1374 matches found
Advisory ROSA-SA-2026-3161
Software: rsync 3.1.3 OS: ROSA Virtualization 3.1 unaffected versions = rsync-3.1.3-23.rv31 affected versions rsync-3.1.3-23.rv31 CVE-ID: CVE-2025-4638 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the zlib library embedded in PointCloudLibrary PCL allows attackers to cause...
Advisory ROSA-SA-2026-3154
Software: libtommath 1.2.0 OS: ROSA Virtualization 3.1 unaffected versions = libtommath-1.2.0-1.rv31 affected versions libtommath-1.2.0-1.rv31 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to...
Advisory ROSA-SA-2026-3150
Software: libsndfile 1.0.28 OS: ROSA Virtualization 3.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv31 affected versions libsndfile-1.0.28-16.0.2.rv31 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library ...
Advisory ROSA-SA-2026-3148
Software: libpng 1.6.34 OS: ROSA Virtualization 3.1 unaffected versions = libpng-1.6.34-9.0.1.1.rv31 affected versions libpng-1.6.34-9.0.1.1.rv31 CVE-ID: CVE-2025-64720 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Read Outside Buffer Vulnerability in LIBPNG: The pngimagereadcomposite function incorrect...
Advisory ROSA-SA-2026-3132
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 unaffected versions = cups-2.2.6-66.0.1.rv3 affected versions cups-2.2.6-66.0.1.rv3 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer...
Advisory ROSA-SA-2026-3129
software: expat 2.7.3 OS: ROSA-CHROME unaffected versions = expat-2.7.3-1 affected versions expat-2.7.3-1 CVE-ID: CVE-2025-59375 BDU-ID: 2025-12925 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to unrestricted resource allocation. Exploitation of th...
Advisory ROSA-SA-2026-3125
Software: qbittorrent 4.6.7 OS: ROSA-CHROME unaffected versions = qbittorrent-4.6.7-2 affected versions qbittorrent-4.6.7-2 CVE-ID: CVE-2025-54310 BDU-ID: 2025-11251 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cross-platform BitTorrent client qBittorrent is related to the lack of validatio...
Advisory ROSA-SA-2026-3120
software: qpdfview 0.5 WASP: ROSA-CHROME unaffected versions = qpdfview-0.5-4 affected versions qpdfview-0.5-4 CVE-ID: CVE-2025-46206 BDU-ID: 2025-11246 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the mutool clean utility of the MuPDF PDF viewer is related to infinite recursion. Exploitation of...
Advisory ROSA-SA-2026-3115
software: apache 2.4.66 OS: ROSA-CHROME unaffected versions = apache-2.4.66-1 affected versions apache-2.4.66-1 CVE-ID: CVE-2025-66200 BDU-ID: 2025-15638 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moduserdir module of the Apache HTTP Server web server involves bypassing the authentication...
Advisory ROSA-SA-2025-3106
Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...
Advisory ROSA-SA-2025-3101
Software: pam 1.3.1 OS: ROSA Virtualization 2.1 packageevrstring: pam-1.3.1-36.rv3 CVE-ID: CVE-2024-10041 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in PAM allows an attacker to access sensitive information stored in memory through the execution of a victim program by sending...
Advisory ROSA-SA-2025-3099
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-12.0.1.rv3 CVE-ID: CVE-2020-25659 BDU-ID: 2022-05647 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the python-cryptography package of the Python programming language interpreter is related to RSA key management...
Advisory ROSA-SA-2025-3096
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-33.rv3 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-3091
Software: python3-setuptools 39.2.0 OS: rosa-server79 unaffected versions = python3-setuptools-39.2.0-10.0.5.res7 affected versions python3-setuptools-39.2.0-10.0.5.res7 CVE-ID: CVE-2025-47273 BDU-ID: 2025-08604 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the setuptools project packaging...
Advisory ROSA-SA-2025-3092
Software: squid 3.5.20 OS: rosa-server79 unaffected versions = squid-3.5.20-17.0.9.res7.13 affected versions squid-3.5.20-17.0.9.res7.13 CVE-ID: CVE-2025-54574 BDU-ID: 2025-09345 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Squid proxy server is related to a buffer overflow in dynamic...
Advisory ROSA-SA-2025-3063
Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 unaffected versions = libarchive-3.3.3.3-6.0.1.rv3 affected versions libarchive-3.3.3.3-6.0.1.rv3 CVE-ID: CVE-2025-5914 BDU-ID: CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the archivereadformatrarseekdata function of the Libarchive...
Advisory ROSA-SA-2025-3050
Software: expat 2.2.5 OS: ROSA Virtualization 3.1 unaffected versions = expat-2.2.5-17.0.1.rv31 affected versions expat-2.2.5-17.0.1.rv31 CVE-ID: CVE-2019-15903 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to incorrect restriction of xml...
Advisory ROSA-SA-2025-3040
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 unaffected versions = gnutls-3.6.16-8.0.1.rv3.4 affected versions gnutls-3.6.16-8.0.1.1.rv3.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...
Advisory ROSA-SA-2025-3027
software: jasper 2.0.33 WASP: ROSA-CHROME unaffected versions = jasper-2.0.33-2 affected versions jasper-2.0.33-2 CVE-ID: CVE-2025-8835 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in JasPer before version 4.2.5 allows a crash due to null pointer dereferencing in the jasimagechclrspc...
Advisory ROSA-SA-2025-3015
Software: dovecot 2.3.21.1 OS: ROSA-CHROME unaffected versions = dovecot-2.3.21.1-6 affected versions dovecot-2.3.21.1-6 CVE-ID: CVE-2022-30550 BDU-ID: 2022-04273 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the passdb account database of the Dovecot mail server is related to configuration...
Advisory ROSA-SA-2025-3013
software: openscap 1.4.2 OS: ROSA-CHROME unaffected versions = openscap-1.4.2-2 affected versions openscap-1.4.2-2 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart...
Advisory ROSA-SA-2025-3007
software: qt5-qtconnectivity 5.15.10 OS: ROSA-CHROME unaffected versions = qt5-qtconnectivity-5.15.15-3 affected versions qt5-qtconnectivity-5.15.15-3 CVE-ID: CVE-2025-23050 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In the Qt Bluetooth module QLowEnergyController on Linux when using the Bluetooth...
Advisory ROSA-SA-2025-3006
Software: libpcap 1.10.5 OS: ROSA-CHROME unaffected versions = libpcap-1.10.5-1 affected versions libpcap-1.10.5-1 CVE-ID: CVE-2023-7256 BDU-ID: 2024-07427 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libpcap library's freeaddrinfo function involves calling freeaddrinfo for the same allocat...
Advisory ROSA-SA-2025-3001
software: suricata 7.0.11 WASP: ROSA-CHROME unaffected versions = suricata-7.0.11-1 affected versions suricata-7.0.11-1 CVE-ID: CVE-2024-38534 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in Suricata allows system resources to be consumed by certain modbus traffic. CVE-STATUS: The...
Advisory ROSA-SA-2025-2996
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-23 affected versions grub2-2.06-23 CVE-ID: CVE-2024-45777 BDU-ID: 2025-07120 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gettext component of the Grub operating systems loader is related to integer overflow. Exploitation...
Advisory ROSA-SA-2025-2994
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-13 affected versions tomcat-9.0.37-13 CVE-ID: CVE-2025-52520 BDU-ID: 2025-08953 CVE-Crit: MEDIUM CVE-DESC.: Apache Tomcat application server vulnerability is related to integer overflow. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2025-2992
Software: dav1d 1.3.0 AXIS: ROSA-CHROME unaffected versions = dav1d-1.3.0-2 affected versions dav1d-1.3.0-2 CVE-ID: CVE-2024-1580 BDU-ID: 2024-04901 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the dav1d decoder of the iOS, iPadOS, visionOS, macOS, Fedora, and Safari browser operating systems i...
Advisory ROSA-SA-2025-2989
software: subversion 1.14.5 OS: ROSA-CHROME unaffected versions = subversion-1.14.5-1 affected versions subversion-1.14.5-1 CVE-ID: CVE-2024-46901 BDU-ID: 2025-03298 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moddavsvn function of Apache Subversion software is related to a flaw in the...
Advisory ROSA-SA-2025-2980
software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-1 affected versions busybox-1.37.0-1 CVE-ID: CVE-2022-48174 BDU-ID: 2023-05378 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the ash.c file of the BusyBox set of UNIX command line utilities is related to writing...
Advisory ROSA-SA-2025-2972
software: systemd 249 WASP: ROSA-CHROME unaffected versions = systemd-249-1.gitfab79a.27 affected versions systemd-249-1.gitfab79a.27 CVE-ID: CVE-2025-4598 BDU-ID: 2025-06694 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the systemd-coredump service of the Systemd daemon is related to a kernel...
Advisory ROSA-SA-2025-2966
Software: avahi 0.7 OS: ROSA Virtualization 3.0 unaffected versions = avahi-0.7-27.0.2.rv30.1 affected versions avahi-0.7-27.0.0.2.rv30.1 CVE-ID: CVE-2018-1000845 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC: Duplicate CVE-2017-6519 CVE-STATUS: The vulnerability has been resolved CVE-REV: To...
Advisory ROSA-SA-2025-2956
Software: libnbd 1.6.0 OS: ROSA Virtualization 2.1 unaffected versions = libnbd-1.6.0-6.0.1.rv3 affected versions libnbd-1.6.0-6.0.1.1.rv3 CVE-ID: CVE-2023-5215 BDU-ID: 2024-06033 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nbdgetsize function of the libnbd library is related to the...
Advisory ROSA-SA-2025-2950
software: assimp 5.0.1 OS: ROSA-CHROME unaffected versions = assimp-5.0.1.1-6 affected versions assimp-5.0.1.1-6 CVE-ID: CVE-2024-45679 BDU-ID: 2025-02665 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the 3D model import library Open Asset Import Library Assimp is related to a buffer overflow in...
Advisory ROSA-SA-2025-2907
Software: sudo 1.9.5p2 OS: ROSA Virtualization 3.0 packageevrstring: sudo-1.9.5p2-1.rv30 CVE-ID: CVE-2025-32463 BDU-ID: 2025-07765 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sudo system administration program is related to the inclusion of functions from an invalid controlled area when usin...
Advisory ROSA-SA-2025-2901
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2025-2892
Software: libtasn1 4.13 OS: ROSA Virtualization 3.0 packageevrstring: libtasn1-4.13-5.rv3 CVE-ID: CVE-2024-12133 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libtasn1 causes the system to slow down or crash due to inefficient processing of certain certificate data. As a result, an...
Advisory ROSA-SA-2025-2893
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-34.rv30 CVE-ID: CVE-2017-17095 BDU-ID: 2019-03339 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the LibTIFF library is related to a heap-based buffer overflow in TIFFSetupStrips. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2879
Software: krb5 1.18.2 OS: ROSA Virtualization 2.1 packageevrstring: krb5-1.18.2-32.rv3 CVE-ID: CVE-2020-28196 BDU-ID: 2023-03437 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Kerberos network protocol implementation of the Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Alt 8 SP...
Advisory ROSA-SA-2025-2863
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 packageevrstring: kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2024-40998 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: Vulnerability in Linux kernel: access to uninitialized rs-lock lock in ext4fillsuper function. CVE-STATUS: Vulnerability has bee...
Advisory ROSA-SA-2025-2854
Software: binutils 2.30 OS: ROSA Virtualization 3.0 packageevrstring: binutils-2.30-125.0.1.rv30 CVE-ID: CVE-2018-1000876 BDU-ID: 2023-01657 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the disassembledata function of the objdump.c component of the GNU Binutils development software tool is...
Advisory ROSA-SA-2025-2847
Software: less 530 OS: ROSA Virtualization 2.1 packageevrstring: less-530-3.rv3 CVE-ID: CVE-2022-48624 BDU-ID: 2024-04438 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the closealtfile filename.c function for UNIX-like Less text terminals is related to the skipping of Shellquote calls for...
Advisory ROSA-SA-2025-2801
Software: gtk3 3.22.30 OS: ROSA Virtualization 3.0 packageevrstring: gtk3-3.22.30-12.rv30 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...
Advisory ROSA-SA-2025-2767
Software: libsoup 2.62.3 OS: ROSA Virtualization 3.0 packageevrstring: libsoup-2.62.3-7.rv30 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-2760
Software: doxygen 1.8.5 OS: rosa-server79 packageevrstring: doxygen-1.8.5-4.0.1.res7 CVE-ID: CVE-2020-11022 BDU-ID: 2020-05190 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the jQuery library is associated with a failure to take measures to protect the structure of a web page. Exploitation of th...
Advisory ROSA-SA-2025-2752
Software: opensc 0.20.0 OS: ROSA Virtualization 2.1 packageevrstring: opensc-0.20.0-8.rv3 CVE-ID: CVE-2023-2977 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in OpenSC causes a buffer overflow in the pkcs15 cardoshaveverifyrcpackage function, allowing an attacker to cause a processing...
Advisory ROSA-SA-2025-2738
Software: libndp 1.7 OS: ROSA Virtualization 3.0 packageevrstring: libndp-1.7-7.rv30 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2725
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-33.rv30 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-2680
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2023-27533 BDU-ID: 2023-02107 CVE-Crit: LOW CVE-DESC.: A vulnerability in the curl program line utility is related to communication using the TELNET protocol, which could allow an attacker to pass a...
Advisory ROSA-SA-2025-2646
software: python2 2.7.18 WASP: ROSA-CHROME packageevrstring: python2-2.7.18-7 CVE-ID: CVE-2022-0391 BDU-ID: 2022-02302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the urllib.parse module of the Python programming language interpreter is related to the non-neutralization of CRLF sequences...
Advisory ROSA-SA-2025-2605
software: libuv 1.44.2 OS: ROSA-CHROME packageevrstring: libuv-1.44.2-2 CVE-ID: CVE-2024-24806 BDU-ID: 2024-02979 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of the libuv asynchronous I/O library is related to insufficient...