1374 matches found
Advisory ROSA-SA-2025-2922
software: kanboard 1.2.44 AXIS: ROSA-CHROME unaffected versions = kanboard-1.2.44-0.gitc07304.1-rosa2021.1 affected versions kanboard-1.2.44-0.gitc07304.1-rosa2021.1 CVE-ID: CVE-2024-51748 BDU-ID: 2024-10653 CVE-Crit: HIGH CVE-DESC.: A vulnerability in Kanboard project management software is...
Advisory ROSA-SA-2025-2926
software: yelp 42.2 WASP: ROSA-CHROME unaffected versions = yelp-42.2-2 affected versions yelp-42.2-2 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope when processing...
Advisory ROSA-SA-2025-2923
software: util-linux 2.37.4 OS: ROSA-CHROME unaffected versions = util-linux-2.37.4-3 affected versions util-linux-2.37.4-3 CVE-ID: CVE-2024-28085 BDU-ID: 2024-02517 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the util-linux package of the Linux operating system is related to incorrect privile...
Advisory ROSA-SA-2025-2925
software: yelp-xsl 42.1 WASP: ROSA-CHROME unaffected versions = yelp-xsl-42.1-1 affected versions yelp-xsl-42.1-1 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope whe...
Advisory ROSA-SA-2025-2919
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-7 affected versions libxml2-2.9.14-7 CVE-ID: CVE-2025-27113 BDU-ID: 2025-03138 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlPatMatch function in the pattern.c file of the libxml2 library is related to null pointe...
Advisory ROSA-SA-2025-2918
software: kernel-5.15 generic WASP: ROSA-CHROME unaffected versions = kernel-5.15-generic-5.15.178-1 affected versions kernel-5.15-generic-5.15.178-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating...
Advisory ROSA-SA-2025-2914
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-7 affected versions tomcat-9.0.37-7 CVE-ID: CVE-2024-38286 BDU-ID: 2024-07738 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Tomcat application server TLS protocol implementation is associated with uncontrolled...
Advisory ROSA-SA-2025-2912
software: mosquitto 2.0.20 WASP: ROSA-CHROME unaffected versions = mosquitto-2.0.20-1 affected versions mosquitto-2.0.20-1 CVE-ID: CVE-2024-3935 BDU-ID: 2024-09880 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Eclipse Mosquitto message broker is related to memory re-release. Exploitation of th...
Advisory ROSA-SA-2025-2910
software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-12.22-1 affected versions postgresql-12.22-1 CVE-ID: CVE-2023-2455 BDU-ID: 2023-03024 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to...
Advisory ROSA-SA-2025-2909
software: freeradius 3.0.27 OS: ROSA-CHROME unaffected versions = freeradius-3.0.27-1 affected versions freeradius-3.0.27-1 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation involves bypassing the authenticati...
Advisory ROSA-SA-2025-2906
Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2025-32463 BDU-ID: 2025-07765 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sudo system administration program is related to the inclusion of functions from an invalid controlled area when using...
Advisory ROSA-SA-2025-2905
Software: sudo 1.8.23 OS: rosa-server79 packageevrstring: sudo-1.8.23-11.0.1.res7.3 CVE-ID: CVE-2025-32463 BDU-ID: 2025-07765 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sudo system administration program is related to the inclusion of functions from an invalid controlled area when using the...
Advisory ROSA-SA-2025-2894
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.0.3.res7.14 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2890
Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 3.0 packageevrstring: libjpeg-turbo-1.5.3-14.rv30 CVE-ID: CVE-2020-13790 BDU-ID: 2021-01352 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the startinputppm function from rdppm.c of the libjpeg-turbo image manipulation library is related to...
Advisory ROSA-SA-2025-2887
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-16.0.1.rv30 CVE-ID: CVE-2020-27792 BDU-ID: 2023-09076 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the lp8000printpage function of the gdevlp8k.c component of the Ghostscript document processing software...
Advisory ROSA-SA-2025-2883
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-34.rv3 CVE-ID: CVE-2017-17095 BDU-ID: 2019-03339 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the LibTIFF library is related to a heap-based buffer overflow in TIFFSetupStrips. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2881
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-9.rv3 CVE-ID: CVE-2025-2784 BDU-ID: 2025-05737 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the skipinsightwhitespace function of the GNOME GUI libsoup library is related to reading beyond buffer boundaries in...
Advisory ROSA-SA-2025-2878
Software: jose 10 OS: ROSA Virtualization 2.1 packageevrstring: jose-10-2.rv3.3 CVE-ID: CVE-2023-50967 BDU-ID: 2024-02461 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the C language module for signing and encrypting JSON latchset Jose objects is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2025-2766
Software: rsync 3.1.3 OS: ROSA Virtualization 3.0 packageevrstring: rsync-3.1.3-20.rv30 CVE-ID: CVE-2024-12085 BDU-ID: 2025-00376 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2753
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-12.0.1.rv3 CVE-ID: CVE-2020-25659 BDU-ID: 2022-05647 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the python-cryptography package of the Python programming language interpreter is related to RSA key management...
Advisory ROSA-SA-2025-2742
Software: postgresql 13.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql-13.16-1.rv30 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to null pointer dereferencing due to...
Advisory ROSA-SA-2025-2723
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-15.0.2.rv30 CVE-ID: CVE-2024-46951 BDU-ID: 2024-09419 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the psi/zcolor.c component of the Ghostscript document processing, conversion, and generation software suite...
Advisory ROSA-SA-2025-2700
Software: dnsmasq 2.79 OS: ROSA Virtualization 3.0 packageevrstring: dnsmasq-2.79-31 CVE-ID: CVE-2020-25681 BDU-ID: 2021-01117 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sortrrset function dnssec.c of the dnsmasq DNS server is related to a buffer overflow in dynamic memory. Exploitation of...
Advisory ROSA-SA-2025-2693
Software: pcre2 10.34 OS: ROSA Virtualization 3.0 packageevrstring: pcre2-10.34-9.0.3 CVE-ID: CVE-2022-1586 BDU-ID: 2022-03770 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the compilexclassmatchingpath function of the PCRE2 library is related to reading data beyond buffer boundaries in memory...
Advisory ROSA-SA-2025-2684
Software: libwebp 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: libwebp-1.0.0.0-8.0.1 CVE-ID: CVE-2018-25011 BDU-ID: 2021-03099 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to a buffer overflow in the "heap"...
Advisory ROSA-SA-2025-2576
software: xwayland 23.2.7 WASP: ROSA-CHROME packageevrstring: xwayland-23.2.7-1 CVE-ID: CVE-2024-9632 BDU-ID: 2024-09084 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in dynamic memor...
Advisory ROSA-SA-2025-2569
software: curl 8.7.1 OS: ROSA-CHROME packageevrstring: curl-8.7.1-2 CVE-ID: CVE-2024-9681 BDU-ID: 2024-09106 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability exists in the implementation of the HSTS HTTP Strict Transport Security mechanism of the curl command line utility due to a bug in the...
Advisory ROSA-SA-2025-2558
Software: libsoup 2.62.2 OS: rosa-server79 packageevrstring: libsoup-2.62.2-2.0.1.res7 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in GNOME libsoup allows HTTP request smuggling attack due to ignoring '\0' characters at the end of header names. CVE-STATUS: The...
Advisory ROSA-SA-2026-3212
software: libcupsfilters 2.0.0 OS: ROSA-CHROME unaffected versions = libcupsfilters-2.0.0.0-7 affected versions libcupsfilters-2.0.0-7 CVE-ID: CVE-2024-47076 BDU-ID: 2024-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cfGetPrinterAttributes5 function of the libcupsfilters library of the...
Advisory ROSA-SA-2026-3210
software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-3 affected versions libssh-0.9.8-3 CVE-ID: CVE-2025-5318 BDU-ID: 2025-09008 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside of buffer boundaries in...
Advisory ROSA-SA-2026-3163
Software: sysstat 11.7.3 OS: ROSA Virtualization 3.1 unaffected versions = sysstat-11.7.3-13.rv31 affected versions sysstat-11.7.3-13.rv31 CVE-ID: CVE-2019-16167 BDU-ID: 2022-06244 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the remapstruct function of the sacommon.c component of the Sysstat...
Advisory ROSA-SA-2026-3160
Software: perl 5.26.3 OS: ROSA Virtualization 3.1 unaffected versions = perl-5.26.3-423.rv31 affected versions perl-5.26.3-423.rv31 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an...
Advisory ROSA-SA-2026-3149
Software: libproxy 0.4.15 OS: ROSA Virtualization 3.1 unaffected versions = libproxy-0.4.15-5.5.5.rv31 affected versions libproxy-0.4.15-5.5.rv31 CVE-ID: CVE-2020-25219 BDU-ID: 2022-00336 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the url::recvline function of the url.cpp component of the...
Advisory ROSA-SA-2026-3127
software: freerdp 2.11.7 OS: ROSA-CHROME CVE-ID: CVE-2025-4478 BDU-ID: 2025-12117 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GNOME Remote Desktop service is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to compromise data...
Advisory ROSA-SA-2026-3123
software: redis 7.2.11 OS: ROSA-CHROME unaffected versions = redis-7.2.11-1 affected versions redis-7.2.11-1 CVE-ID: CVE-2025-49844 BDU-ID: 2025-12553 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to memory utilization after it has been free...
Advisory ROSA-SA-2026-3119
software: mupdf 1.26.10 WASP: ROSA-CHROME unaffected versions = mupdf-1.26.10-1 affected versions mupdf-1.26.10-1 CVE-ID: CVE-2025-46206 BDU-ID: 2025-11246 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the mutool clean utility of the MuPDF PDF viewer is related to infinite recursion. Exploitation ...
Advisory ROSA-SA-2025-3088
Software: udisks2 2.8.4 OS: rosa-server79 unaffected versions = udisks2-2.8.4-1.0.1.res7 affected versions udisks2-2.8.4-1.0.1.res7 CVE-ID: CVE-2025-8067 BDU-ID: 2025-11284 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the fdindex fknction of the Udisks storage device query and management program...
Advisory ROSA-SA-2025-3070
Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 3.0 unaffected versions = gdk-pixbuf2-2.36.12-7.0.1.1.rv30 affected versions gdk-pixbuf2-2.36.12-7.0.1.rv30 CVE-ID: CVE-2025-7345 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdkpixbufjpegimageloadincrement function of the...
Advisory ROSA-SA-2025-3049
Software: krb5 1.18.2 OS: ROSA Virtualization 3.1 unaffected versions = krb5-1.18.2-32.rv31 affected versions krb5-1.18.2-32.rv31 CVE-ID: CVE-2024-37370 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the implementation of the Kerberos network authentication protocol is associated with a...
Advisory ROSA-SA-2025-2999
software: sqlite 3.41.2 OS: ROSA-CHROME unaffected versions = sqlite-3.41.2-3 affected versions sqlite-3.41.2-3 CVE-ID: CVE-2025-3277 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An integer overflow vulnerability in the SQLite concatws function that could lead to a buffer overflow of up to 4 GB and...
Advisory ROSA-SA-2025-2995
software: unbound 1.17.0 OS: ROSA-CHROME unaffected versions = unbound-1.17.0-2 affected versions unbound-1.17.0-2 CVE-ID: CVE-2024-8508 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Unbound when handling responses with very large RRsets could result in a denial of service. CVE-STATUS...
Advisory ROSA-SA-2025-2981
software: jq 1.8.1 OS: ROSA-CHROME unaffected versions = jq-1.8.1-1 affected versions jq-1.8.1-1 CVE-ID: CVE-2024-53427 BDU-ID: 2025-06690 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the decNumberCopy function of the jq functional programming language is related to accessing a resource via...
Advisory ROSA-SA-2025-2977
software: chromium-browser-stable 138.0.7204.92 WASP: ROSA-CHROME unaffected versions = chromium-browser-stable-138.0.7204.92-1 affected versions chromium-browser-stable-138.0.7204.92-1 CVE-ID: CVE-2025-6554 BDU-ID: 2025-07783 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the JavaScript scrip...
Advisory ROSA-SA-2025-2973
software: sudo 1.9.17p1 WASP: ROSA-CHROME unaffected versions = sudo-1.9.17p1-1 affected versions sudo-1.9.17p1-1 CVE-ID: CVE-2025-32462 BDU-ID: 2025-08356 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Sudo system administration program is related to a flaw in the authorization mechanism...
Advisory ROSA-SA-2025-2962
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 unaffected versions = libxml2-2.9.7-20.0.2.2.rv30 affected versions libxml2-2.9.7-20.0.2.2.rv30 CVE-ID: CVE-2023-45322 BDU-ID: 2023-06827 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlUnlinkNode function tree.c of the libxml2 library is...
Advisory ROSA-SA-2025-2951
software: xwayland 24.1.8 WASP: ROSA-CHROME unaffected versions = xwayland-24.1.8-1 affected versions xwayland-24.1.8-1 CVE-ID: CVE-2025-49175 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: No translation CVE-STATUS: The vulnerability has been resolved. CVE-REV: To close the vulnerability, run the...
Advisory ROSA-SA-2025-2952
software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-1 affected versions cjson-1.7.18-1 CVE-ID: CVE-2023-53154 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON: Buffer overflow vulnerability on read from heap via parsestring function. CVE-STATUS: Vulnerability has been resolved...
Advisory ROSA-SA-2025-2948
software: libsoup2.4 2.74.2 OS: ROSA-CHROME unaffected versions = libsoup2.4-2.74.2-2 affected versions libsoup2.4-2.74.2-2 CVE-ID: CVE-2025-32913 BDU-ID: 2025-06242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the soupmessageheadersgetcontentdisposition function of the GNOME GUI libsoup library ...
Advisory ROSA-SA-2025-2947
software: libsoup 3.2.1 OS: ROSA-CHROME unaffected versions = libsoup-3.2.1-2 affected versions libsoup-3.2.1-2 CVE-ID: CVE-2025-32913 BDU-ID: 2025-06242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the soupmessageheadersgetcontentdisposition function of the GNOME GUI libsoup library is related t...
Advisory ROSA-SA-2025-2946
software: glibc 2.33 AXIS: ROSA-CHROME unaffected versions = glibc-2.33-11.git5f08d1.1 affected versions glibc-2.33-11.git5f08d1.1 CVE-ID: CVE-2025-0395 BDU-ID: 2025-01120 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the assert function of the GNU C Library system library is related to incorrect...