1374 matches found
Advisory ROSA-SA-2025-3085
Software: libxml2 2.9.1 OS: rosa-server79 unaffected versions = libxml2-2.9.1-6.0.11.res7.6 affected versions libxml2-2.9.1-6.0.11.res7.6 CVE-ID: CVE-2025-6021 BDU-ID: 2025-07144 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...
Advisory ROSA-SA-2025-3063
Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 unaffected versions = libarchive-3.3.3.3-6.0.1.rv3 affected versions libarchive-3.3.3.3-6.0.1.rv3 CVE-ID: CVE-2025-5914 BDU-ID: CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the archivereadformatrarseekdata function of the Libarchive...
Advisory ROSA-SA-2025-3056
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.1 unaffected versions = gnutls-3.6.16-8.0.1.rv31.4 affected versions gnutls-3.6.16-8.0.1.1.rv31.4 CVE-ID: CVE-2024-12243 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GnuTLS transport layer security library is related to algorithmic...
Advisory ROSA-SA-2025-3050
Software: expat 2.2.5 OS: ROSA Virtualization 3.1 unaffected versions = expat-2.2.5-17.0.1.rv31 affected versions expat-2.2.5-17.0.1.rv31 CVE-ID: CVE-2019-15903 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to incorrect restriction of xml...
Advisory ROSA-SA-2025-3040
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 unaffected versions = gnutls-3.6.16-8.0.1.rv3.4 affected versions gnutls-3.6.16-8.0.1.1.rv3.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...
Advisory ROSA-SA-2025-3037
Software: postgresql14 14.18 OS: rosa-server79 unaffected versions = postgresql14-14.18-1PGDG.res7 affected versions postgresql14-14.18-1PGDG.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, and arraysubscripthandler functio...
Advisory ROSA-SA-2025-3027
software: jasper 2.0.33 WASP: ROSA-CHROME unaffected versions = jasper-2.0.33-2 affected versions jasper-2.0.33-2 CVE-ID: CVE-2025-8835 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in JasPer before version 4.2.5 allows a crash due to null pointer dereferencing in the jasimagechclrspc...
Advisory ROSA-SA-2025-3015
Software: dovecot 2.3.21.1 OS: ROSA-CHROME unaffected versions = dovecot-2.3.21.1-6 affected versions dovecot-2.3.21.1-6 CVE-ID: CVE-2022-30550 BDU-ID: 2022-04273 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the passdb account database of the Dovecot mail server is related to configuration...
Advisory ROSA-SA-2025-3013
software: openscap 1.4.2 OS: ROSA-CHROME unaffected versions = openscap-1.4.2-2 affected versions openscap-1.4.2-2 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart...
Advisory ROSA-SA-2025-3007
software: qt5-qtconnectivity 5.15.10 OS: ROSA-CHROME unaffected versions = qt5-qtconnectivity-5.15.15-3 affected versions qt5-qtconnectivity-5.15.15-3 CVE-ID: CVE-2025-23050 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In the Qt Bluetooth module QLowEnergyController on Linux when using the Bluetooth...
Advisory ROSA-SA-2025-3006
Software: libpcap 1.10.5 OS: ROSA-CHROME unaffected versions = libpcap-1.10.5-1 affected versions libpcap-1.10.5-1 CVE-ID: CVE-2023-7256 BDU-ID: 2024-07427 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libpcap library's freeaddrinfo function involves calling freeaddrinfo for the same allocat...
Advisory ROSA-SA-2025-3001
software: suricata 7.0.11 WASP: ROSA-CHROME unaffected versions = suricata-7.0.11-1 affected versions suricata-7.0.11-1 CVE-ID: CVE-2024-38534 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in Suricata allows system resources to be consumed by certain modbus traffic. CVE-STATUS: The...
Advisory ROSA-SA-2025-2998
software: libvpx 1.10.0 OS: ROSA-CHROME unaffected versions = libvpx-1.10.0-5 affected versions libvpx-1.10.0-5 CVE-ID: CVE-2024-5197 BDU-ID: 2024-04531 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vpximgalloc function of the libvpx video encoding/decoding library is related to integer...
Advisory ROSA-SA-2025-2996
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-23 affected versions grub2-2.06-23 CVE-ID: CVE-2024-45777 BDU-ID: 2025-07120 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gettext component of the Grub operating systems loader is related to integer overflow. Exploitation...
Advisory ROSA-SA-2025-2992
Software: dav1d 1.3.0 AXIS: ROSA-CHROME unaffected versions = dav1d-1.3.0-2 affected versions dav1d-1.3.0-2 CVE-ID: CVE-2024-1580 BDU-ID: 2024-04901 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the dav1d decoder of the iOS, iPadOS, visionOS, macOS, Fedora, and Safari browser operating systems i...
Advisory ROSA-SA-2025-2989
software: subversion 1.14.5 OS: ROSA-CHROME unaffected versions = subversion-1.14.5-1 affected versions subversion-1.14.5-1 CVE-ID: CVE-2024-46901 BDU-ID: 2025-03298 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moddavsvn function of Apache Subversion software is related to a flaw in the...
Advisory ROSA-SA-2025-2980
software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-1 affected versions busybox-1.37.0-1 CVE-ID: CVE-2022-48174 BDU-ID: 2023-05378 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the ash.c file of the BusyBox set of UNIX command line utilities is related to writing...
Advisory ROSA-SA-2025-2972
software: systemd 249 WASP: ROSA-CHROME unaffected versions = systemd-249-1.gitfab79a.27 affected versions systemd-249-1.gitfab79a.27 CVE-ID: CVE-2025-4598 BDU-ID: 2025-06694 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the systemd-coredump service of the Systemd daemon is related to a kernel...
Advisory ROSA-SA-2025-2966
Software: avahi 0.7 OS: ROSA Virtualization 3.0 unaffected versions = avahi-0.7-27.0.2.rv30.1 affected versions avahi-0.7-27.0.0.2.rv30.1 CVE-ID: CVE-2018-1000845 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC: Duplicate CVE-2017-6519 CVE-STATUS: The vulnerability has been resolved CVE-REV: To...
Advisory ROSA-SA-2025-2956
Software: libnbd 1.6.0 OS: ROSA Virtualization 2.1 unaffected versions = libnbd-1.6.0-6.0.1.rv3 affected versions libnbd-1.6.0-6.0.1.1.rv3 CVE-ID: CVE-2023-5215 BDU-ID: 2024-06033 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nbdgetsize function of the libnbd library is related to the...
Advisory ROSA-SA-2025-2907
Software: sudo 1.9.5p2 OS: ROSA Virtualization 3.0 packageevrstring: sudo-1.9.5p2-1.rv30 CVE-ID: CVE-2025-32463 BDU-ID: 2025-07765 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sudo system administration program is related to the inclusion of functions from an invalid controlled area when usin...
Advisory ROSA-SA-2025-2901
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2025-2893
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-34.rv30 CVE-ID: CVE-2017-17095 BDU-ID: 2019-03339 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the LibTIFF library is related to a heap-based buffer overflow in TIFFSetupStrips. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2892
Software: libtasn1 4.13 OS: ROSA Virtualization 3.0 packageevrstring: libtasn1-4.13-5.rv3 CVE-ID: CVE-2024-12133 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libtasn1 causes the system to slow down or crash due to inefficient processing of certain certificate data. As a result, an...
Advisory ROSA-SA-2025-2879
Software: krb5 1.18.2 OS: ROSA Virtualization 2.1 packageevrstring: krb5-1.18.2-32.rv3 CVE-ID: CVE-2020-28196 BDU-ID: 2023-03437 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Kerberos network protocol implementation of the Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Alt 8 SP...
Advisory ROSA-SA-2025-2863
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 packageevrstring: kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2024-40998 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: Vulnerability in Linux kernel: access to uninitialized rs-lock lock in ext4fillsuper function. CVE-STATUS: Vulnerability has bee...
Advisory ROSA-SA-2025-2854
Software: binutils 2.30 OS: ROSA Virtualization 3.0 packageevrstring: binutils-2.30-125.0.1.rv30 CVE-ID: CVE-2018-1000876 BDU-ID: 2023-01657 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the disassembledata function of the objdump.c component of the GNU Binutils development software tool is...
Advisory ROSA-SA-2025-2847
Software: less 530 OS: ROSA Virtualization 2.1 packageevrstring: less-530-3.rv3 CVE-ID: CVE-2022-48624 BDU-ID: 2024-04438 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the closealtfile filename.c function for UNIX-like Less text terminals is related to the skipping of Shellquote calls for...
Advisory ROSA-SA-2025-2801
Software: gtk3 3.22.30 OS: ROSA Virtualization 3.0 packageevrstring: gtk3-3.22.30-12.rv30 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...
Advisory ROSA-SA-2025-2771
Software: python-setuptools 39.2.0 OS: ROSA Virtualization 3.0 packageevrstring: python-setuptools-39.2.0-8.0.1.rv30 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is...
Advisory ROSA-SA-2025-2767
Software: libsoup 2.62.3 OS: ROSA Virtualization 3.0 packageevrstring: libsoup-2.62.3-7.rv30 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-2760
Software: doxygen 1.8.5 OS: rosa-server79 packageevrstring: doxygen-1.8.5-4.0.1.res7 CVE-ID: CVE-2020-11022 BDU-ID: 2020-05190 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the jQuery library is associated with a failure to take measures to protect the structure of a web page. Exploitation of th...
Advisory ROSA-SA-2025-2738
Software: libndp 1.7 OS: ROSA Virtualization 3.0 packageevrstring: libndp-1.7-7.rv30 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2737
Software: iperf3 3.5 OS: ROSA Virtualization 3.0 packageevrstring: iperf3-3.5-10.rv30 CVE-ID: CVE-2023-7250 BDU-ID: 2024-03238 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to allowed input lists. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2725
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-33.rv30 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-2680
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2023-27533 BDU-ID: 2023-02107 CVE-Crit: LOW CVE-DESC.: A vulnerability in the curl program line utility is related to communication using the TELNET protocol, which could allow an attacker to pass a...
Advisory ROSA-SA-2025-2646
software: python2 2.7.18 WASP: ROSA-CHROME packageevrstring: python2-2.7.18-7 CVE-ID: CVE-2022-0391 BDU-ID: 2022-02302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the urllib.parse module of the Python programming language interpreter is related to the non-neutralization of CRLF sequences...
Advisory ROSA-SA-2025-2605
software: libuv 1.44.2 OS: ROSA-CHROME packageevrstring: libuv-1.44.2-2 CVE-ID: CVE-2024-24806 BDU-ID: 2024-02979 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of the libuv asynchronous I/O library is related to insufficient...
Advisory ROSA-SA-2025-2586
software: nano 8.2 OS: ROSA-CHROME packageevrstring: nano-8.2-3 CVE-ID: CVE-2024-5742 BDU-ID: 2024-06879 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Nano text editor is related to temporary file handling errors. Exploitation of the vulnerability could allow an attacker to impact data integrit...
Advisory ROSA-SA-2025-2583
Software: libarchive 3.6.2 OS: ROSA-CHROME packageevrstring: libarchive-3.6.2 CVE-ID: CVE-2024-48957 BDU-ID: 2024-09446 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the executefilteraudio function of the archivereadsupportformatrar.c component of the Libarchive archiving library is related to...
Advisory ROSA-SA-2025-2565
software: mcpp 2.7.2 OS: ROSA-CHROME packageevrstring: mcpp-2.7.2-14 CVE-ID: CVE-2019-14274 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap-based buffer overflow vulnerability in MCPP in domsg in support.c. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close the vulnerability, run the...
Advisory ROSA-SA-2024-2526
Software: NetworkManager-libreswan 1.2.4 OS: rosa-server79 packageevrstring: NetworkManager-libreswan-1.2.4-2.0.1.res7 CVE-ID: CVE-2024-9050 BDU-ID: 2024-09459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libreswan client plugin of the NetworkManager network connection management program is...
Advisory ROSA-SA-2026-3254
software: coturn 4.5.2 OS: ROSA-CHROME unaffected versions = coturn-4.5.2-6 affected versions coturn-4.5.2-6 CVE-ID: CVE-2026-27624 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in Coturn allows a remote attacker to bypass loopback and internal IP range locking denied-peer-ip option and...
Advisory ROSA-SA-2026-3246
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-3 affected versions ghostscript-9.56.1-3 CVE-ID: CVE-2024-33869 BDU-ID: 2024-07480 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the base/gpmisc.c file of the Ghostscript document processing, conversion, and...
Advisory ROSA-SA-2026-3245
software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.5 affected versions avahi-0.8-12.git35bb1b.5 CVE-ID: CVE-2026-24401 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Avahi avahi-daemon ≤ 0.9rc2 allows a remote attacker to cause a process crash DoS:...
Advisory ROSA-SA-2026-3244
software: xrdp 0.10.5 WASP: ROSA-CHROME unaffected versions = xrdp-0.10.5-1 affected versions xrdp-0.10.5-1 CVE-ID: CVE-2025-68670 BDU-ID: 2026-00962 CVE-Crit: CRITICAL CVE-DESC.: An XRDP server vulnerability is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2026-3237
software: libsndfile 1.1.0 OS: ROSA-CHROME unaffected versions = libsndfile-1.1.0-6 affected versions libsndfile-1.1.0-6 CVE-ID: CVE-2025-56226 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Memory leak in Libsndfile =1.2.2 in the mpegl3encoderinit function file mpegl3encode.c. CVE-STATUS: The...
Advisory ROSA-SA-2026-3236
software: fluidsynth 2.3.0 WASP: ROSA-CHROME unaffected versions = fluidsynth-2.3.0-2 affected versions fluidsynth-2.3.0-2 CVE-ID: CVE-2025-56225 BDU-ID: 2026-03010 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/synth/fluidsynthmonopoly.c component of the FluidSynth software synthesizer is...
Advisory ROSA-SA-2026-3219
software: cups 2.4.16 OS: ROSA-CHROME unaffected versions = cups-2.4.16-1 affected versions cups-2.4.16-1 CVE-ID: CVE-2025-58436 BDU-ID: 2026-02912 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is associated with uncontrolled resource consumption. Exploitation of the...
Advisory ROSA-SA-2026-3218
software: sssd 2.9.7 OS: ROSA-CHROME unaffected versions = sssd-2.9.7-1 affected versions sssd-2.9.7-1 CVE-ID: CVE-2023-3758 BDU-ID: 2024-04108 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the remote directory access control service and SSSD authentication mechanism is associated with a race...