1374 matches found
Advisory ROSA-SA-2025-3000
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-24 affected versions grub2-2.06-24 CVE-ID: CVE-2024-45779 BDU-ID: 2025-03832 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BFS file system of the Grub2 operating system boot loader is related to reads outside the allowed...
Advisory ROSA-SA-2025-2955
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...
Advisory ROSA-SA-2025-2954
Software: kernel 4.18.0 OS: ROSA Virtualization 2.1 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...
Advisory ROSA-SA-2025-2920
software: freerdp 2.11.7 OS: ROSA-CHROME unaffected versions = freerdp-2.11.7-7 affected versions freerdp-2.11.7-7 CVE-ID: CVE-2024-32661 BDU-ID: 2024-03394 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeRDP RDP client is related to null pointer dereferencing. Exploitation of the...
Advisory ROSA-SA-2025-2871
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0.0-33.0.5.res7 CVE-ID: CVE-2024-9632 BDU-ID: 2024-09084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in...
Advisory ROSA-SA-2025-2867
Software: freetype 2.8 OS: rosa-server79 packageevrstring: freetype-2.8-14.0.1.res7.1 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library is related to reading beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2864
software: freetype 2.10.4 OS: ROSA-CHROME packageevrstring: freetype-2.10.4-7 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library involves reading outside buffer boundaries in memory. Exploitation of the vulnerability coul...
Advisory ROSA-SA-2025-2826
Software: python-requests 2.25.8 OS: ROSA Virtualization 3.0 packageevrstring: python-requests-2.25.8-1.rv30 CVE-ID: CVE-2023-32681 BDU-ID: 2023-03874 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the HTTP Requests library of the Python Requests programming language is related to insufficient...
Advisory ROSA-SA-2025-2820
Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 packageevrstring: tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2021-41043 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The Use after free vulnerability in tcpslice causes AddressSanitizer, with no other confirmed impact. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2815
Software: binutils 2.30 OS: ROSA Virtualization 3.0 packageevrstring: binutils-2.30-125.rv30 CVE-ID: CVE-2018-12699 BDU-ID: 2021-01389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the finishstab function of the stabs.c file of the Binutils program development kit is related to an operation...
Advisory ROSA-SA-2025-2813
Software: net-snmp 5.8 OS: ROSA Virtualization 3.0 packageevrstring: net-snmp-5.8-30.0.1.rv30 CVE-ID: CVE-2022-24805 BDU-ID: 2024-06509 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the NET-SNMP-VACM-MIB function of the Net-SNMP software suite of the Linux operating system is related to buffer...
Advisory ROSA-SA-2025-2803
Software: harfbuzz 1.7.5 OS: ROSA Virtualization 3.0 packageevrstring: harfbuzz-1.7.5-4.rv30 CVE-ID: CVE-2023-25193 BDU-ID: 2023-06149 CVE-Crit: HIGH CVE-DESC.: Vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is related to unrestricted resource...
Advisory ROSA-SA-2025-2779
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-10.20180224.0.1.rv3 CVE-ID: CVE-2021-39537 BDU-ID: 2023-07626 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nccaptoinfo function of the captoinfo.c component of the Ncurses terminal I/O control library involve...
Advisory ROSA-SA-2025-2776
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...
Advisory ROSA-SA-2025-2774
Software: kernel kernel OS: ROSA Virtualization 3.0 packageevrstring: kernel-kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2024-1086 BDU-ID: 2024-01187 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nftverdictinit function in the net/netfilter/nftablesapi.c module of the Linux operating system...
Advisory ROSA-SA-2025-2764
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-7.rv3 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-2744
Software: python-idna 2.5 OS: ROSA Virtualization 3.0 packageevrstring: python-idna-2.5-7.0.2.rv30 CVE-ID: CVE-2024-3651 BDU-ID: 2024-04211 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the idna.encode function of the Internationalized Domain Names in Applications IDNA is associated with...
Advisory ROSA-SA-2025-2729
Software: opensc 0.20.0 OS: ROSA Virtualization 3.0 packageevrstring: opensc-0.20.0-8.rv30 CVE-ID: CVE-2023-2977 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in OpenSC causes a buffer overflow in the pkcs15 cardoshaveverifyrcpackage function, allowing an attacker to cause a processing...
Advisory ROSA-SA-2025-2722
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-34.0.2.rv30.2 CVE-ID: CVE-2023-28322 BDU-ID: 2023-02895 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libcurl library is related to errors in sending POST and PUT HTTP requests using the same descriptor. Exploitati...
Advisory ROSA-SA-2025-2726
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1.rv30.2 CVE-ID: CVE-2022-49043 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Use-after-free vulnerability in libxml2. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerability, run the comman...
Advisory ROSA-SA-2025-2706
Software: libksba 1.3.5 OS: ROSA Virtualization 3.0 packageevrstring: libksba-1.3.5-9 CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X.509 certificate function-providing library LibKSBA is related to an integer overflow in the CRL parser. Exploitation of...
Advisory ROSA-SA-2025-2694
Software: samba 4.17.12 OS: ROSA Virtualization 3.0 packageevrstring: samba-4.17.12 CVE-ID: CVE-2022-38023 BDU-ID: 2022-06830 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Netlogon Remote Protocol MS-NRPC implementation of Windows operating systems is due to errors in security settings...
Advisory ROSA-SA-2025-2664
software: openvswitch 2.17.8 OS: ROSA-CHROME packageevrstring: openvswitch-2.17.8 CVE-ID: CVE-2023-5366 BDU-ID: 2024-03244 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Open vSwitch OvS software tiered switch is related to insufficient data authentication. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2610
software: vim 9.1.0104 WASP: ROSA-CHROME packageevrstring: vim-9.1.0104-1 CVE-ID: CVE-2024-22667 BDU-ID: 2024-02840 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Didsetlangmap function of the vim text editor involves calling sprintf to write to an error buffer that is passed to option callba...
Advisory ROSA-SA-2025-2607
software: gnutls 3.8.4 OS: ROSA-CHROME packageevrstring: gnutls-3.8.4-1 CVE-ID: CVE-2024-0553 BDU-ID: 2024-00707 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GnuTLS transport layer cryptographic library is related to a difference in response time when processing an RSA ciphertext in a...
Advisory ROSA-SA-2025-2554
Software: libcaca 0.99 OS: rosa-server79 packageevrstring: libcaca-0.99-0.40.beta20.res7 CVE-ID: CVE-2018-20545 BDU-ID: 2019-01073 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the loadimage src/common-image.c function of the libcaca graphics library involves an integer overflow. Exploitation of t...
Advisory ROSA-SA-2024-2547
software: virglrenderer 0.8.1 OS: ROSA-CHROME packageevrstring: virglrenderer-0.8.1-4 CVE-ID: CVE-2020-8002 BDU-ID: 2023-00917 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vrendrenderer.c component of the Virglrenderer virtual OpenGL renderer is related to pointer dereferencing errors...
Advisory ROSA-SA-2024-2532
Software: ansible 2.9.18 OS: rosa-server79 packageevrstring: ansible-2.9.18-1.res7 CVE-ID: CVE-2021-20228 BDU-ID: 2021-03706 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Ansible configuration management system is related to information disclosure. Exploitation of the vulnerability could all...
Advisory ROSA-SA-2026-3302
Project: libid3tag 0.15.1b Operating System: ROSA-CHROME Unaffected versions: = libid3tag-0.15.1b-25 Affected versions: libid3tag-0.15.1b-25 CVE-ID: CVE-2004-2779 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability exists in the id3utf16deserialize function in the utf16.c library of...
Advisory ROSA-SA-2026-3281
software: libde265 1.0.18 OS: ROSA-CHROME unaffected versions = libde265-1.0.18-1 affected versions libde265-1.0.18-1 CVE-ID: CVE-2025-61147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in strukturag libde265 commit d9fea9d is related to a segmentation error in the...
Advisory ROSA-SA-2026-3279
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-16 affected versions tomcat-9.0.37-16 CVE-ID: CVE-2026-24733 BDU-ID: None CVE-Crit: LOW CVE-DESC.: An invalid input validation vulnerability in Apache Tomcat allows a remote attacker to bypass security restrictions by...
Advisory ROSA-SA-2026-3260
software: kernel-5.15 5.15.193 WASP: ROSA-CHROME unaffected versions = kernel-5.15-5.15.193-3 affected versions kernel-5.15-5.15.193-3 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD...
Advisory ROSA-SA-2026-3258
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-3 affected versions kernel-6.1-6.1.152-3 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD "in-place"...
Advisory ROSA-SA-2026-3256
software: libheif 1.12.0 WASP: ROSA-CHROME unaffected versions = libheif-1.12.0-6 affected versions libheif-1.12.0-6 CVE-ID: CVE-2025-68431 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In libheif HEIF/AVIF decoder/encoder before 1.21.0, when processing a specially formed HEIF with an overlay element ...
Advisory ROSA-SA-2026-3247
software: libreoffice 24.8.7.2 OS: ROSA-CHROME unaffected versions = libreoffice-24.8.7.2 affected versions libreoffice-24.8.7.2 CVE-ID: CVE-2025-2866 BDU-ID: 2025-05910 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the LibreOffice office suite is related to incorrect cryptographic signature...
Advisory ROSA-SA-2026-3234
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-6 affected versions curl-8.7.1-6 CVE-ID: CVE-2025-14017 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In multi-threaded LDAPS transfers in libcurl, changing TLS options in one thread changed them globally and could affect other...
Advisory ROSA-SA-2026-3232
software: kanboard 1.2.49 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.49-1 affected versions kanboard-1.2.49-1 CVE-ID: CVE-2026-21879 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An Open Redirect vulnerability in Kanboard ≤ 1.2.48 allowed authenticated users to be redirected to malicious...
Advisory ROSA-SA-2026-3226
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-26 affected versions grub2-2.06-26 CVE-ID: CVE-2025-61662 BDU-ID: 2025-14786 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the gettext module of the Grub2 operating systems boot loader is related to the ability to use memory...
Advisory ROSA-SA-2026-3205
software: angie 1.11.3 OS: ROSA-CHROME unaffected versions = angie-1.11.3-1 affected versions angie-1.11.3-1 CVE-ID: CVE-2026-1642 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX OSS and NGINX Plus when proxying to upstream TLS servers allows an attacker in a man-in-the-middle...
Advisory ROSA-SA-2026-3197
Software: pam 1.3.1 OS: ROSA Virtualization 2.1 unaffected versions = pam-1.3.1-39.rv3 affected versions pam-1.3.1-39.rv3 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a race...
Advisory ROSA-SA-2026-3204
Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 unaffected versions = vim-8.0.1763-21.0.1.rv3 affected versions vim-8.0.1763-21.0.0.1.rv3 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of the...
Advisory ROSA-SA-2026-3200
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 unaffected versions = sqlite-3.26.0-20.rv3 affected versions sqlite-3.26.0-20.rv3 CVE-ID: CVE-2020-24736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A buffer overflow vulnerability in SQLite3 allows a local attacker to cause a denial of service DoS...
Advisory ROSA-SA-2026-3191
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 unaffected versions = libsoup-2.62.3-11.rv3 affected versions libsoup-2.62.3-11.rv3 CVE-ID: CVE-2025-4945 BDU-ID: 2025-10260 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libsoup library of the GNOME GUI is related to integer overflow during...
Advisory ROSA-SA-2026-3192
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 unaffected versions = libssh-0.9.6-16.rv3 affected versions libssh-0.9.6-16.rv3 CVE-ID: CVE-2025-5372 BDU-ID: 2025-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libssh library's sshkdf function is related to incorrect code generation...
Advisory ROSA-SA-2026-3182
Software: sqlite 3.26.0 OS: ROSA Virtualization 3.0 unaffected versions = sqlite-3.26.0-20.rv30 affected versions sqlite-3.26.0-20.rv30 CVE-ID: CVE-2025-6965 BDU-ID: 2025-08786 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Aggregate Term Handler component of the SQLite database management syst...
Advisory ROSA-SA-2026-3179
Software: pam 1.3.1 OS: ROSA Virtualization 3.0 unaffected versions = pam-1.3.1-39.0.2.rv30 affected versions pam-1.3.1-39.0.2.rv30 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a...
Advisory ROSA-SA-2026-3167
Software: jackson-databind 2.10.0 OS: ROSA Virtualization 3.0 unaffected versions = jackson-databind-2.10.0-1.0.2.rv30 affected versions jackson-databind-2.10.0-1.0.2.rv30 CVE-ID: CVE-2020-25649 BDU-ID: 2022-05602 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DOMDeserializer component of the...
Advisory ROSA-SA-2026-3138
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 unaffected versions = curl-7.61.1-34.0.2.rv30.9 affected versions curl-7.61.1-34.0.2.rv30.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffe...
Advisory ROSA-SA-2026-3137
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 unaffected versions = cups-2.2.6-66.rv30 affected versions cups-2.2.6-66.rv30 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer dereferencing du...
Advisory ROSA-SA-2026-3130
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-12 affected versions libxml2-2.9.14-12 CVE-ID: CVE-2025-6021 BDU-ID: 2025-07144 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a stack-based buffer overflow...