1374 matches found
Advisory ROSA-SA-2025-3061
Software: emacs 26.1 OS: ROSA Virtualization 2.1 unaffected versions = emacs-26.1-15.rv3 affected versions emacs-26.1-15.rv3 CVE-ID: CVE-2024-53920 BDU-ID: CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the elisp-completion-at-point and elisp-flymake-byte-compile function of the ELisp mode of...
Advisory ROSA-SA-2025-3052
Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 3.1 unaffected versions = gdk-pixbuf2-2.36.12-7.0.1.1.rv31 affected versions gdk-pixbuf2-2.36.12-7.0.1.rv31 CVE-ID: CVE-2025-7345 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdkpixbufjpegimageloadincrement function of the...
Advisory ROSA-SA-2025-3054
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...
Advisory ROSA-SA-2025-3051
Software: emacs 26.1 OS: ROSA Virtualization 3.1 unaffected versions = emacs-26.1-15.rv31 affected versions emacs-26.1-15.rv31 CVE-ID: CVE-2024-53920 BDU-ID: CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the elisp-completion-at-point and elisp-flymake-byte-compile function of the ELisp mode o...
Advisory ROSA-SA-2025-3045
Software: bzip2 1.0.6 OS: ROSA Virtualization 3.1 unaffected versions = bzip2-1.0.6-28.rv31 affected versions bzip2-1.0.6-28.rv31 CVE-ID: CVE-2019-12900 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BZ2decompress decompress.c function of the bzip2 data compression utility is related to...
Advisory ROSA-SA-2025-3048
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2016-3709 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to...
Advisory ROSA-SA-2025-3032
software: vim 9.1.1768 WASP: ROSA-CHROME unaffected versions = vim-9.1.1768-1 affected versions vim-9.1.1768-1 CVE-ID: CVE-2024-47814 BDU-ID: 2024-08644 CVE-Crit: LOW CVE-DESC.: A vulnerability in the BufWinLeave function of the vim text editor is related to memory usage after memory is freed...
Advisory ROSA-SA-2025-3029
software: redis 7.2.10 OS: ROSA-CHROME unaffected versions = redis-7.2.10-1 affected versions redis-7.2.10-1 CVE-ID: CVE-2024-31227 BDU-ID: 2024-09249 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the Redis database management system due to insufficient input validation. Exploitation of t...
Advisory ROSA-SA-2025-3022
Software: libarchive 3.6.2 OS: ROSA-CHROME unaffected versions = libarchive-3.6.2-8 affected versions libarchive-3.6.2-8 CVE-ID: CVE-2025-5915 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in libarchive allows a buffer overflow to occur on the heap during filter processing, which could...
Advisory ROSA-SA-2025-3021
software: cjson 1.7.19 AXIS: ROSA-CHROME unaffected versions = cjson-1.7.19-1 affected versions cjson-1.7.19-1 CVE-ID: CVE-2025-57052 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Vulnerability in cJSON 1.5.0-1.7.18: allows a remote attacker to perform array escaping via decodearrayindexfrompointer...
Advisory ROSA-SA-2025-3005
software: gimp 2.10.36 WASP: ROSA-CHROME unaffected versions = gimp-2.10.36-4 affected versions gimp-2.10.36-4 CVE-ID: CVE-2025-5473 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An integer overflow vulnerability in GIMP parsing ICO files allows remote attackers to execute arbitrary code. User interacti...
Advisory ROSA-SA-2025-3004
software: flatpak 1.14.10 WASP: ROSA-CHROME unaffected versions = flatpak-1.14.10-1 affected versions flatpak-1.14.10-1 CVE-ID: CVE-2024-32462 BDU-ID: 2024-03113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xdg-desktop-portal interface of the Flatpak application and environment management too...
Advisory ROSA-SA-2025-2991
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-7 affected versions ghostscript-9.56.1-7 CVE-ID: CVE-2025-48708 BDU-ID: 2025-06028 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the gslibctxctxstashsanitizedarg function of the base/gslibctx.c file of the...
Advisory ROSA-SA-2025-2990
software: assimp 5.0.1 OS: ROSA-CHROME unaffected versions = assimp-5.0.1.1-7 affected versions assimp-5.0.1.1-7 CVE-ID: CVE-2025-3548 BDU-ID: 2025-07019 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the File Handler component of the cross-platform 3D model import library Assimp Open Asset Impor...
Advisory ROSA-SA-2025-2987
software: rlottie 0.2 WASP: ROSA-CHROME unaffected versions = rlottie-0.2-4 affected versions rlottie-0.2-4 CVE-ID: CVE-2025-53074 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Samsung Open Source rLottie - out-of-bounds read vulnerability allows buffers to overflow. CVE-STATUS: Vulnerability has be...
Advisory ROSA-SA-2025-2982
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-11 affected versions tomcat-9.0.37-11 CVE-ID: CVE-2025-49125 BDU-ID: 2025-09499 CVE-Crit: HIGH CVE-DESC.: Apache Tomcat application server vulnerability related to bypassing the authentication procedure by using an...
Advisory ROSA-SA-2025-2975
Software: libarchive 3.6.2 OS: ROSA-CHROME unaffected versions = libarchive-3.6.2-6 affected versions libarchive-3.6.2-6 CVE-ID: CVE-2025-5914 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability has been discovered in libarchive archivereadformatrarseekdata related to an integer overflow that...
Advisory ROSA-SA-2025-2971
software: less 608 WASP: ROSA-CHROME unaffected versions = less-608-3 affected versions less-608-3 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the...
Advisory ROSA-SA-2025-2969
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-3 affected versions ghostscript-9.56.1-3 CVE-ID: CVE-2024-33870 BDU-ID: 2024-05063 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Ghostscript document processing, conversion, and generation software suite...
Advisory ROSA-SA-2025-2968
software: libheif 1.19.8 WASP: ROSA-CHROME unaffected versions = libheif-1.19.8-1 affected versions libheif-1.19.8-1 CVE-ID: CVE-2025-43966 BDU-ID: None CVE-Crit: LOW CVE-DESC.: Vulnerability: In libheif before 1.19.6, the ImageItemiden function dereferences a null pointer in image-items/iden.cc...
Advisory ROSA-SA-2025-2965
Software: avahi 0.7 OS: ROSA Virtualization 3.0 unaffected versions = avahi-0.7-27.0.2.rv30.1 affected versions avahi-0.7-27.0.0.2.rv30.1 CVE-ID: CVE-2017-6519 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the avahi-daemon daemon of the Avahi local area network service...
Advisory ROSA-SA-2025-2963
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 3.0 unaffected versions = xmlrpc-c-1.51.0-11.0.1.rv30 affected versions xmlrpc-c-1.51.0-11.0.1.rv30 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a...
Advisory ROSA-SA-2025-2961
Software: libnbd 1.6.0 OS: ROSA Virtualization 3.0 unaffected versions = libnbd-1.6.0-6.0.1.1.rv30 affected versions libnbd-1.6.0-6.0.1.1.rv30 CVE-ID: CVE-2022-0485 BDU-ID: 2022-01701 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libnbd library's nbdcopy tool is related to an exception handling...
Advisory ROSA-SA-2025-2941
software: freetype 2.10.4 OS: ROSA-CHROME unaffected versions = freetype-2.10.4-8 affected versions freetype-2.10.4-8 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library involves reading outside buffer boundaries in memory...
Advisory ROSA-SA-2025-2934
software: libvirt 8.9.0 OS: ROSA-CHROME unaffected versions = libvirt-8.9.0-4 affected versions libvirt-8.9.0-4 CVE-ID: CVE-2024-2496 BDU-ID: 2024-03249 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the udevConnectListAllInterfaces function of the Libvirt virtualization management library is...
Advisory ROSA-SA-2025-2929
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-2 affected versions ghostscript-9.56.1-2 CVE-ID: CVE-2025-27830 BDU-ID: 2025-03710 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the base/writet1.c and psi/zfapi.c files of the DollarBlend component of the...
Advisory ROSA-SA-2025-2924
software: qt5-qtbase 5.15.16 WASP: ROSA-CHROME unaffected versions = qt5-qtbase-5.15.16-3 affected versions qt5-qtbase-5.15.16-3 CVE-ID: CVE-2025-30348 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in QDom allows a remote attacker to execute a complex algorithm involving copying XML...
Advisory ROSA-SA-2025-2921
software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-6 affected versions binutils-2.38-6 CVE-ID: CVE-2025-0840 BDU-ID: 2025-03384 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the objdump.c component of the GNU Binutils software development tool is related to a stack-based...
Advisory ROSA-SA-2025-2917
software: x11-server 1.20.14 OS: ROSA-CHROME unaffected versions = x11-server-1.20.14-12 affected versions x11-server-1.20.14-12 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of th...
Advisory ROSA-SA-2025-2916
software: xwayland 24.1.6 WASP: ROSA-CHROME unaffected versions = xwayland-24.1.6-1 affected versions xwayland-24.1.6-1 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the X Windo...
Advisory ROSA-SA-2025-2911
software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-9.5.2 affected versions postgresql-9.5.2 CVE-ID: CVE-2016-2193 BDU-ID: 2016-00974 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to errors in security settings...
Advisory ROSA-SA-2025-2904
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of...
Advisory ROSA-SA-2025-2885
Software: expat 2.2.5 OS: ROSA Virtualization 3.0 packageevrstring: expat-2.2.5-17.0.1.rv30 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-based buffer overflow. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2880
Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 2.1 packageevrstring: libjpeg-turbo-1.5.3-14.rv3 CVE-ID: CVE-2020-13790 BDU-ID: 2021-01352 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the startinputppm function from rdppm.c of the libjpeg-turbo image manipulation library is related to a...
Advisory ROSA-SA-2025-2843
Software: gmp 6.1.2 OS: ROSA Virtualization 2.1 packageevrstring: gmp-6.1.2-11.rv3 CVE-ID: CVE-2021-43618 BDU-ID: 2022-05776 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the mpz/inpraw.c component of the GMP arithmetic operations library on 32-bit platforms is related to integer overflow...
Advisory ROSA-SA-2025-2753
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-12.0.1.rv3 CVE-ID: CVE-2020-25659 BDU-ID: 2022-05647 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the python-cryptography package of the Python programming language interpreter is related to RSA key management...
Advisory ROSA-SA-2025-2749
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-8.0.1.rv3.1 CVE-ID: CVE-2023-5981 BDU-ID: 2024-01500 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GnuTLS transport layer security library is related to information disclosure via a mismatch. Exploitation of...
Advisory ROSA-SA-2025-2736
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-13.0.1.rv30 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document...
Advisory ROSA-SA-2025-2731
Software: PackageKit 1.1.12 OS: ROSA Virtualization 3.0 packageevrstring: PackageKit-1.1.12-7.0.1.rv30 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...
Advisory ROSA-SA-2025-2723
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-15.0.2.rv30 CVE-ID: CVE-2024-46951 BDU-ID: 2024-09419 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the psi/zcolor.c component of the Ghostscript document processing, conversion, and generation software suite...
Advisory ROSA-SA-2025-2700
Software: dnsmasq 2.79 OS: ROSA Virtualization 3.0 packageevrstring: dnsmasq-2.79-31 CVE-ID: CVE-2020-25681 BDU-ID: 2021-01117 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sortrrset function dnssec.c of the dnsmasq DNS server is related to a buffer overflow in dynamic memory. Exploitation of...
Advisory ROSA-SA-2025-2698
Software: perl-CPAN 2.18 OS: ROSA Virtualization 3.0 packageevrstring: perl-CPAN-2.18-397.0.1 CVE-ID: CVE-2023-31484 BDU-ID: 2023-03871 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CPAN.pm component of the Perl programming language is related to errors in the TLS certificate authentication...
Advisory ROSA-SA-2025-2686
Software: openldap 2.4.46 OS: ROSA Virtualization 3.0 packageevrstring: openldap-2.4.46-18.0.1 CVE-ID: CVE-2022-29155 BDU-ID: 2022-03203 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the OpenLDAP protocol implementation is related to failure to take measures to protect the SQL query structure...
Advisory ROSA-SA-2025-2682
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-11.0.1 CVE-ID: CVE-2019-14813 BDU-ID: 2019-03227 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the setsystemparams procedure of the PostScript Ghostscript file format conversion program is related to...
Advisory ROSA-SA-2025-2687
Software: pango 1.42.4 OS: ROSA Virtualization 3.0 packageevrstring: pango-1.42.4-8 CVE-ID: CVE-2019-1010238 BDU-ID: 2019-02871 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the pangolog2visgetembeddinglevels function of the Pango library is related to an operation exceeding buffer boundaries...
Advisory ROSA-SA-2025-2681
Software: fuse 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: fuse-2.9.7-16.0.1 CVE-ID: CVE-2018-10906 BDU-ID: 2019-00421 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the fusermount module of the file system driver for UNIX-like operating systems FUSE is related to a restriction bypass wh...
Advisory ROSA-SA-2025-2672
software: rxvt 2.7.10 OS: ROSA-CHROME packageevrstring: rxvt-2.7.10 CVE-ID: CVE-2021-33477 BDU-ID: 2021-04892 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Eterm, Mrxyt, Rxyt, Rxyt-unicode software is related to improper processing of certain control sequences. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2598
software: glib2.0 2.72.3 OS: ROSA-CHROME packageevrstring: glib2.0-2.72.3-4 CVE-ID: CVE-2023-29499 BDU-ID: 2023-07646 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the isnormal function of the Glib library is associated with uncontrolled resource consumption. Exploitation of the vulnerability coul...
Advisory ROSA-SA-2024-2540
software: wavpack 5.3.0 OS: ROSA-CHROME packageevrstring: wavpack-5.3.0-3 CVE-ID: CVE-2020-35738 BDU-ID: 2021-00777 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the WavpackPackSamples function of the packutils.c component of the WavPack audio codec is related to an operation exceeding the allowed...
Advisory ROSA-SA-2026-3255
software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-3 affected versions ffmpeg-4.4.6-3 CVE-ID: CVE-2025-10256 BDU-ID: 2025-11446 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the configinput function of the FFmpeg multimedia library is related to pointer dereferencing...