1374 matches found
Advisory ROSA-SA-2025-2820
Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 packageevrstring: tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2021-41043 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The Use after free vulnerability in tcpslice causes AddressSanitizer, with no other confirmed impact. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2815
Software: binutils 2.30 OS: ROSA Virtualization 3.0 packageevrstring: binutils-2.30-125.rv30 CVE-ID: CVE-2018-12699 BDU-ID: 2021-01389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the finishstab function of the stabs.c file of the Binutils program development kit is related to an operation...
Advisory ROSA-SA-2025-2813
Software: net-snmp 5.8 OS: ROSA Virtualization 3.0 packageevrstring: net-snmp-5.8-30.0.1.rv30 CVE-ID: CVE-2022-24805 BDU-ID: 2024-06509 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the NET-SNMP-VACM-MIB function of the Net-SNMP software suite of the Linux operating system is related to buffer...
Advisory ROSA-SA-2025-2803
Software: harfbuzz 1.7.5 OS: ROSA Virtualization 3.0 packageevrstring: harfbuzz-1.7.5-4.rv30 CVE-ID: CVE-2023-25193 BDU-ID: 2023-06149 CVE-Crit: HIGH CVE-DESC.: Vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is related to unrestricted resource...
Advisory ROSA-SA-2025-2776
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...
Advisory ROSA-SA-2025-2779
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-10.20180224.0.1.rv3 CVE-ID: CVE-2021-39537 BDU-ID: 2023-07626 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nccaptoinfo function of the captoinfo.c component of the Ncurses terminal I/O control library involve...
Advisory ROSA-SA-2025-2774
Software: kernel kernel OS: ROSA Virtualization 3.0 packageevrstring: kernel-kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2024-1086 BDU-ID: 2024-01187 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nftverdictinit function in the net/netfilter/nftablesapi.c module of the Linux operating system...
Advisory ROSA-SA-2025-2764
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-7.rv3 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-2744
Software: python-idna 2.5 OS: ROSA Virtualization 3.0 packageevrstring: python-idna-2.5-7.0.2.rv30 CVE-ID: CVE-2024-3651 BDU-ID: 2024-04211 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the idna.encode function of the Internationalized Domain Names in Applications IDNA is associated with...
Advisory ROSA-SA-2025-2729
Software: opensc 0.20.0 OS: ROSA Virtualization 3.0 packageevrstring: opensc-0.20.0-8.rv30 CVE-ID: CVE-2023-2977 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in OpenSC causes a buffer overflow in the pkcs15 cardoshaveverifyrcpackage function, allowing an attacker to cause a processing...
Advisory ROSA-SA-2025-2726
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1.rv30.2 CVE-ID: CVE-2022-49043 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Use-after-free vulnerability in libxml2. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerability, run the comman...
Advisory ROSA-SA-2025-2722
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-34.0.2.rv30.2 CVE-ID: CVE-2023-28322 BDU-ID: 2023-02895 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libcurl library is related to errors in sending POST and PUT HTTP requests using the same descriptor. Exploitati...
Advisory ROSA-SA-2025-2706
Software: libksba 1.3.5 OS: ROSA Virtualization 3.0 packageevrstring: libksba-1.3.5-9 CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X.509 certificate function-providing library LibKSBA is related to an integer overflow in the CRL parser. Exploitation of...
Advisory ROSA-SA-2025-2694
Software: samba 4.17.12 OS: ROSA Virtualization 3.0 packageevrstring: samba-4.17.12 CVE-ID: CVE-2022-38023 BDU-ID: 2022-06830 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Netlogon Remote Protocol MS-NRPC implementation of Windows operating systems is due to errors in security settings...
Advisory ROSA-SA-2025-2664
software: openvswitch 2.17.8 OS: ROSA-CHROME packageevrstring: openvswitch-2.17.8 CVE-ID: CVE-2023-5366 BDU-ID: 2024-03244 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Open vSwitch OvS software tiered switch is related to insufficient data authentication. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2610
software: vim 9.1.0104 WASP: ROSA-CHROME packageevrstring: vim-9.1.0104-1 CVE-ID: CVE-2024-22667 BDU-ID: 2024-02840 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Didsetlangmap function of the vim text editor involves calling sprintf to write to an error buffer that is passed to option callba...
Advisory ROSA-SA-2025-2607
software: gnutls 3.8.4 OS: ROSA-CHROME packageevrstring: gnutls-3.8.4-1 CVE-ID: CVE-2024-0553 BDU-ID: 2024-00707 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GnuTLS transport layer cryptographic library is related to a difference in response time when processing an RSA ciphertext in a...
Advisory ROSA-SA-2025-2554
Software: libcaca 0.99 OS: rosa-server79 packageevrstring: libcaca-0.99-0.40.beta20.res7 CVE-ID: CVE-2018-20545 BDU-ID: 2019-01073 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the loadimage src/common-image.c function of the libcaca graphics library involves an integer overflow. Exploitation of t...
Advisory ROSA-SA-2024-2547
software: virglrenderer 0.8.1 OS: ROSA-CHROME packageevrstring: virglrenderer-0.8.1-4 CVE-ID: CVE-2020-8002 BDU-ID: 2023-00917 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vrendrenderer.c component of the Virglrenderer virtual OpenGL renderer is related to pointer dereferencing errors...
Advisory ROSA-SA-2024-2532
Software: ansible 2.9.18 OS: rosa-server79 packageevrstring: ansible-2.9.18-1.res7 CVE-ID: CVE-2021-20228 BDU-ID: 2021-03706 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Ansible configuration management system is related to information disclosure. Exploitation of the vulnerability could all...
Advisory ROSA-SA-2026-3302
Project: libid3tag 0.15.1b Operating System: ROSA-CHROME Unaffected versions: = libid3tag-0.15.1b-25 Affected versions: libid3tag-0.15.1b-25 CVE-ID: CVE-2004-2779 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability exists in the id3utf16deserialize function in the utf16.c library of...
Advisory ROSA-SA-2026-3281
software: libde265 1.0.18 OS: ROSA-CHROME unaffected versions = libde265-1.0.18-1 affected versions libde265-1.0.18-1 CVE-ID: CVE-2025-61147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in strukturag libde265 commit d9fea9d is related to a segmentation error in the...
Advisory ROSA-SA-2026-3279
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-16 affected versions tomcat-9.0.37-16 CVE-ID: CVE-2026-24733 BDU-ID: None CVE-Crit: LOW CVE-DESC.: An invalid input validation vulnerability in Apache Tomcat allows a remote attacker to bypass security restrictions by...
Advisory ROSA-SA-2026-3258
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-3 affected versions kernel-6.1-6.1.152-3 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD "in-place"...
Advisory ROSA-SA-2026-3260
software: kernel-5.15 5.15.193 WASP: ROSA-CHROME unaffected versions = kernel-5.15-5.15.193-3 affected versions kernel-5.15-5.15.193-3 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD...
Advisory ROSA-SA-2026-3256
software: libheif 1.12.0 WASP: ROSA-CHROME unaffected versions = libheif-1.12.0-6 affected versions libheif-1.12.0-6 CVE-ID: CVE-2025-68431 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In libheif HEIF/AVIF decoder/encoder before 1.21.0, when processing a specially formed HEIF with an overlay element ...
Advisory ROSA-SA-2026-3247
software: libreoffice 24.8.7.2 OS: ROSA-CHROME unaffected versions = libreoffice-24.8.7.2 affected versions libreoffice-24.8.7.2 CVE-ID: CVE-2025-2866 BDU-ID: 2025-05910 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the LibreOffice office suite is related to incorrect cryptographic signature...
Advisory ROSA-SA-2026-3232
software: kanboard 1.2.49 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.49-1 affected versions kanboard-1.2.49-1 CVE-ID: CVE-2026-21879 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An Open Redirect vulnerability in Kanboard ≤ 1.2.48 allowed authenticated users to be redirected to malicious...
Advisory ROSA-SA-2026-3226
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-26 affected versions grub2-2.06-26 CVE-ID: CVE-2025-61662 BDU-ID: 2025-14786 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the gettext module of the Grub2 operating systems boot loader is related to the ability to use memory...
Advisory ROSA-SA-2026-3205
software: angie 1.11.3 OS: ROSA-CHROME unaffected versions = angie-1.11.3-1 affected versions angie-1.11.3-1 CVE-ID: CVE-2026-1642 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX OSS and NGINX Plus when proxying to upstream TLS servers allows an attacker in a man-in-the-middle...
Advisory ROSA-SA-2026-3200
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 unaffected versions = sqlite-3.26.0-20.rv3 affected versions sqlite-3.26.0-20.rv3 CVE-ID: CVE-2020-24736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A buffer overflow vulnerability in SQLite3 allows a local attacker to cause a denial of service DoS...
Advisory ROSA-SA-2026-3197
Software: pam 1.3.1 OS: ROSA Virtualization 2.1 unaffected versions = pam-1.3.1-39.rv3 affected versions pam-1.3.1-39.rv3 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a race...
Advisory ROSA-SA-2026-3204
Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 unaffected versions = vim-8.0.1763-21.0.1.rv3 affected versions vim-8.0.1763-21.0.0.1.rv3 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of the...
Advisory ROSA-SA-2026-3196
Software: opensc 0.20.0 OS: ROSA Virtualization 2.1 unaffected versions = opensc-0.20.0-8.0.1.rv3 affected versions opensc-0.20.0-8.0.1.rv3 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc...
Advisory ROSA-SA-2026-3191
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 unaffected versions = libsoup-2.62.3-11.rv3 affected versions libsoup-2.62.3-11.rv3 CVE-ID: CVE-2025-4945 BDU-ID: 2025-10260 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libsoup library of the GNOME GUI is related to integer overflow during...
Advisory ROSA-SA-2026-3179
Software: pam 1.3.1 OS: ROSA Virtualization 3.0 unaffected versions = pam-1.3.1-39.0.2.rv30 affected versions pam-1.3.1-39.0.2.rv30 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a...
Advisory ROSA-SA-2026-3167
Software: jackson-databind 2.10.0 OS: ROSA Virtualization 3.0 unaffected versions = jackson-databind-2.10.0-1.0.2.rv30 affected versions jackson-databind-2.10.0-1.0.2.rv30 CVE-ID: CVE-2020-25649 BDU-ID: 2022-05602 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DOMDeserializer component of the...
Advisory ROSA-SA-2026-3138
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 unaffected versions = curl-7.61.1-34.0.2.rv30.9 affected versions curl-7.61.1-34.0.2.rv30.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffe...
Advisory ROSA-SA-2026-3137
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 unaffected versions = cups-2.2.6-66.rv30 affected versions cups-2.2.6-66.rv30 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer dereferencing du...
Advisory ROSA-SA-2026-3130
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-12 affected versions libxml2-2.9.14-12 CVE-ID: CVE-2025-6021 BDU-ID: 2025-07144 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a stack-based buffer overflow...
Advisory ROSA-SA-2026-3122
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-11 affected versions libxml2-2.9.14-11 CVE-ID: CVE-2022-49043 BDU-ID: 2025-11749 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlXIncludeAddNode function of the xinclude.c file of the libxml2 library is related to...
Advisory ROSA-SA-2026-3113
software: squid 5.9 WASP: ROSA-CHROME unaffected versions = squid-5.9-3 affected versions squid-5.9-3 CVE-ID: CVE-2023-49285 BDU-ID: 2023-08581 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-3105
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-6.rv3 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...
Advisory ROSA-SA-2025-3071
Software: libarchive 3.3.3 OS: ROSA Virtualization 3.0 unaffected versions = libarchive-3.3.3.3-6.0.1.rv30 affected versions libarchive-3.3.3.3-6.0.1.rv30 CVE-ID: CVE-2025-5914 BDU-ID: CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the archivereadformatrarseekdata function of the Libarchive...
Advisory ROSA-SA-2025-3053
Software: libarchive 3.3.3 OS: ROSA Virtualization 3.1 unaffected versions = libarchive-3.3.3.3-6.0.1.rv31 affected versions libarchive-3.3.3.3-6.0.1.rv31 CVE-ID: CVE-2025-5914 BDU-ID: CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the archivereadformatrarseekdata function of the Libarchive...
Advisory ROSA-SA-2025-3017
software: chromium-browser-stable 140.0.7339.185 WASP: ROSA-CHROME unaffected versions = chromium-browser-stable-140.0.7339.185-1 affected versions chromium-browser-stable-140.0.7339.185-1 CVE-ID: CVE-2025-10585 BDU-ID: 2025-11457 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the V8 component of...
Advisory ROSA-SA-2025-3008
software: mono 6.12.0 WASP: ROSA-CHROME unaffected versions = mono-6.12.0-206.1 affected versions mono-6.12.0-206.1 CVE-ID: CVE-2021-24112 BDU-ID: 2021-00929 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the .NET Core software platform is related to insufficient input validation. Exploitation of t...
Advisory ROSA-SA-2025-2978
software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-2 affected versions cjson-1.7.18-2 CVE-ID: CVE-2023-26819 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON 1.7.15 may cause a denial of service when processing a specially generated JSON document, e.g.: "a": true, "b": null,...
Advisory ROSA-SA-2025-2944
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-10 affected versions tomcat-9.0.37-10 CVE-ID: CVE-2024-24549 BDU-ID: 2024-02608 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability is related to insufficient input validation. Exploitation of th...
Advisory ROSA-SA-2025-2884
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-10.0.1.rv3 CVE-ID: CVE-2018-25013 BDU-ID: 2021-03103 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in...