1374 matches found
Advisory ROSA-SA-2025-2871
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0.0-33.0.5.res7 CVE-ID: CVE-2024-9632 BDU-ID: 2024-09084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in...
Advisory ROSA-SA-2025-2842
Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 2.1 packageevrstring: gdk-pixbuf2-2.36.12-6.0.1.rv3 CVE-ID: CVE-2022-48622 BDU-ID: 2024-06670 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GdkPixbuf image loading library is related to a heap memory corruption in aniloadchunk. Exploitation...
Advisory ROSA-SA-2025-2817
Software: rpm 4.14.3 OS: ROSA Virtualization 3.0 packageevrstring: rpm-4.14.3-31.rv30 CVE-ID: CVE-2021-35937 BDU-ID: 2021-03555 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RPM Package Manager RPM of Red Hat Enterprise Linux operating systems is caused by a race condition. Exploitation of t...
Advisory ROSA-SA-2025-2794
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 packageevrstring: cups-2.2.6-62.rv30 CVE-ID: CVE-2024-47175 BDU-ID: 2024-07645 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ppdCreatePPDFromIPP2 function of the CUPS print server libppd library is related to failure to take measures to...
Advisory ROSA-SA-2025-2754
Software: PackageKit 1.1.12 OS: ROSA Virtualization 2.1 packageevrstring: PackageKit-1.1.12-7.0.1.rv3 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...
Advisory ROSA-SA-2025-2697
Software: tomcat 9.0.62 OS: ROSA Virtualization 3.0 packageevrstring: tomcat-9.0.62-30.0.2 CVE-ID: CVE-2022-29885 BDU-ID: 2022-03434 CVE-Crit: HIGH CVE-DESC.: An implementation vulnerability in the EncryptInterceptor class of the Apache Tomcat application server is related to incomplete program...
Advisory ROSA-SA-2025-2695
Software: shim 15.6 OS: ROSA Virtualization 3.0 packageevrstring: shim-15.6 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2696
Software: systemd 239 OS: ROSA Virtualization 3.0 packageevrstring: systemd-239-78.0.1 CVE-ID: CVE-2019-3843 BDU-ID: 2022-00318 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the systemd service initialization and management subsystem is related to improper privilege assignment. Exploitation of...
Advisory ROSA-SA-2025-2690
Software: zabbix 6.0.12 OS: ROSA Virtualization 3.0 packageevrstring: zabbix-6.0.12-1.0.1 CVE-ID: CVE-2023-32724 BDU-ID: 2024-06936 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System is related to improper assignment of permissions for a critical resource...
Advisory ROSA-SA-2025-2668
software: sox 14.4.2 OS: ROSA-CHROME packageevrstring: sox-14.4.2-6 CVE-ID: CVE-2022-31650 BDU-ID: 2023-01722 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lsxaiffstartwrite function of the aiff.c component of the Sound eXchange audio editor is related to insufficient comparison. Exploitation ...
Advisory ROSA-SA-2025-2667
software: sqlite 3.41.2 OS: ROSA-CHROME packageevrstring: sqlite-3.41.2-2 CVE-ID: CVE-2023-7104 BDU-ID: 2024-00480 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sessionReadRecord function of the ext/session/sqlite3session.c file of the SQLite database management system is related to a buffer...
Advisory ROSA-SA-2025-2659
software: openslp 2.0.0 WASP: ROSA-CHROME packageevrstring: openslp-2.0.0 CVE-ID: CVE-2016-4912 BDU-ID: None CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in OpenSLP allows remote attackers to cause a denial of service via a large number of specially crafted packets. CVE-STATUS: The vulnerability...
Advisory ROSA-SA-2025-2632
software: yt-dlp 2023.07.06 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.07.06-2 CVE-ID: CVE-2023-40581 BDU-ID: 2023-06330 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the yt-dlp audio and video download utility due to failure to take measures to neutralize special elements. Exploitatio...
Advisory ROSA-SA-2025-2614
software: yt-dlp 2023.09.24 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.09.24-1 CVE-ID: CVE-2023-46121 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in yt-dlp allows an attacker to perform a MITM attack and gain access to a cookie. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2025-2604
software: expat 2.6.2 OS: ROSA-CHROME packageevrstring: expat-2.6.2-1 CVE-ID: CVE-2023-52426 BDU-ID: 2024-04334 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to improper restriction of recursive object references in DTDs. Exploitation of the...
Advisory ROSA-SA-2025-2562
Software: xerces-c 3.1.1 OS: rosa-server79 packageevrstring: xerces-c-3.1.1-10.0.1.res7 CVE-ID: CVE-2023-37536 BDU-ID: 2023-06960 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Heerces C++ library of the BigFix Platform IT Collaborative Management Platform is caused by an integer overflow...
Advisory ROSA-SA-2024-2542
Software: vorbis-tools 1.4.2 OS: ROSA-CHROME packageevrstring: vorbis-tools-1.4.2-3 CVE-ID: CVE-2023-43361 BDU-ID: 2024-02625 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Vorbis-tools package is related to the ability to write beyond buffer boundaries in memory when converting wav files to og...
Advisory ROSA-SA-2024-2524
Software: monit 5.30.0 OS: rosa-server79 packageevrstring: monit-5.30.0-2.res7 CVE-ID: CVE-2022-26563 BDU-ID: 2023-05304 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PAMcheckPasswd function of the Monit process, program, file and directory management and monitoring utility is related to flaws...
Advisory ROSA-SA-2024-2523
Software: xrdp 0.9.25 OS: rosa-server79 packageevrstring: xrdp-0.9.25-2.0.1.res7 CVE-ID: CVE-2023-40184 BDU-ID: 2023-07659 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the authstartsession function of the XRDP server is related to the bypassing of session restrictions. Exploitation of the...
Advisory ROSA-SA-2024-2510
Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...
Advisory ROSA-SA-2026-3263
Software: kernel-ml 5.15.180 OS: rosa-server79 unaffected versions = kernel-ml-5.15.180-1.0.1.res7 affected versions kernel-ml-5.15.180-1.0.1.res7 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perfor...
Advisory ROSA-SA-2026-3242
software: djvulibre 3.5.29 WASP: ROSA-CHROME unaffected versions = djvulibre-3.5.29-1 affected versions djvulibre-3.5.29-1 CVE-ID: CVE-2021-46312 BDU-ID: 2023-05878 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the IW44EncodeCodec.cpp component of the library for viewing, creating, editing DjVu...
Advisory ROSA-SA-2026-3239
software: suricata 7.0.14 AXIS: ROSA-CHROME unaffected versions = suricata-7.0.14-1 affected versions suricata-7.0.14-1 CVE-ID: CVE-2026-22258 BDU-ID: 2026-00955 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System's DCERPC protocol implementation is...
Advisory ROSA-SA-2026-3234
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-6 affected versions curl-8.7.1-6 CVE-ID: CVE-2025-14017 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In multi-threaded LDAPS transfers in libcurl, changing TLS options in one thread changed them globally and could affect other...
Advisory ROSA-SA-2026-3235
software: expat 2.7.4 OS: ROSA-CHROME unaffected versions = expat-2.7.4-1 affected versions expat-2.7.4-1 CVE-ID: CVE-2026-24515 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In libexpat before 2.7.4, the XMLExternalEntityParserCreate function does not copy custom handler data of unknown encoding...
Advisory ROSA-SA-2026-3224
software: tpm2-tools 5.5.1 OS: ROSA-CHROME unaffected versions = tpm2-tools-5.5.1-1 affected versions tpm2-tools-5.5.1-1 CVE-ID: CVE-2024-29039 BDU-ID: 2025-16174 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the tpm2 checkquote component of the Trusted Platform Module tpm2-tools repository fo...
Advisory ROSA-SA-2026-3220
Software: fonttools 4.49.0 WASP: ROSA-CHROME unaffected versions = fonttools-4.49.0-2 affected versions fonttools-4.49.0-2 CVE-ID: CVE-2025-66034 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Arbitrary file write vulnerability in fontTools varLib allows a remote attacker to execute arbitrary code when...
Advisory ROSA-SA-2026-3208
Software: webmin 2.520 WASP: ROSA-CHROME unaffected versions = webmin-2.520-1 affected versions webmin-2.520-1 CVE-ID: CVE-2025-61541 BDU-ID: 2025-14429 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getwebminemailurl function of the Webmin hosting control panel is related to access delimitatio...
Advisory ROSA-SA-2026-3193
Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 2.1 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv3 affected versions libtomcrypt-1.18.2-5.0.1.1.rv3 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...
Advisory ROSA-SA-2026-3194
Software: libtommath 1.1.0 OS: ROSA Virtualization 2.1 unaffected versions = libtommath-1.1.0-4.rv3 affected versions libtommath-1.1.0-4.rv3 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to...
Advisory ROSA-SA-2026-3188
Software: libpng 1.6.34 OS: ROSA Virtualization 2.1 unaffected versions = libpng-1.6.34-9.0.1.1.rv3 affected versions libpng-1.6.34-9.0.1.rv3 CVE-ID: CVE-2025-64720 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Read outside buffer vulnerability in LIBPNG: The pngimagereadcomposite function incorrectly...
Advisory ROSA-SA-2026-3190
Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv3 affected versions libsndfile-1.0.28-16.0.2.rv3 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library is...
Advisory ROSA-SA-2026-3192
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 unaffected versions = libssh-0.9.6-16.rv3 affected versions libssh-0.9.6-16.rv3 CVE-ID: CVE-2025-5372 BDU-ID: 2025-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libssh library's sshkdf function is related to incorrect code generation...
Advisory ROSA-SA-2026-3189
Software: libproxy 0.4.15 OS: ROSA Virtualization 2.1 unaffected versions = libproxy-0.4.15-5.5.5.rv3 affected versions libproxy-0.4.15-5.5.rv3 CVE-ID: CVE-2020-25219 BDU-ID: 2022-00336 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the url::recvline function of the url.cpp component of the Libprox...
Advisory ROSA-SA-2026-3182
Software: sqlite 3.26.0 OS: ROSA Virtualization 3.0 unaffected versions = sqlite-3.26.0-20.rv30 affected versions sqlite-3.26.0-20.rv30 CVE-ID: CVE-2025-6965 BDU-ID: 2025-08786 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Aggregate Term Handler component of the SQLite database management syst...
Advisory ROSA-SA-2026-3176
Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.0 unaffected versions = modauthopenidc-2.4.9.4-8.rv30 affected versions modauthopenidc-2.4.9.4-8.rv30 CVE-ID: CVE-2025-3891 BDU-ID: 2025-10948 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for...
Advisory ROSA-SA-2026-3173
Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 3.0 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv30 affected versions libtomcrypt-1.18.2-5.0.1.rv30 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...
Advisory ROSA-SA-2026-3175
Software: lz4 1.8.3 OS: ROSA Virtualization 3.0 unaffected versions = lz4-1.8.3-5.rv30 affected versions lz4-1.8.3-5.rv30 CVE-ID: CVE-2019-17543 BDU-ID: 2023-07612 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LZ4 lossless data compression algorithm is related to writing beyond buffer...
Advisory ROSA-SA-2026-3169
Software: libproxy 0.4.15 OS: ROSA Virtualization 3.0 unaffected versions = libproxy-0.4.15-5.5.5.rv30 affected versions libproxy-0.4.15-5.5.5.rv30 CVE-ID: CVE-2020-25219 BDU-ID: 2022-00336 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the url::recvline function of the url.cpp component of the...
Advisory ROSA-SA-2026-3156
Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.1 unaffected versions = modauthopenidc-2.4.9.4-8.rv31 affected versions modauthopenidc-2.4.9.4-8.rv31 CVE-ID: CVE-2025-3891 BDU-ID: 2025-10948 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for...
Advisory ROSA-SA-2026-3143
Software: curl 7.61.1 OS: ROSA Virtualization 3.1 unaffected versions = curl-7.61.1-34.0.2.rv31.9 affected versions curl-7.61.1-34.0.2.rv31.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffe...
Advisory ROSA-SA-2026-3128
software: gnutls 3.8.10 OS: ROSA-CHROME unaffected versions = gnutls-3.8.10-1 affected versions gnutls-3.8.10-1 CVE-ID: CVE-2025-32988 BDU-ID: 2025-11076 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1deletestructure function of the GnuTLS transport layer security library involves a memory...
Advisory ROSA-SA-2026-3126
software: suricata 7.0.12 AXIS: ROSA-CHROME unaffected versions = suricata-7.0.12-1 affected versions suricata-7.0.12-1 CVE-ID: CVE-2025-59147 BDU-ID: 2025-12460 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to incorrect security...
Advisory ROSA-SA-2025-3110
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-10.20180224.0.1.rv3 CVE-ID: CVE-2021-39537 BDU-ID: 2023-07626 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nccaptoinfo function of the captoinfo.c component of the Ncurses terminal I/O control library involve...
Advisory ROSA-SA-2025-3104
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-7.rv3 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-3094
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...
Advisory ROSA-SA-2025-3093
Software: sudo 1.8.23 OS: rosa-server79 unaffected versions = sudo-1.8.23-11.0.2.res7.3 affected versions sudo-1.8.23-11.0.2.2.res7.3 CVE-ID: CVE-2025-32462 BDU-ID: 2025-08356 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Sudo system administration program is related to a flaw in the...
Advisory ROSA-SA-2025-3041
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 unaffected versions = cups-2.2.6-63.rv30 affected versions cups-2.2.6-63.rv30 CVE-ID: CVE-2025-58060 BDU-ID: 2025-11019 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CUPS Common UNIX Printing System is related to flaws in the authentication...
Advisory ROSA-SA-2025-3035
Software: firefox 128.5.1 OS: rosa-server79 unaffected versions = firefox-128.5.1-1.0.1.res7 affected versions firefox-128.5.1-1.0.1.res7 CVE-ID: CVE-2024-11692 BDU-ID: 2024-10454 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is...
Advisory ROSA-SA-2025-3031
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-10 affected versions libxml2-2.9.14-10 CVE-ID: CVE-2025-9714 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: uncontrolled recursion in evalXPath of libxml2 library before 2.9.14, allowing a local attacker to cau...