1374 matches found
Advisory ROSA-SA-2021-1955
Software: postgresql 9.2.24 OS: Cobalt 7.9 CVE-ID: CVE-2016-7048 CVE-Crit: HIGH CVE-DESC: The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 may allow remote attackers to execute arbitrary code using HTTP to download software. CVE-STATUS: Default...
Advisory ROSA-SA-2021-1835
Software: firefox 78.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-12400 CVE-Crit: MEDIUM CVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox 80 and...
Advisory ROSA-SA-2025-2804
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...
Advisory ROSA-SA-2024-2349
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.res7.11 CVE-ID: CVE-2022-28734 BDU-ID: 2024-01201 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Grub loader is related to out-of-bounds writes when processing delimited HTTP headers. Exploitation of the vulnerability...
Advisory ROSA-SA-2023-2279
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.15.x8664.rpm CVE-ID: CVE-2023-2828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Each named instance configured to act as a recursive resolver maintains a cache database containing responses to queries it has recently sent ...
Advisory ROSA-SA-2021-1983
Software: talk 0.17 OS: Cobalt 7.9 CVE-ID: CVE-2018-3781 CVE-Crit: MEDIUM CVE-DESC: The lack of cleanup of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to persistence of XSS requiring user interaction. The lack of cleanup only affected usernames, so malicious search...
Advisory ROSA-SA-2024-2439
Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert function...
Advisory ROSA-SA-2024-2364
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-9.20180224.rv3 CVE-ID: CVE-2019-17594 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a heap-based buffer enumeration in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses. CVE-STATUS:...
Advisory ROSA-SA-2024-2363
Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...
Advisory ROSA-SA-2024-2331
Software: glibc 2.17 OS: rosa-server79 packageevrstring: glibc-2.17-326.res7.7 CVE-ID: CVE-2023-4911 BDU-ID: 2023-06269 CVE-Crit: N/A CVE-DESC.: A vulnerability in the dynamic loader ld.so of the glibc library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability...
Advisory ROSA-SA-2023-2171
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 packageevrstring: sqlite-3.26.0-17.rv3 CVE-ID: CVE-2020-35525 BDU-ID: None CVE-Crit: HIGH CVE-DESC: In SQlite 3.31.1, a potential null pointer dereference was detected while processing an INTERSEC request. CVE-STATUS: Fixed CVE-REV: Execute the...
Advisory ROSA-SA-2021-1975
Software: sqlite 3.7.17 OS: Cobalt 7.9 CVE-ID: CVE-2015-3717 CVE-Crit: HIGH CVE-DESC: Multiple buffer overflows in SQLite's printf function, used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service application crash via...
Advisory ROSA-SA-2023-2156
Software: zlib 1.2.11 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.11 CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2023-2133
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-2161 BDU-ID: 2021-02490 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition softwa...
Advisory ROSA-SA-2023-2310
software: hivex 1.3.23 OS: ROSA-CHROME packageevrstring: hivex-1.3.23-4.src.rpm CVE-ID: CVE-2021-3622 BDU-ID: 2021-04419 CVE-Crit: LOW CVE-DESC.: A vulnerability in the getchildren function of the getchildren library for retrieving the contents of Windows hivex registry branches is related to the...
Advisory ROSA-SA-2023-2292
Software: git 2.39.3 OS: ROSA Virtualization 2.1 packageevrstring: git-2.39.3-1.rv3 CVE-ID: CVE-2022-39253 BDU-ID: 2023-06647 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Git for Windows distributed version control system is related to a lack of service data protection. Exploitation of the...
Advisory ROSA-SA-2023-2252
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-3284 BDU-ID: 2019-00759 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to resource release errors. Exploitation of...
Advisory ROSA-SA-2023-2174
software: redis 7.0.11 OS: ROSA-CHROME packageevrstring: redis-7.0.11-1.src.rpm CVE-ID: CVE-2022-35977 BDU-ID: 2023-00695 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to integer overflow during object processing. Exploitation of the...
Advisory ROSA-SA-2025-2984
software: qt6-qtimageformats 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtimageformats-6.8.3-2 affected versions qt6-qtimageformats-6.8.3-2 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCor...
Advisory ROSA-SA-2024-2339
Software: libtirpc 1.1.4 OS: ROSA Virtualization 2.1 packageevrstring: libtirpc-1.1.4-8.rv3.src.rpm CVE-ID: CVE-2021-46828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In libtirpc, remote attackers could exhaust the file descriptors of a process using libtirpc because idle TCP connections are not handl...
Advisory ROSA-SA-2022-2013
Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...
Advisory ROSA-SA-2021-1968
Software: screen 4.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-5618 CVE-Crit: HIGH CVE-DESC: GNU screen before 4.5.1 allows local users to modify arbitrary files and therefore gain superuser privileges by improperly checking log file permissions. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-9366...
Advisory ROSA-SA-2021-1939
Software: openssl 1.0.2k OS: Cobalt 7.9 CVE-ID: CVE-2011-4108 CVE-Crit: CRITICAL CVE-DESC: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs MAC checks only if a certain fill-in is allowed, making it easy for remote attackers to recover plaintext using a fill-in orac...
Advisory ROSA-SA-2021-1844
Software: glibc 2.17 OS: Cobalt 7.9 CVE-ID: CVE-2014-4043 CVE-Crit: MEDIUM CVE-DESC: The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument according to the POSIX specification, allowing context-dependent attackers to launch exploitation vulnerabilities aft...
Advisory ROSA-SA-2021-1811
Software: c-ares 1.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-5180 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-range entry or possibly execute arbitrary code via a hostnam...
Advisory ROSA-SA-2023-2198
Software: sysstat 12.7.2 OS: ROSA-CHROME packageevrstring: sysstat-12.7.2-1.src.rpm CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: On 32-bit systems in versions 9.1.16 and newer but before 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures...
Advisory ROSA-SA-2025-2895
Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2025-2859
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracl...
Advisory ROSA-SA-2024-2320
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-6.src.rpm CVE-ID: CVE-2023-4504 BDU-ID: 2023-06408 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the scanps function of the CUPS print server libppd library is related to an operation exceeding buffer boundaries in memory wh...
Advisory ROSA-SA-2025-2860
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracle...
Advisory ROSA-SA-2023-2230
Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2207
software: kernel-5.10 5.10.184 WASP: ROSA-CHROME packageevrstring: kernel-5.10-generic-5.10.184-1.src.rpm CVE-ID: CVE-2023-34255 BDU-ID: 2023-02994 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xfsbtreelookupgetblock function of the Linux operating systems kernel is related to memory usage aft...
Advisory ROSA-SA-2023-2138
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...
Advisory ROSA-SA-2026-3307
Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...
Advisory ROSA-SA-2024-2440
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1 CVE-ID: CVE-2019-16905 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: OpenSSH, when compiled with an experimental key type, has an integer overflow before authentication if the client or server is configured to use a...
Advisory ROSA-SA-2024-2418
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-4 CVE-ID: CVE-2023-28709 BDU-ID: 2023-05380 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability is associated with a single offset error. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2402
Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...
Advisory ROSA-SA-2024-2326
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: httpd-2.4.6-98.0.1.res7.7 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of the...
Advisory ROSA-SA-2023-2237
SOFTWARE: 389-ds-base 1.4.4.4.4. WASP: ROSA-CHROME packageevrstring: 389-ds-base-1.4.4.4-12.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...
Advisory ROSA-SA-2023-2131
Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-19 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2021-1995
Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...
Advisory ROSA-SA-2021-1973
Software: spamassassin 3.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-11780 CVE-Crit: CRITICAL CVE-DESC: A potential remote code execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. CVE-STATUS: Default CVE-REV: default CVE-ID: CVE-2018-11805 CVE-Crit: MEDIUM CVE-DESC: In Apach...
Advisory ROSA-SA-2024-2393
Software: runc 1.0.0 OS: rosa-server79 packageevrstring: runc-1.0.0.0-70.rc10.res7 CVE-ID: CVE-2019-19921 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: runc has improper access control leading to elevated privileges associated with libcontainer/rootfslinux.go. To exploit this, an attacker must be able t...
Advisory ROSA-SA-2024-2385
Software: kernel-ml-6.6 6.6.11 OS: rosa-server79 packageevrstring: kernel-ml-6.6.6.11-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...
Advisory ROSA-SA-2024-2377
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-7.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2340
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.1.res7 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to an argument injection or...
Advisory ROSA-SA-2023-2317
Software: libinput 1.16.3 OS: ROSA Virtualization 2.1 packageevrstring: libinput-1.16.3-3.rv3.src.rpm CVE-ID: CVE-2022-1215 BDU-ID: 2022-02695 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the evdevlogmsg function of the libinput library's libinput implementation of the X.Org and Wayland display...
Advisory ROSA-SA-2023-2121
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26 CVE-ID: CVE-2022-2795 BDU-ID: 2022-06124 CVE-Crit: HIGH CVE-DESC: A vulnerability in the DNS BIND server is related to improper management of internal resources within the application when processing large delegations...
Advisory ROSA-SA-2021-1988
Software: tomcat 7.0.76 OS: Cobalt 7.9 CVE-ID: CVE-2012-5568 CVE-Crit: CRITICAL CVE-DESC: Apache Tomcat via 7.0.x allows remote attackers to cause a denial of service disabling the daemon via partial HTTP requests, as demonstrated by Slowloris. CVE-STATUS: default CVE-REV: default CVE-ID:...
Advisory ROSA-SA-2021-1982
Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...