROSA-SA-2026-3287
software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-13 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption a...
Advisory ROSA-SA-2026-3268
software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-3 affected versions kernel-5.10-5.10.244-3 CVE-ID: CVE-2026-43284 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Linux kernel xfrm subsystem ESP allows data decryption over non-packet skb...
Advisory ROSA-SA-2026-3249
software: vim 9.1.2148 WASP: ROSA-CHROME unaffected versions = vim-9.1.2148-1 affected versions vim-9.1.2148-1 CVE-ID: CVE-2026-25749 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap overflow in Vim before version 9.1.2132 when processing the 'helpfile' option. In gettagfname src/tag.c, the value of...
Advisory ROSA-SA-2026-3203
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 unaffected versions = unbound-1.16.2-5.9.rv3 affected versions unbound-1.16.2-5.9.rv3 CVE-ID: CVE-2025-5994 BDU-ID: 2025-12600 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Unbound DNS server is related to the loading of external unreliable...
Advisory ROSA-SA-2026-3195
Software: lz4 1.8.3 OS: ROSA Virtualization 2.1 unaffected versions = lz4-1.8.3-5.rv3 affected versions lz4-1.8.3-5.rv3 CVE-ID: CVE-2019-17543 BDU-ID: 2023-07612 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LZ4 lossless data compression algorithm is related to writing beyond buffer boundaries...
Advisory ROSA-SA-2026-3186
Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 unaffected versions = vim-8.0.1763-21.0.1.1.rv30 affected versions vim-8.0.1763-21.0.0.1.rv30 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of t...
Advisory ROSA-SA-2026-3184
Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 unaffected versions = tcpdump-4.9.3-5.rv30 affected versions tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2020-8037 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PPP decoder in tcpdump allows an attacker to cause a large memory allocation...
Advisory ROSA-SA-2026-3172
Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 unaffected versions = libssh-0.9.6-16.rv30 affected versions libssh-0.9.6-16.rv30 CVE-ID: CVE-2025-5372 BDU-ID: 2025-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libssh library's sshkdf function is related to incorrect code generation...
Advisory ROSA-SA-2026-3177
Software: nghttp2 1.57.0 OS: ROSA Virtualization 3.0 unaffected versions = nghttp2-1.57.0-2.0.2.rv30 affected versions nghttp2-1.57.0-2.0.2.rv30 CVE-ID: CVE-2024-28182 BDU-ID: 2024-02691 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the nghttp2 library as part of the HTTP/2 protocol...
Advisory ROSA-SA-2026-3168
Software: libpng 1.6.34 OS: ROSA Virtualization 3.0 unaffected versions = libpng-1.6.34-9.0.1.1.rv30 affected versions libpng-1.6.34-9.0.1.rv30 CVE-ID: CVE-2025-64720 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Read Outside Buffer Vulnerability in LIBPNG: The pngimagereadcomposite function incorrectly...
Advisory ROSA-SA-2026-3164
Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.1 unaffected versions = tcpdump-4.9.3-5.rv31 affected versions tcpdump-4.9.3-5.rv31 CVE-ID: CVE-2020-8037 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PPP decoder in tcpdump allows an attacker to cause a large memory allocation...
Advisory ROSA-SA-2026-3157
Software: nghttp2 1.57.0 OS: ROSA Virtualization 3.1 unaffected versions = nghttp2-1.57.0-2.0.2.rv31 affected versions nghttp2-1.57.0-2.0.2.rv31 CVE-ID: CVE-2024-28182 BDU-ID: 2024-02691 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nghttp2 library as part of the HTTP/2 protocol implementati...
Advisory ROSA-SA-2025-3098
Software: opensc 0.20.0 OS: ROSA Virtualization 2.1 packageevrstring: opensc-0.20.0-8.rv3 CVE-ID: CVE-2023-2977 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in OpenSC causes a buffer overflow in the pkcs15 cardoshaveverifyrcpackage function, allowing an attacker to cause a processing...
Advisory ROSA-SA-2025-3058
Software: libxslt 1.1.32 OS: ROSA Virtualization 3.1 unaffected versions = libxslt-1.1.32-6.3.rv31 affected versions libxslt-1.1.32-6.3.rv31 CVE-ID: CVE-2023-40403 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libxslt library of the iPadOS, tvOS, iOS, watchOS, macOS operating system is...
Advisory ROSA-SA-2025-3000
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-24 affected versions grub2-2.06-24 CVE-ID: CVE-2024-45779 BDU-ID: 2025-03832 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BFS file system of the Grub2 operating system boot loader is related to reads outside the allowed...
Advisory ROSA-SA-2025-2955
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...
Advisory ROSA-SA-2025-2954
Software: kernel 4.18.0 OS: ROSA Virtualization 2.1 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...
Advisory ROSA-SA-2025-2920
software: freerdp 2.11.7 OS: ROSA-CHROME unaffected versions = freerdp-2.11.7-7 affected versions freerdp-2.11.7-7 CVE-ID: CVE-2024-32661 BDU-ID: 2024-03394 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeRDP RDP client is related to null pointer dereferencing. Exploitation of the...
Advisory ROSA-SA-2025-2867
Software: freetype 2.8 OS: rosa-server79 packageevrstring: freetype-2.8-14.0.1.res7.1 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library is related to reading beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2864
software: freetype 2.10.4 OS: ROSA-CHROME packageevrstring: freetype-2.10.4-7 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library involves reading outside buffer boundaries in memory. Exploitation of the vulnerability coul...
Advisory ROSA-SA-2025-2826
Software: python-requests 2.25.8 OS: ROSA Virtualization 3.0 packageevrstring: python-requests-2.25.8-1.rv30 CVE-ID: CVE-2023-32681 BDU-ID: 2023-03874 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the HTTP Requests library of the Python Requests programming language is related to insufficient...
Advisory ROSA-SA-2025-2820
Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 packageevrstring: tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2021-41043 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The Use after free vulnerability in tcpslice causes AddressSanitizer, with no other confirmed impact. CVE-STATUS: The vulnerability has been...