1374 matches found
Advisory ROSA-SA-2026-3252
software: grafana 12.1.8 WASP: ROSA-CHROME unaffected versions = grafana-12.1.8-1 affected versions 3s, timeout and permanently block on sending to an unbuffered channel, resulting in linear growth of goroutines and memory exhaustion. CVE-STATUS: The vulnerability has been resolved CVE-REV: To...
Advisory ROSA-SA-2026-3240
software: vim 9.1.2128 WASP: ROSA-CHROME unaffected versions = vim-9.1.2128-1 affected versions vim-9.1.2128-1 CVE-ID: CVE-2025-66476 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vim for Windows before version 9.1.1947 implements an unreliable search order for external commands: when using cmd.exe, the...
Advisory ROSA-SA-2026-3243
Software: libarchive 3.6.2 OS: ROSA-CHROME unaffected versions = libarchive-3.6.2-9 affected versions libarchive-3.6.2-9 CVE-ID: CVE-2025-60753 BDU-ID: 2026-00318 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the applysubstitution function of the libarchive library involves the execution of a lo...
Advisory ROSA-SA-2026-3238
software: openvpn 2.6.17 OS: ROSA-CHROME unaffected versions = openvpn-2.6.17-1 affected versions openvpn-2.6.17-1 CVE-ID: CVE-2025-13751 BDU-ID: 2025-16280 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenVPN software is related to unrestricted resource allocation. Exploitation of the...
Advisory ROSA-SA-2026-3230
software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.4 affected versions avahi-0.8-12.git35bb1b.4 CVE-ID: CVE-2025-68276 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Avahi mDNS/DNS-SD. An unprivileged local user can cause an avahi-daemon DoS crash by...
Advisory ROSA-SA-2026-3222
software: suricata 7.0.13 WASP: ROSA-CHROME unaffected versions = suricata-7.0.13-1 affected versions suricata-7.0.13-1 CVE-ID: CVE-2025-64330 BDU-ID: 2025-14771 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to a buffer overflow in...
Advisory ROSA-SA-2026-3212
software: libcupsfilters 2.0.0 OS: ROSA-CHROME unaffected versions = libcupsfilters-2.0.0.0-7 affected versions libcupsfilters-2.0.0-7 CVE-ID: CVE-2024-47076 BDU-ID: 2024-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cfGetPrinterAttributes5 function of the libcupsfilters library of the...
Advisory ROSA-SA-2026-3210
software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-3 affected versions libssh-0.9.8-3 CVE-ID: CVE-2025-5318 BDU-ID: 2025-09008 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside of buffer boundaries in...
Advisory ROSA-SA-2026-3181
Software: rsync 3.1.3 OS: ROSA Virtualization 3.0 unaffected versions = rsync-3.1.3-23.rv30 affected versions rsync-3.1.3-23.rv30 CVE-ID: CVE-2025-4638 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the zlib library embedded in PointCloudLibrary PCL allows attackers to cause...
Advisory ROSA-SA-2026-3159
Software: pam 1.3.1 OS: ROSA Virtualization 3.1 unaffected versions = pam-1.3.1-39.0.2.rv31 affected versions pam-1.3.1-39.0.2.rv31 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a...
Advisory ROSA-SA-2026-3139
Software: flac 1.3.2 OS: ROSA Virtualization 3.0 unaffected versions = flac-1.3.2-9.rv30.1 affected versions flac-1.3.2-9.rv30.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...
Advisory ROSA-SA-2026-3124
software: cups 2.4.14 OS: ROSA-CHROME unaffected versions = cups-2.4.14-1 affected versions cups-2.4.14-1 CVE-ID: CVE-2025-58060 BDU-ID: 2025-11019 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CUPS Common UNIX Printing System is related to flaws in the authentication procedure. Exploitation o...
Advisory ROSA-SA-2026-3123
software: redis 7.2.11 OS: ROSA-CHROME unaffected versions = redis-7.2.11-1 affected versions redis-7.2.11-1 CVE-ID: CVE-2025-49844 BDU-ID: 2025-12553 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to memory utilization after it has been free...
Advisory ROSA-SA-2026-3117
software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-2 affected versions ffmpeg-4.4.6-2 CVE-ID: CVE-2023-6601 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in FFmpeg's HLS demultiplexer allows bypassing dangerous file extension checks and launching arbitrary...
Advisory ROSA-SA-2026-3116
software: pgbouncer 1.25.1 OS: ROSA-CHROME unaffected versions = pgbouncer-1.25.1-1 affected versions pgbouncer-1.25.1-1 CVE-ID: CVE-2025-12819 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Arbitrary SQL execution vulnerability in PgBouncer in authquery handler: an unauthenticated attacker could execute...
Advisory ROSA-SA-2025-3107
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...
Advisory ROSA-SA-2025-3083
Software: ImageMagick 6.9.10.68 OS: rosa-server79 unaffected versions = ImageMagick-6.9.10.68-7.0.3.res7 affected versions ImageMagick-6.9.10.68-7.0.3.res7 CVE-ID: CVE-2025-55154 BDU-ID: 2025-10835 CVE-Crit: CRITICAL. CVE-DESC.: Vulnerability in the ImageMagick console graphical editor related to...
Advisory ROSA-SA-2025-3084
Software: libblockdev 2.18 OS: rosa-server79 unaffected versions = libblockdev-2.18-5.0.1.res7 affected versions libblockdev-2.18-5.0.1.1.res7 CVE-ID: CVE-2025-6019 BDU-ID: 2025-07084 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libblockdev library is related to the ability to mount the file...
Advisory ROSA-SA-2025-3070
Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 3.0 unaffected versions = gdk-pixbuf2-2.36.12-7.0.1.1.rv30 affected versions gdk-pixbuf2-2.36.12-7.0.1.rv30 CVE-ID: CVE-2025-7345 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdkpixbufjpegimageloadincrement function of the...
Advisory ROSA-SA-2025-3065
Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 unaffected versions = libxml2-2.9.7-21.0.1.rv3.3 affected versions libxml2-2.9.7-21.0.1.1.rv3.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...
Advisory ROSA-SA-2025-3060
Software: bzip2 1.0.6 OS: ROSA Virtualization 2.1 unaffected versions = bzip2-1.0.6-28.rv3 affected versions bzip2-1.0.6-28.rv3 CVE-ID: CVE-2019-12900 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BZ2decompress decompress.c function of the bzip2 data compression utility is related to...
Advisory ROSA-SA-2025-3046
Software: freeglut 3.0.0 OS: ROSA Virtualization 3.1 unaffected versions = freeglut-3.0.0.0-9.rv31 affected versions freeglut-3.0.0.0-9.rv31 CVE-ID: CVE-2024-24258 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GlutAddSubMenu function of the MuPDF PDF viewer is related to a memory leak...
Advisory ROSA-SA-2025-3038
Software: postgresql15 15.14 OS: rosa-server79 unaffected versions = postgresql15-15.14-1PGDG.res7 affected versions postgresql15-15.14-1PGDG.res7 CVE-ID: CVE-2017-7484 BDU-ID: 2019-03334 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to a lack o...
Advisory ROSA-SA-2025-3033
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-14 affected versions tomcat-9.0.37-14 CVE-ID: CVE-2025-48989 BDU-ID: 2025-09899 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP2 handler of the Apache Tomcat application server is related to incorrect resource...
Advisory ROSA-SA-2025-3028
Software: webmin 2.510 WASP: ROSA-CHROME unaffected versions = webmin-2.510-1 affected versions webmin-2.510-1 CVE-ID: CVE-2024-45692 BDU-ID: 2024-07424 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Webmin hosting control panel is related to a loop with an unreachable exit condition...
Advisory ROSA-SA-2025-3026
Software: openjpeg2 2.4.0 OS: ROSA-CHROME unaffected versions = openjpeg2-2.4.0 affected versions openjpeg2-2.4.0 CVE-ID: CVE-2025-54874 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: In OpenJPEG versions 2.5.1-2.5.3, calling opjjp2readheader may cause heap overruns when the data stream is short and...
Advisory ROSA-SA-2025-3025
software: yarn 1.22.22 WASP: ROSA-CHROME unaffected versions = yarn-1.22.22.22-3 affected versions yarn-1.22.22.22-3 CVE-ID: CVE-2025-9308 BDU-ID: None CVE-Crit: LOW CVE-DESC.: Vulnerability in Yarn before version 1.22.22 in setOptions function of src/util/request-manager.js file. Possible attack...
Advisory ROSA-SA-2025-3024
software: libsndfile 1.1.0 OS: ROSA-CHROME unaffected versions = libsndfile-1.1.0-5 affected versions libsndfile-1.1.0-5 CVE-ID: CVE-2025-52194 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow vulnerability in libsndfile 1.2.2 and earlier versions when processing invalid IRCAM audio files,...
Advisory ROSA-SA-2025-3023
software: kanboard 1.2.47 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.47-0.gitb57deb.4 affected versions kanboard-1.2.47-0.gitb57deb.4 CVE-ID: CVE-2025-52576 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Kanboard before version 1.2.46 allows existing usernames to be...
Advisory ROSA-SA-2025-3016
software: rust1.89 1.89.0 WASP: ROSA-CHROME unaffected versions = rust1.89-1.89.0-1 affected versions rust1.89-1.89.0-1 CVE-ID: CVE-2025-10585 BDU-ID: 2025-11457 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the V8 component of Google Chrome and Microsoft Edge browsers is related to data type...
Advisory ROSA-SA-2025-3014
software: cert-sh-functions 1.0.6 WASP: ROSA-CHROME unaffected versions = cert-sh-functions-1.0.6-5 affected versions cert-sh-functions-1.0.6-5 CVE-ID: CVE-2022-30550 BDU-ID: 2022-04273 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the passdb account database of the Dovecot mail server is relate...
Advisory ROSA-SA-2025-3012
software: opensc 0.26.1 OS: ROSA-CHROME unaffected versions = opensc-0.26.1-1 affected versions opensc-0.26.1-1 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart ca...
Advisory ROSA-SA-2025-3010
software: postgresql14 14.19 WASP: ROSA-CHROME unaffected versions = postgresql14-14.19-1 affected versions postgresql14-14.19-1 CVE-ID: CVE-2024-10979 BDU-ID: 2024-09679 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PL/Perl environment variables of the PostgreSQL database management system is...
Advisory ROSA-SA-2025-3011
software: postgresql 15.14 WASP: ROSA-CHROME unaffected versions = postgresql-15.14-1 affected versions postgresql-15.14-1 CVE-ID: CVE-2024-10979 BDU-ID: 2024-09679 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PL/Perl environment variables of the PostgreSQL database management system is relat...
Advisory ROSA-SA-2025-3003
software: unbound 1.23.1 OS: ROSA-CHROME unaffected versions = unbound-1.23.1-1 affected versions unbound-1.23.1-1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to th...
Advisory ROSA-SA-2025-2993
software: htmldoc 1.9.20 OS: ROSA-CHROME unaffected versions = htmldoc-1.9.20-1 affected versions htmldoc-1.9.20-1 CVE-ID: CVE-2024-45508 BDU-ID: 2025-04747 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the parseparagraph function of the ps-pdf.cxx component of the HTMLDOC document conversion...
Advisory ROSA-SA-2025-2988
software: salt 3006.3 WASP: ROSA-CHROME unaffected versions = salt-3006.3-2 affected versions salt-3006.3-2 CVE-ID: CVE-2024-38824 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A directory traversal vulnerability in recvfile allows an attacker to write arbitrary files to the master cache directory...
Advisory ROSA-SA-2025-2979
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-5 affected versions ghostscript-9.56.1-5 CVE-ID: CVE-2023-52722 BDU-ID: 2024-07479 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the afqkf psi/zmisc1.c file of the Ghostscript document processing, conversion,...
Advisory ROSA-SA-2025-2974
software: libreswan 4.15 WASP: ROSA-CHROME unaffected versions = libreswan-4.15-1 affected versions libreswan-4.15-1 CVE-ID: CVE-2024-3652 BDU-ID: 2024-04885 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the "IPsec" VPN protocol library libreswan is related to a reachability assertion when...
Advisory ROSA-SA-2025-2967
Software: avahi 0.7 OS: ROSA Virtualization 2.1 unaffected versions = avahi-0.7-27.0.2.rv3.1 affected versions avahi-0.7-27.0.2.2.rv3.1 CVE-ID: CVE-2018-1000845 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC: Duplicate CVE-2017-6519 CVE-STATUS: The vulnerability has been resolved CVE-REV: To clo...
Advisory ROSA-SA-2025-2964
Software: LibRaw 0.19.5 OS: ROSA Virtualization 3.0 unaffected versions = LibRaw-0.19.5-4.rv30 affected versions LibRaw-0.19.5-4.rv30 CVE-ID: CVE-2021-32142 BDU-ID: 2023-03833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LibRawbufferdatastream::gets function of the src/librawdatastream.cpp...
Advisory ROSA-SA-2025-2960
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 unaffected versions = ghostscript-9.27-17.0.3.rv30 affected versions ghostscript-9.27-17.0.3.rv30 CVE-ID: CVE-2020-16287 BDU-ID: 2021-01163 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the lprnisblack function contrib/lips4/gdevlprn.c of th...
Advisory ROSA-SA-2025-2959
Software: avahi 0.7 OS: ROSA Virtualization 2.1 unaffected versions = avahi-0.7-27.0.2.rv3.1 affected versions avahi-0.7-27.0.2.2.rv3.1 CVE-ID: CVE-2017-6519 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the avahi-daemon daemon of the Avahi local area network service...
Advisory ROSA-SA-2025-2957
Software: perl-CPAN 2.18 OS: ROSA Virtualization 2.1 unaffected versions = perl-CPAN-2.18-397.0.1.rv3 affected versions perl-CPAN-2.18-397.0.1.rv3 CVE-ID: CVE-2023-31484 BDU-ID: 2023-03871 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CPAN.pm component of the Perl programming language is relat...
Advisory ROSA-SA-2025-2958
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 2.1 unaffected versions = xmlrpc-c-1.51.0-11.0.1.rv3 affected versions xmlrpc-c-1.51.0-11.0.1.rv3 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-bas...
Advisory ROSA-SA-2025-2953
PO: jose 14 WASP: ROSA-CHROME unaffected versions = jose-14-1 affected versions jose-14-1 CVE-ID: CVE-2023-50967 BDU-ID: 2024-02461 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the C language module for signing and encrypting JSON latchset Jose objects is associated with uncontrolled resource...
Advisory ROSA-SA-2025-2949
software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-1 affected versions ffmpeg-4.4.6-1 CVE-ID: CVE-2025-1594 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A buffer overflow vulnerability in FFmpeg allows a remote attacker to initiate an attack via the ffaacsearchfortns function in...
Advisory ROSA-SA-2025-2945
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-3 affected versions curl-8.7.1-3 CVE-ID: CVE-2025-0725 BDU-ID: 2025-01585 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command line utility is related to...
Advisory ROSA-SA-2025-2942
software: libraw 0.20.2 OS: ROSA-CHROME unaffected versions = libraw-0.20.2-5 affected versions libraw-0.20.2-5 CVE-ID: CVE-2025-43961 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in LibRaw allows an out-of-buffer read in the Fujifilm 0xf00c tag parser. CVE-STATUS: The vulnerability has...
Advisory ROSA-SA-2025-2939
Software: openvpn 2.5.8 OS: ROSA-CHROME unaffected versions = openvpn-2.5.8-2 affected versions openvpn-2.5.8-2 CVE-ID: CVE-2024-4877 BDU-ID: 2025-03850 CVE-Crit: MEDIUM CVE-DESC.: An Interactive Service iservice vulnerability in the OpenVPN GUI client of the OpenVPN software is related to access...