1374 matches found
Advisory ROSA-SA-2024-2349
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.res7.11 CVE-ID: CVE-2022-28734 BDU-ID: 2024-01201 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Grub loader is related to out-of-bounds writes when processing delimited HTTP headers. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2348
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.0.1.res7.11 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...
Advisory ROSA-SA-2024-2436
software: cfengine 3.21.3 OS: ROSA-CHROME packageevrstring: cfengine-3.21.3-1 CVE-ID: CVE-2021-36756 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is no SSL certificate validation in CFEngine Enterprise. CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update cfengine CVE-ID:...
Advisory ROSA-SA-2024-2338
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3.src.rpm CVE-ID: CVE-2022-0561 BDU-ID: 2022-05790 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TIFFFetchStripThing function of the tifdirread.c component of the LibTIFF library is related to pointer...
Advisory ROSA-SA-2023-2279
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.15.x8664.rpm CVE-ID: CVE-2023-2828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Each named instance configured to act as a recursive resolver maintains a cache database containing responses to queries it has recently sent ...
Advisory ROSA-SA-2021-1975
Software: sqlite 3.7.17 OS: Cobalt 7.9 CVE-ID: CVE-2015-3717 CVE-Crit: HIGH CVE-DESC: Multiple buffer overflows in SQLite's printf function, used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service application crash via...
Advisory ROSA-SA-2023-2272
software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...
Advisory ROSA-SA-2023-2230
Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2229
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.res7 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool is related to...
Advisory ROSA-SA-2022-2012
Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...
Advisory ROSA-SA-2021-1955
Software: postgresql 9.2.24 OS: Cobalt 7.9 CVE-ID: CVE-2016-7048 CVE-Crit: HIGH CVE-DESC: The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 may allow remote attackers to execute arbitrary code using HTTP to download software. CVE-STATUS: Default...
Advisory ROSA-SA-2025-2859
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracl...
Advisory ROSA-SA-2024-2439
Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert function...
Advisory ROSA-SA-2023-2310
software: hivex 1.3.23 OS: ROSA-CHROME packageevrstring: hivex-1.3.23-4.src.rpm CVE-ID: CVE-2021-3622 BDU-ID: 2021-04419 CVE-Crit: LOW CVE-DESC.: A vulnerability in the getchildren function of the getchildren library for retrieving the contents of Windows hivex registry branches is related to the...
Advisory ROSA-SA-2023-2296
software: redis 7.0.12 OS: ROSA-CHROME packageevrstring: redis-7.0.12-1.src.rpm CVE-ID: CVE-2022-24834 BDU-ID: 2023-07213 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory...
Advisory ROSA-SA-2025-2804
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...
Advisory ROSA-SA-2023-2171
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 packageevrstring: sqlite-3.26.0-17.rv3 CVE-ID: CVE-2020-35525 BDU-ID: None CVE-Crit: HIGH CVE-DESC: In SQlite 3.31.1, a potential null pointer dereference was detected while processing an INTERSEC request. CVE-STATUS: Fixed CVE-REV: Execute the...
Advisory ROSA-SA-2023-2156
Software: zlib 1.2.11 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.11 CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2364
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-9.20180224.rv3 CVE-ID: CVE-2019-17594 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a heap-based buffer enumeration in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses. CVE-STATUS:...
Advisory ROSA-SA-2024-2339
Software: libtirpc 1.1.4 OS: ROSA Virtualization 2.1 packageevrstring: libtirpc-1.1.4-8.rv3.src.rpm CVE-ID: CVE-2021-46828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In libtirpc, remote attackers could exhaust the file descriptors of a process using libtirpc because idle TCP connections are not handl...
Advisory ROSA-SA-2024-2331
Software: glibc 2.17 OS: rosa-server79 packageevrstring: glibc-2.17-326.res7.7 CVE-ID: CVE-2023-4911 BDU-ID: 2023-06269 CVE-Crit: N/A CVE-DESC.: A vulnerability in the dynamic loader ld.so of the glibc library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability...
Advisory ROSA-SA-2021-1844
Software: glibc 2.17 OS: Cobalt 7.9 CVE-ID: CVE-2014-4043 CVE-Crit: MEDIUM CVE-DESC: The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument according to the POSIX specification, allowing context-dependent attackers to launch exploitation vulnerabilities aft...
Advisory ROSA-SA-2025-2860
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracle...
Advisory ROSA-SA-2023-2133
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-2161 BDU-ID: 2021-02490 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition softwa...
Advisory ROSA-SA-2021-1811
Software: c-ares 1.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-5180 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-range entry or possibly execute arbitrary code via a hostnam...
Advisory ROSA-SA-2024-2320
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-6.src.rpm CVE-ID: CVE-2023-4504 BDU-ID: 2023-06408 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the scanps function of the CUPS print server libppd library is related to an operation exceeding buffer boundaries in memory wh...
Advisory ROSA-SA-2023-2292
Software: git 2.39.3 OS: ROSA Virtualization 2.1 packageevrstring: git-2.39.3-1.rv3 CVE-ID: CVE-2022-39253 BDU-ID: 2023-06647 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Git for Windows distributed version control system is related to a lack of service data protection. Exploitation of the...
Advisory ROSA-SA-2023-2252
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-3284 BDU-ID: 2019-00759 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to resource release errors. Exploitation of...
Advisory ROSA-SA-2023-2207
software: kernel-5.10 5.10.184 WASP: ROSA-CHROME packageevrstring: kernel-5.10-generic-5.10.184-1.src.rpm CVE-ID: CVE-2023-34255 BDU-ID: 2023-02994 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xfsbtreelookupgetblock function of the Linux operating systems kernel is related to memory usage aft...
Advisory ROSA-SA-2023-2174
software: redis 7.0.11 OS: ROSA-CHROME packageevrstring: redis-7.0.11-1.src.rpm CVE-ID: CVE-2022-35977 BDU-ID: 2023-00695 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to integer overflow during object processing. Exploitation of the...
Advisory ROSA-SA-2021-1939
Software: openssl 1.0.2k OS: Cobalt 7.9 CVE-ID: CVE-2011-4108 CVE-Crit: CRITICAL CVE-DESC: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs MAC checks only if a certain fill-in is allowed, making it easy for remote attackers to recover plaintext using a fill-in orac...
Advisory ROSA-SA-2021-1832
Software: exempi 2.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-18235 CVE-Crit: MEDIUM CVE-DESC: An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles / source / FormatSupport / WEBPSupport.cpp does not guarantee non-zero width and height values, allowing remote attackers to cause...
Advisory ROSA-SA-2025-2895
Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2025-2852
Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: modhttp2-1.15.7-10.rv3.3 CVE-ID: CVE-2023-25690 BDU-ID: 2023-01738 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to flaws in the handling of the...
Advisory ROSA-SA-2024-2440
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1 CVE-ID: CVE-2019-16905 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: OpenSSH, when compiled with an experimental key type, has an integer overflow before authentication if the client or server is configured to use a...
Advisory ROSA-SA-2024-2411
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-22.rv3.src.rpm CVE-ID: CVE-2021-22897 BDU-ID: 2022-00375 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Transport Layer Security TLS protocol implementation of the libcurl library is due to security flaws in the...
Advisory ROSA-SA-2022-2013
Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...
Advisory ROSA-SA-2021-1968
Software: screen 4.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-5618 CVE-Crit: HIGH CVE-DESC: GNU screen before 4.5.1 allows local users to modify arbitrary files and therefore gain superuser privileges by improperly checking log file permissions. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-9366...
Advisory ROSA-SA-2024-2326
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: httpd-2.4.6-98.0.1.res7.7 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of the...
Advisory ROSA-SA-2023-2198
Software: sysstat 12.7.2 OS: ROSA-CHROME packageevrstring: sysstat-12.7.2-1.src.rpm CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: On 32-bit systems in versions 9.1.16 and newer but before 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures...
Advisory ROSA-SA-2021-1917
Software: memcached 1.4.15 OS: Cobalt 7.9 CVE-ID: CVE-2017-9951 CVE-Crit: HIGH CVE-DESC: The tryreadcommand function in memcached.c in memcached prior to version 1.4.39 allows remote attackers to cause a denial of service segmentation error with an add / set key request, which allows to compare...
Advisory ROSA-SA-2021-1802
Software: bash 4.2.46 OS: Cobalt 7.9 CVE-ID: CVE-2012-6711 CVE-Crit: HIGH CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LCCTYPE environment variable are printed using the built-in echo function...
Advisory ROSA-SA-2024-2418
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-4 CVE-ID: CVE-2023-28709 BDU-ID: 2023-05380 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability is associated with a single offset error. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2023-2317
Software: libinput 1.16.3 OS: ROSA Virtualization 2.1 packageevrstring: libinput-1.16.3-3.rv3.src.rpm CVE-ID: CVE-2022-1215 BDU-ID: 2022-02695 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the evdevlogmsg function of the libinput library's libinput implementation of the X.Org and Wayland display...
Advisory ROSA-SA-2024-2501
Software: postgresql 12.20 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.20-1.rv3 CVE-ID: CVE-2021-32027 BDU-ID: 2021-02776 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to an operation exceeding buffer boundaries during array...
Advisory ROSA-SA-2024-2402
Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...
Advisory ROSA-SA-2024-2377
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-7.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2365
Software: net-snmp 5.8 OS: ROSA Virtualization 2.1 packageevrstring: net-snmp-5.8-27.rv3 CVE-ID: CVE-2022-44792 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception error, which could be used by a remote attacker...
Advisory ROSA-SA-2023-2138
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...
Advisory ROSA-SA-2021-1829
Software: erlang R16B OS: Cobalt 7.9 CVE-ID: CVE-2011-0766 CVE-Crit: MEDIUM CVE-DESC: The random number generator in the Crypto application before 2.0.2.2.2 and SSH before 2.0.5, which was used in the Erlang / OTP ssh library before R14B03, uses predictable starting numbers based on the current...