1374 matches found
Advisory ROSA-SA-2025-2738
Software: libndp 1.7 OS: ROSA Virtualization 3.0 packageevrstring: libndp-1.7-7.rv30 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2725
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-33.rv30 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-2680
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2023-27533 BDU-ID: 2023-02107 CVE-Crit: LOW CVE-DESC.: A vulnerability in the curl program line utility is related to communication using the TELNET protocol, which could allow an attacker to pass a...
Advisory ROSA-SA-2025-2646
software: python2 2.7.18 WASP: ROSA-CHROME packageevrstring: python2-2.7.18-7 CVE-ID: CVE-2022-0391 BDU-ID: 2022-02302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the urllib.parse module of the Python programming language interpreter is related to the non-neutralization of CRLF sequences...
Advisory ROSA-SA-2025-2605
software: libuv 1.44.2 OS: ROSA-CHROME packageevrstring: libuv-1.44.2-2 CVE-ID: CVE-2024-24806 BDU-ID: 2024-02979 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of the libuv asynchronous I/O library is related to insufficient...
Advisory ROSA-SA-2025-2586
software: nano 8.2 OS: ROSA-CHROME packageevrstring: nano-8.2-3 CVE-ID: CVE-2024-5742 BDU-ID: 2024-06879 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Nano text editor is related to temporary file handling errors. Exploitation of the vulnerability could allow an attacker to impact data integrit...
Advisory ROSA-SA-2025-2583
Software: libarchive 3.6.2 OS: ROSA-CHROME packageevrstring: libarchive-3.6.2 CVE-ID: CVE-2024-48957 BDU-ID: 2024-09446 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the executefilteraudio function of the archivereadsupportformatrar.c component of the Libarchive archiving library is related to...
Advisory ROSA-SA-2025-2565
software: mcpp 2.7.2 OS: ROSA-CHROME packageevrstring: mcpp-2.7.2-14 CVE-ID: CVE-2019-14274 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap-based buffer overflow vulnerability in MCPP in domsg in support.c. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close the vulnerability, run the...
Advisory ROSA-SA-2024-2526
Software: NetworkManager-libreswan 1.2.4 OS: rosa-server79 packageevrstring: NetworkManager-libreswan-1.2.4-2.0.1.res7 CVE-ID: CVE-2024-9050 BDU-ID: 2024-09459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libreswan client plugin of the NetworkManager network connection management program is...
Advisory ROSA-SA-2026-3254
software: coturn 4.5.2 OS: ROSA-CHROME unaffected versions = coturn-4.5.2-6 affected versions coturn-4.5.2-6 CVE-ID: CVE-2026-27624 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in Coturn allows a remote attacker to bypass loopback and internal IP range locking denied-peer-ip option and...
Advisory ROSA-SA-2026-3246
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-3 affected versions ghostscript-9.56.1-3 CVE-ID: CVE-2024-33869 BDU-ID: 2024-07480 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the base/gpmisc.c file of the Ghostscript document processing, conversion, and...
Advisory ROSA-SA-2026-3245
software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.5 affected versions avahi-0.8-12.git35bb1b.5 CVE-ID: CVE-2026-24401 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Avahi avahi-daemon ≤ 0.9rc2 allows a remote attacker to cause a process crash DoS:...
Advisory ROSA-SA-2026-3237
software: libsndfile 1.1.0 OS: ROSA-CHROME unaffected versions = libsndfile-1.1.0-6 affected versions libsndfile-1.1.0-6 CVE-ID: CVE-2025-56226 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Memory leak in Libsndfile =1.2.2 in the mpegl3encoderinit function file mpegl3encode.c. CVE-STATUS: The...
Advisory ROSA-SA-2026-3236
software: fluidsynth 2.3.0 WASP: ROSA-CHROME unaffected versions = fluidsynth-2.3.0-2 affected versions fluidsynth-2.3.0-2 CVE-ID: CVE-2025-56225 BDU-ID: 2026-03010 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/synth/fluidsynthmonopoly.c component of the FluidSynth software synthesizer is...
Advisory ROSA-SA-2026-3219
software: cups 2.4.16 OS: ROSA-CHROME unaffected versions = cups-2.4.16-1 affected versions cups-2.4.16-1 CVE-ID: CVE-2025-58436 BDU-ID: 2026-02912 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is associated with uncontrolled resource consumption. Exploitation of the...
Advisory ROSA-SA-2026-3218
software: sssd 2.9.7 OS: ROSA-CHROME unaffected versions = sssd-2.9.7-1 affected versions sssd-2.9.7-1 CVE-ID: CVE-2023-3758 BDU-ID: 2024-04108 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the remote directory access control service and SSSD authentication mechanism is associated with a race...
Advisory ROSA-SA-2026-3215
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-15 affected versions tomcat-9.0.37-15 CVE-ID: CVE-2025-55752 BDU-ID: 2025-13742 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability involves relative path traversal. Exploitation of the...
Advisory ROSA-SA-2026-3213
Software: libmicrohttpd 0.9.77 OS: ROSA-CHROME unaffected versions = libmicrohttpd-0.9.77-1 affected versions libmicrohttpd-0.9.77-1 CVE-ID: CVE-2025-59777 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dereferencing the NULL pointer in GNU libmicrohttpd allows a remote attacker to cause a denial of...
Advisory ROSA-SA-2026-3209
software: hostapd 2.11 WASP: ROSA-CHROME unaffected versions = hostapd-2.11-2 affected versions hostapd-2.11-2 CVE-ID: CVE-2025-24912 BDU-ID: None CVE-Crit: LOW CVE-DESC.: RADIUS packet handling vulnerability in hostapd: hostapd incorrectly handles specially crafted RADIUS packets. When...
Advisory ROSA-SA-2026-3207
software: libxslt 1.1.43 OS: ROSA-CHROME unaffected versions = libxslt-1.1.43-1 affected versions libxslt-1.1.43-1 CVE-ID: CVE-2024-55549 BDU-ID: 2025-03641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xsltGetInheritedNsList function of the libxslt library is related to memory usage after it...
Advisory ROSA-SA-2026-3198
Software: perl 5.26.3 OS: ROSA Virtualization 2.1 unaffected versions = perl-5.26.3-423.rv3 affected versions perl-5.26.3-423.rv3 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an unreliab...
Advisory ROSA-SA-2026-3185
Software: unbound 1.16.2 OS: ROSA Virtualization 3.0 unaffected versions = unbound-1.16.2-5.9.rv30 affected versions unbound-1.16.2-5.9.rv30 CVE-ID: CVE-2025-5994 BDU-ID: 2025-12600 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Unbound DNS server is related to the loading of external unreliabl...
Advisory ROSA-SA-2026-3174
Software: libtommath 1.2.0 OS: ROSA Virtualization 3.0 unaffected versions = libtommath-1.2.0-1.rv30 affected versions libtommath-1.2.0-1.rv30 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to...
Advisory ROSA-SA-2026-3180
Software: perl 5.26.3 OS: ROSA Virtualization 3.0 unaffected versions = perl-5.26.3-423.rv30 affected versions perl-5.26.3-423.rv30 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an...
Advisory ROSA-SA-2026-3162
Software: sqlite 3.26.0 OS: ROSA Virtualization 3.1 unaffected versions = sqlite-3.26.0-20.rv31 affected versions sqlite-3.26.0-20.rv31 CVE-ID: CVE-2025-6965 BDU-ID: 2025-08786 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Aggregate Term Handler component of the SQLite database management syst...
Advisory ROSA-SA-2026-3155
Software: lz4 1.8.3 OS: ROSA Virtualization 3.1 unaffected versions = lz4-1.8.3-5.rv31 affected versions lz4-1.8.3-5.rv31 CVE-ID: CVE-2019-17543 BDU-ID: 2023-07612 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LZ4 lossless data compression algorithm is related to writing beyond buffer...
Advisory ROSA-SA-2026-3163
Software: sysstat 11.7.3 OS: ROSA Virtualization 3.1 unaffected versions = sysstat-11.7.3-13.rv31 affected versions sysstat-11.7.3-13.rv31 CVE-ID: CVE-2019-16167 BDU-ID: 2022-06244 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the remapstruct function of the sacommon.c component of the Sysstat...
Advisory ROSA-SA-2026-3147
Software: jackson-databind 2.10.0 OS: ROSA Virtualization 3.1 unaffected versions = jackson-databind-2.10.0-1.0.2.rv31 affected versions jackson-databind-2.10.0-1.0.2.rv31 CVE-ID: CVE-2020-25649 BDU-ID: 2022-05602 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DOMDeserializer component of the...
Advisory ROSA-SA-2026-3151
Software: libsoup 2.62.3 OS: ROSA Virtualization 3.1 unaffected versions = libsoup-2.62.3-11.rv31 affected versions libsoup-2.62.3-11.rv31 CVE-ID: CVE-2025-4945 BDU-ID: 2025-10260 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libsoup library of the GNOME GUI is related to integer overflow durin...
Advisory ROSA-SA-2026-3152
Software: libssh 0.9.6 OS: ROSA Virtualization 3.1 unaffected versions = libssh-0.9.6-16.rv31 affected versions libssh-0.9.6-16.rv31 CVE-ID: CVE-2025-5318 BDU-ID: 2025-09008 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside ...
Advisory ROSA-SA-2026-3133
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 unaffected versions = curl-7.61.1-34.0.2.rv3.9 affected versions curl-7.61.1-34.0.2.rv3.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffer...
Advisory ROSA-SA-2026-3131
Software: bind 9.11.36 OS: ROSA Virtualization 2.1 unaffected versions = bind-9.11.36-16.rv3.6 affected versions bind-9.11.36-16.rv3.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...
Advisory ROSA-SA-2026-3121
software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-7 affected versions binutils-2.38-7 CVE-ID: CVE-2025-5244 BDU-ID: 2025-10924 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the elfgcsweep function of the ld component of the GNU Binutils software development tool is...
Advisory ROSA-SA-2026-3118
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-9 affected versions ghostscript-9.56.1-9 CVE-ID: CVE-2025-59798 BDU-ID: 2025-11520 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pdfwritecmap function of the Ghostscript document processing, conversion, and...
Advisory ROSA-SA-2025-3112
Software: cairo 1.15.12 OS: ROSA Virtualization 2.1 packageevrstring: cairo-1.15.12-6.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...
Advisory ROSA-SA-2025-3111
Software: pixman 0.38.4 OS: ROSA Virtualization 2.1 packageevrstring: pixman-0.38.4-4.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...
Advisory ROSA-SA-2025-3109
Software: xmlrpc 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-3.1.3-1.0.1.1.rv3 CVE-ID: CVE-2019-17570 BDU-ID: 2020-01960 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library is related to ...
Advisory ROSA-SA-2025-3100
Software: PackageKit 1.1.12 OS: ROSA Virtualization 2.1 packageevrstring: PackageKit-1.1.12-7.0.1.rv3 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...
Advisory ROSA-SA-2025-3097
Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-18.rv3.2 CVE-ID: CVE-2023-39615 BDU-ID: 2023-05968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlsax2startelement function of the libxml2 library is caused by a buffer overflow. Exploitation of the...
Advisory ROSA-SA-2025-3095
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-8.0.1.rv3.1 CVE-ID: CVE-2023-5981 BDU-ID: 2024-01500 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GnuTLS transport layer security library is related to information disclosure via a mismatch. Exploitation of...
Advisory ROSA-SA-2025-3087
Software: git 1.8.3.1 OS: rosa-server79 unaffected versions = git-1.8.3.1-25.0.1.res7 affected versions git-1.8.3.1-25.0.1.1.res7 CVE-ID: CVE-2025-48384 BDU-ID: 2025-08691 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system of the Microsoft Visual Studio softwa...
Advisory ROSA-SA-2025-3089
Software: pam 1.1.8 OS: rosa-server79 unaffected versions = pam-1.1.8-23.0.3.res7 affected versions pam-1.1.8-23.0.3.res7 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a race...
Advisory ROSA-SA-2025-3090
Software: python-setuptools 0.9.8 OS: rosa-server79 unaffected versions = python-setuptools-0.9.8-7.0.3.res7 affected versions python-setuptools-0.9.8-7.0.3.res7 CVE-ID: CVE-2025-47273 BDU-ID: 2025-08604 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the setuptools project packaging simplification...
Advisory ROSA-SA-2025-3086
Software: gdk-pixbuf2 2.36.12 OS: rosa-server79 unaffected versions = gdk-pixbuf2-2.36.12-3.0.1.res7 affected versions gdk-pixbuf2-2.36.12-3.0.1.res7 CVE-ID: CVE-2025-7345 BDU-ID: 2025-11747 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdkpixbufjpegimageloadincrement function of the...
Advisory ROSA-SA-2025-3081
Software: cups 1.6.3 OS: rosa-server79 unaffected versions = cups-1.6.3-52.0.1.res7 affected versions cups-1.6.3-52.0.1.res7 CVE-ID: CVE-2025-58060 BDU-ID: 2025-11019 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CUPS Common UNIX Printing System is related to flaws in the authentication...
Advisory ROSA-SA-2025-3080
Software: aide 0.15.1 OS: rosa-server79 unaffected versions = aide-0.15.1-13.0.3.res7.1 affected versions aide-0.15.1-13.0.3.res7.1 CVE-ID: CVE-2025-54389 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in AIDE before version 0.19.2: Special characters in filenames and symbolic links are...
Advisory ROSA-SA-2025-3079
Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 CVE-ID: CVE-2019-16905 BDU-ID: 2021-03382 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the implementation of the OpenSSH cryptographic security tool is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker to...
Advisory ROSA-SA-2025-3075
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 unaffected versions = libssh-0.9.6-15.rv3 affected versions libssh-0.9.6-15.rv3 CVE-ID: CVE-2025-5318 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside of buffer...
Advisory ROSA-SA-2025-3062
Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 2.1 unaffected versions = gdk-pixbuf2-2.36.12-7.0.1.1.rv3 affected versions gdk-pixbuf2-2.36.12-7.0.1.rv3 CVE-ID: CVE-2025-7345 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdkpixbufjpegimageloadincrement function of the...
Advisory ROSA-SA-2025-3061
Software: emacs 26.1 OS: ROSA Virtualization 2.1 unaffected versions = emacs-26.1-15.rv3 affected versions emacs-26.1-15.rv3 CVE-ID: CVE-2024-53920 BDU-ID: CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the elisp-completion-at-point and elisp-flymake-byte-compile function of the ELisp mode of...