1374 matches found
Advisory ROSA-SA-2025-3093
Software: sudo 1.8.23 OS: rosa-server79 unaffected versions = sudo-1.8.23-11.0.2.res7.3 affected versions sudo-1.8.23-11.0.2.2.res7.3 CVE-ID: CVE-2025-32462 BDU-ID: 2025-08356 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Sudo system administration program is related to a flaw in the...
Advisory ROSA-SA-2025-3056
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.1 unaffected versions = gnutls-3.6.16-8.0.1.rv31.4 affected versions gnutls-3.6.16-8.0.1.1.rv31.4 CVE-ID: CVE-2024-12243 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GnuTLS transport layer security library is related to algorithmic...
Advisory ROSA-SA-2025-3041
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 unaffected versions = cups-2.2.6-63.rv30 affected versions cups-2.2.6-63.rv30 CVE-ID: CVE-2025-58060 BDU-ID: 2025-11019 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CUPS Common UNIX Printing System is related to flaws in the authentication...
Advisory ROSA-SA-2025-3035
Software: firefox 128.5.1 OS: rosa-server79 unaffected versions = firefox-128.5.1-1.0.1.res7 affected versions firefox-128.5.1-1.0.1.res7 CVE-ID: CVE-2024-11692 BDU-ID: 2024-10454 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is...
Advisory ROSA-SA-2025-3031
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-10 affected versions libxml2-2.9.14-10 CVE-ID: CVE-2025-9714 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: uncontrolled recursion in evalXPath of libxml2 library before 2.9.14, allowing a local attacker to cau...
Advisory ROSA-SA-2025-3030
software: glibc 2.33 AXIS: ROSA-CHROME unaffected versions = glibc-2.33-11.git5f08d1.3 affected versions glibc-2.33-11.git5f08d1.3 CVE-ID: CVE-2023-0687 BDU-ID: 2023-00731 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the monstartup function of the monstartup file gmon.c of the GNU C System Call...
Advisory ROSA-SA-2025-3019
software: git 2.51.0 WASP: ROSA-CHROME unaffected versions = git-2.51.0-1 affected versions git-2.51.0-1 CVE-ID: CVE-2025-48384 BDU-ID: 2025-08691 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system of the Microsoft Visual Studio software development tool is...
Advisory ROSA-SA-2025-3002
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-8 affected versions ghostscript-9.56.1-8 CVE-ID: CVE-2023-46751 BDU-ID: 2024-00187 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdevprnopenprinterseekable function of the Ghostscript document processing,...
Advisory ROSA-SA-2025-2986
software: spdlog 1.8.5 OS: ROSA-CHROME unaffected versions = spdlog-1.8.5-2 affected versions spdlog-1.8.5-2 CVE-ID: CVE-2025-6140 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in spdlog causes excessive resource consumption when running the scopedpadder function patternformatter-inl.h,...
Advisory ROSA-SA-2025-2915
software: x11-server 21.1.16 OS: ROSA-CHROME unaffected versions = x11-server-21.1.16-1 affected versions x11-server-21.1.16-1 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the ...
Advisory ROSA-SA-2025-2886
Software: freetype 2.9.1 OS: ROSA Virtualization 3.0 packageevrstring: freetype-2.9.1-10.rv30 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library is related to reading beyond buffer boundaries in memory. Exploitation of th...
Advisory ROSA-SA-2025-2875
Software: iptables 1.8.7 OS: ROSA-CHROME packageevrstring: iptables-1.8.7 CVE-ID: None BDU-ID: 2025-02342 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Linux operating system iptables packet filtering rule table configuration and management utility is related to insecure privilege management...
Advisory ROSA-SA-2025-2865
Software: emacs 24.3 OS: rosa-server79 packageevrstring: emacs-24.3-23.0.1.res7.1 CVE-ID: CVE-2025-1244 BDU-ID: 2025-04327 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability exists in the EMACS text editor due to failure to take measures to neutralize special elements. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2025-2832
Software: avahi 0.7 OS: ROSA Virtualization 2.1 packageevrstring: avahi-0.7-21.0.1.rv3 CVE-ID: CVE-2023-1981 BDU-ID: 2023-03858 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Avahi Local Area Network Service Discovery System involves uncontrolled resource consumption. Exploitation of the...
Advisory ROSA-SA-2025-2829
Software: postgresql-jdbc 42.2.28 OS: ROSA Virtualization 3.0 packageevrstring: postgresql-jdbc-42.2.28-1.0.1.rv30 CVE-ID: CVE-2024-1597 BDU-ID: 2024-01541 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the JDBC driver pgjdbc for connecting Java programs to a PostgreSQL database is related to...
Advisory ROSA-SA-2025-2819
Software: squashfs-tools 4.3 OS: ROSA Virtualization 3.0 packageevrstring: squashfs-tools-4.3-21.rv30 CVE-ID: CVE-2021-40153 BDU-ID: 2021-05217 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the squashfsopendir function of the unsquash-1.c component of the Squashfs Squashfs-Tools file system...
Advisory ROSA-SA-2025-2816
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2024-5535 BDU-ID: 2024-06988 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSLselectnextproto function of the SSL toolkit for the TLS and SSL OpenSSL protocols is related to informatio...
Advisory ROSA-SA-2025-2822
Software: pampkcs11 0.6.13 OS: ROSA Virtualization 3.0 packageevrstring: pampkcs11-0.6.13-1.rv30 CVE-ID: CVE-2025-24032 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: The PAM-PKCS11 vulnerability allows an attacker to log in to a user account using a token created by the user. CVE-STATUS: The...
Advisory ROSA-SA-2025-2799
Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 3.0 packageevrstring: gdk-pixbuf2-2.36.12-6.0.1.rv30 CVE-ID: CVE-2022-48622 BDU-ID: 2024-06670 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GdkPixbuf image loading library is related to a heap memory corruption in aniloadchunk. Exploitatio...
Advisory ROSA-SA-2025-2805
Software: iperf3 3.5 OS: ROSA Virtualization 3.0 packageevrstring: iperf3-3.5-11.rv30 CVE-ID: CVE-2024-53580 BDU-ID: 2024-11145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to improper handling of test parameters passed to the server in jso...
Advisory ROSA-SA-2025-2793
Software: bubblewrap 0.4.0 OS: ROSA Virtualization 3.0 packageevrstring: bubblewrap-0.4.0-2.rv30 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...
Advisory ROSA-SA-2025-2771
Software: python-setuptools 39.2.0 OS: ROSA Virtualization 3.0 packageevrstring: python-setuptools-39.2.0-8.0.1.rv30 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is...
Advisory ROSA-SA-2025-2741
Software: orc 0.4.28 OS: ROSA Virtualization 3.0 packageevrstring: orc-0.4.28-4.rv30 CVE-ID: CVE-2024-40897 BDU-ID: 2024-06669 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the orcparse.c file of the library for compiling and executing programs that operate on GStreamer ORC data arrays is relate...
Advisory ROSA-SA-2025-2745
Software: python3x-idna 2.10 OS: ROSA Virtualization 3.0 packageevrstring: python3x-idna-2.10-4.rv30 CVE-ID: CVE-2024-3651 BDU-ID: 2024-04211 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the idna.encode function of the Internationalized Domain Names in Applications IDNA is associated with...
Advisory ROSA-SA-2025-2728
Software: opencryptoki 3.21.0 OS: ROSA Virtualization 3.0 packageevrstring: opencryptoki-3.21.0-10.rv30 CVE-ID: CVE-2024-0914 BDU-ID: 2024-02839 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the opencryptoki package is related to the processing of RSA PKCS1 augmented ciphertexts. Exploitation of...
Advisory ROSA-SA-2025-2669
software: python3 3.8.13 WASP: ROSA-CHROME packageevrstring: python3-3.8.13 CVE-ID: CVE-2015-20107 BDU-ID: 2022-03962 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the mailcap module of the Python programming language interpreter is related to insufficient validation of arguments passed to a...
Advisory ROSA-SA-2025-2571
software: ghostscript 9.56.1 OS: ROSA-CHROME packageevrstring: ghostscript-9.56.1-1 CVE-ID: CVE-2024-46956 BDU-ID: 2024-09737 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the psi/zfile.c component of the Ghostscript document processing, conversion, and generation software suite involves reading...
Advisory ROSA-SA-2025-2556
Software: cups-filters 1.0.35 OS: rosa-server79 packageevrstring: cups-filters-1.0.35-29.0.2.res7 CVE-ID: CVE-2024-47176 BDU-ID: 2024-07643 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cups-browsed daemon of the CUPS print server is associated with the use of dangerous methods or functions...
Advisory ROSA-SA-2024-2544
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-6 CVE-ID: CVE-2020-13943 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An HTTP/2 vulnerability in Apache Tomcat allows an attacker to access unwanted resources. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close t...
Advisory ROSA-SA-2024-2534
software: zchunk 1.2.2 OS: ROSA-CHROME packageevrstring: zchunk-1.2.2.2-2 CVE-ID: CVE-2023-46228 BDU-ID: 2023-07324 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c components of the RPM zchunk file size reduction software...
Advisory ROSA-SA-2024-2533
Software: imlib2 1.4.9 OS: rosa-server79 packageevrstring: imlib2-1.4.9-1.res7 CVE-ID: CVE-2014-9762 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: imlib2 allows remote attackers to cause a denial of service segmentation error using a GIF image without a color map. CVE-STATUS: Fixed CVE-REV: Run the yum...
Advisory ROSA-SA-2026-3253
Software: haproxy 3.2.13 WASP: ROSA-CHROME unaffected versions = haproxy-3.2.13-1 affected versions haproxy-3.2.13-1 CVE-ID: CVE-2025-11230 BDU-ID: 2025-13169 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to algorithmic complexity. Exploitation of the...
Advisory ROSA-SA-2026-3251
software: glibc 2.33 AXIS: ROSA-CHROME unaffected versions = glibc-2.33-11.git5f08d1.5 affected versions glibc-2.33-11.git5f08d1.5 CVE-ID: CVE-2026-0915 BDU-ID: 2026-02104 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getnetbyaddr and getnetbyaddrr functions of the GNU C Library system library...
Advisory ROSA-SA-2026-3248
software: exim 4.99.1 OS: ROSA-CHROME unaffected versions = exim-4.99.1-1 affected versions exim-4.99.1-1 CVE-ID: CVE-2025-67896 BDU-ID: 2026-00906 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Exim mail server is related to a buffer overflow in dynamic memory. Exploitation of the...
Advisory ROSA-SA-2026-3233
software: libcupsfilters 2.0.0 OS: ROSA-CHROME unaffected versions = libcupsfilters-2.0.0.0-8 affected versions libcupsfilters-2.0.0-8 CVE-ID: CVE-2025-57812 BDU-ID: 2025-15977 CVE-Crit: LOW CVE-DESC.: A vulnerability in the cfFilterImageToRaster function of the CUPS print server is related to...
Advisory ROSA-SA-2026-3228
software: gpsd 3.21 WASP: ROSA-CHROME unaffected versions = gpsd-3.21-5 affected versions gpsd-3.21-5 CVE-ID: CVE-2025-67268 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Vulnerability in gpsd before commit dc966aa: in drivers/drivernmea2000.c, function hnd129540 handling PGN 129540 - GNSS Satellite...
Advisory ROSA-SA-2026-3229
software: capstone 4.0.2 OS: ROSA-CHROME unaffected versions = capstone-4.0.2-2 affected versions capstone-4.0.2.2-2 CVE-ID: CVE-2025-67873 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Capstone is a disassembler framework. In versions up to and including 6.0.0.0-Alpha5, skipdata length was not checked...
Advisory ROSA-SA-2026-3225
software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-2 affected versions busybox-1.37.0-2 CVE-ID: CVE-2025-46394 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In tar in BusyBox, file names in a TAR archive can be hidden in the list output using terminal escape sequences...
Advisory ROSA-SA-2026-3221
software: python-ldap 3.4.5 WASP: ROSA-CHROME unaffected versions = python-ldap-3.4.5-2 affected versions python-ldap-3.4.5-2 CVE-ID: CVE-2025-61911 BDU-ID: 2026-02913 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the filter.py component of the Python module for working with Python-LDAP LDAP...
Advisory ROSA-SA-2026-3211
software: vtk 9.0.1 OS: ROSA-CHROME unaffected versions = vtk-9.0.1.1-6 affected versions vtk-9.0.1.1-6 CVE-ID: CVE-2025-57106 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow in Kitware VTK before 9.5.0 in the vtkGLTFDocumentLoader component. The vulnerability occurs in the...
Advisory ROSA-SA-2026-3170
Software: libsndfile 1.0.28 OS: ROSA Virtualization 3.0 unaffected versions = libsndfile-1.0.28-16.0.2.rv30 affected versions libsndfile-1.0.28-16.0.2.rv30 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library ...
Advisory ROSA-SA-2026-3154
Software: libtommath 1.2.0 OS: ROSA Virtualization 3.1 unaffected versions = libtommath-1.2.0-1.rv31 affected versions libtommath-1.2.0-1.rv31 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to...
Advisory ROSA-SA-2026-3153
Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 3.1 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv31 affected versions libtomcrypt-1.18.2-5.0.1.1.rv31 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...
Advisory ROSA-SA-2026-3150
Software: libsndfile 1.0.28 OS: ROSA Virtualization 3.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv31 affected versions libsndfile-1.0.28-16.0.2.rv31 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library ...
Advisory ROSA-SA-2026-3148
Software: libpng 1.6.34 OS: ROSA Virtualization 3.1 unaffected versions = libpng-1.6.34-9.0.1.1.rv31 affected versions libpng-1.6.34-9.0.1.1.rv31 CVE-ID: CVE-2025-64720 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Read Outside Buffer Vulnerability in LIBPNG: The pngimagereadcomposite function incorrect...
Advisory ROSA-SA-2026-3136
Software: bind 9.11.36 OS: ROSA Virtualization 3.0 unaffected versions = bind-9.11.36-16.rv30.6 affected versions bind-9.11.36-16.rv30.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...
Advisory ROSA-SA-2026-3132
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 unaffected versions = cups-2.2.6-66.0.1.rv3 affected versions cups-2.2.6-66.0.1.rv3 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer...
Advisory ROSA-SA-2026-3125
Software: qbittorrent 4.6.7 OS: ROSA-CHROME unaffected versions = qbittorrent-4.6.7-2 affected versions qbittorrent-4.6.7-2 CVE-ID: CVE-2025-54310 BDU-ID: 2025-11251 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cross-platform BitTorrent client qBittorrent is related to the lack of validatio...
Advisory ROSA-SA-2026-3115
software: apache 2.4.66 OS: ROSA-CHROME unaffected versions = apache-2.4.66-1 affected versions apache-2.4.66-1 CVE-ID: CVE-2025-66200 BDU-ID: 2025-15638 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moduserdir module of the Apache HTTP Server web server involves bypassing the authentication...
Advisory ROSA-SA-2025-3106
Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...