1374 matches found
Advisory ROSA-SA-2024-2400
Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...
Advisory ROSA-SA-2024-2370
software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2007-3670 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An argument injection vulnerability in Microsoft Internet Explorer when running on systems with Firefox installed and registered specific URIs allow...
Advisory ROSA-SA-2021-1966
Software: ruby 2.0.0.648 OS: Cobalt 7.9 CVE-ID: CVE-2012-6684 CVE-Crit: MEDIUM CVE-DESC: A cross-site scripting XSS vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2023-2127
Software: openssh 7.4 OS: rosa-server79 packageevrstring: openssh-7.4p1-21 CVE-ID: CVE-2023-25136 BDU-ID: 2023-00711 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the options.kexalgorithms component of the OpenSSH cryptographic security tool server is associated with a memory re-release error...
Advisory ROSA-SA-2021-1950
Software: php 5.4.16 OS: Cobalt 7.9 CVE-ID: CVE-2011-4718 CVE-Crit: MEDIUM CVE-DESC: A session commit vulnerability in the session subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2011-4718...
Advisory ROSA-SA-2024-2479
Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.1.res7.10 CVE-ID: CVE-2023-46728 BDU-ID: 2024-01221 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacke...
Advisory ROSA-SA-2021-1818
Software: curl 7.29.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-4545 CVE-Crit: CRITICAL CVE-DESC: cURL and libcurl from 7.18.0 through 7.32.0 when built with OpenSSL disables validation of CN and SAN certificate name fields CURLOPTSSLVERIFYHOST when digital signature validation CURLOPTSSLVERIFYPEER is...
Advisory ROSA-SA-2025-3064
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 unaffected versions = libwebp-1.0.0.0-10.0.1.rv3 affected versions libwebp-1.0.0.0-10.0.1.rv3 CVE-ID: CVE-2023-4863 BDU-ID: TO600, TO601, TO675, TO797, TO826 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the libwebp library for WebP image...
Advisory ROSA-SA-2024-2371
software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2011-0064 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The hbbufferensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory reallocatio...
Advisory ROSA-SA-2021-1940
Software: openvpn 2.4.9 OS: Cobalt 7.9 CVE-ID: CVE-2020-11462 CVE-Crit: HIGH CVE-DESC: The issue was found in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. When the full-featured RPC2 interface is enabled, a temporary management interface DoS state can be reached when sending an XML...
Advisory ROSA-SA-2021-1809
Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...
Advisory ROSA-SA-2024-2354
Software: shim-signed 15 OS: rosa-server79 packageevrstring: shim-signed-15-8.0.1.res7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the UEFI shim bootloader due to failure to take measures to neutralize special elements. Exploitation of the...
Advisory ROSA-SA-2021-1959
Software: qt 4.8.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-0190 CVE-Crit: HIGH CVE-DESC: The GIF decoder in QtGui in Qt before version 5.3 allows remote attackers to cause a denial of service dereferencing a NULL pointer via invalid width and height values in a GIF image. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2023-2189
Software: kernel-ml 5.15.117 OS: rosa-server79 packageevrstring: kernel-ml-5.15.117-1.res7 CVE-ID: CVE-2023-31085 BDU-ID: 2023-02516 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the mtddivbyeb function in the include/linux/mtd/mtd/mtd.h module of the Linux operating system kernel is related to...
Advisory ROSA-SA-2023-2262
Software: openvswitch 2.16.1 OS: ROSA-CHROME packageevrstring: openvswitch-2.16.1-3.src.rpm CVE-ID: CVE-2019-25076 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The TSS Tuple Space Search algorithm in Open vSwitch versions 2.x-2.17.2 and 3.0.0 allows remote attackers to cause denial of service delayin...
Advisory ROSA-SA-2024-2353
Software: shim 15 OS: rosa-server79 packageevrstring: shim-15-8.0.1.el7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could...
Advisory ROSA-SA-2021-1979
Software: subversion 1.7.14 OS: Cobalt 7.9 CVE-ID: CVE-2014-3504 CVE-Crit: HIGH CVE-DESC: The functions 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate in Serf 0.2.0 - 1.3.x through 1.3.7 incorrectly handle the NUL byte in the domain name in the subject common name. CN in...
Advisory ROSA-SA-2025-2984
software: qt6-qtimageformats 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtimageformats-6.8.3-2 affected versions qt6-qtimageformats-6.8.3-2 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCor...
Advisory ROSA-SA-2023-2158
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: 2.4.6-98.7 CVE-ID: CVE-2021-40438 BDU-ID: 2021-04820 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2023-2155
Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: 1.15.7 CVE-ID: CVE-2020-11993 BDU-ID: 2021-00779 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Apache HTTP Server's implementation of the HTTP/2 web server mechanism is related to inconsistent interpretation of http...
Advisory ROSA-SA-2023-2184
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-8.rv3.src.rpm CVE-ID: CVE-2020-36329 BDU-ID: 2021-03101 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to memory usage after memory is freed...
Advisory ROSA-SA-2024-2436
software: cfengine 3.21.3 OS: ROSA-CHROME packageevrstring: cfengine-3.21.3-1 CVE-ID: CVE-2021-36756 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is no SSL certificate validation in CFEngine Enterprise. CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update cfengine CVE-ID:...
Advisory ROSA-SA-2023-2222
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1-19.rv3.src.rpm CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security to...
Advisory ROSA-SA-2025-2983
software: qt6-qtbase 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtbase-6.8.3-3 affected versions qt6-qtbase-6.8.3-3 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCore cross-platform software...
Advisory ROSA-SA-2024-2408
Software: xz 5.2.4 OS: ROSA Virtualization 2.1 packageevrstring: xz-5.2.4-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process...
Advisory ROSA-SA-2024-2332
Software: glibc 2.28 OS: ROSA Virtualization 2.1 packageevrstring: glibc-2.28-225.rv3.src.rpm CVE-ID: CVE-2023-4527 BDU-ID: 2023-06332 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the glibc system library is related to reading data outside of buffer boundaries in...
Advisory ROSA-SA-2023-2134
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-35603 BDU-ID: None CVE-Crit: LOW CVE-DESC: A vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE component: JSSE. A...
Advisory ROSA-SA-2023-2269
Software: vsftpd 3.0.5 OS: ROSA-CHROME packageevrstring: vsftpd-3.0.5-1.src.rpm CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2021-1983
Software: talk 0.17 OS: Cobalt 7.9 CVE-ID: CVE-2018-3781 CVE-Crit: MEDIUM CVE-DESC: The lack of cleanup of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to persistence of XSS requiring user interaction. The lack of cleanup only affected usernames, so malicious search...
Advisory ROSA-SA-2023-2159
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2021-1862
Software: libarchive 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-2304 CVE-Crit: HIGH CVE-DESC: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via the full path in the archive. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1835
Software: firefox 78.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-12400 CVE-Crit: MEDIUM CVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox 80 and...
Advisory ROSA-SA-2025-2862
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 packageevrstring: kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2023-52864 BDU-ID: 2024-10416 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the wmicharopen function of the Linux operating system kernel is related to the driver not binding to a devi...
Advisory ROSA-SA-2024-2366
Software: openssl 1.1.1v OS: ROSA-CHROME packageevrstring: openssl-1.1.1.1v-1.src.rpm CVE-ID: CVE-2023-2650 BDU-ID: 2023-03652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2021-1867
Software: libebml 1.3.9 OS: Cobalt 7.9 CVE-ID: CVE-2021-3405 CVE-Crit: MEDIUM CVE-DESC: A bug was found in libebml before version 1.4.2. A heap overflow bug exists in the EbmlString :: ReadData and EbmlUnicodeString :: ReadData implementations of libebml. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2024-2379
software: curl 8.4.0 WASP: ROSA-CHROME packageevrstring: curl-8.4.0-1.src.rpm CVE-ID: CVE-2023-38545 BDU-ID: 2023-06576 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SOCKS5 protocol implementation of the cURL command line utility is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2355
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...
Advisory ROSA-SA-2023-2161
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...
Advisory ROSA-SA-2024-2409
Software: xz 5.2.2 OS: rosa-server79 packageevrstring: xz-5.2.2.2-2 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts...
Advisory ROSA-SA-2024-2367
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...
Advisory ROSA-SA-2024-2363
Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...
Advisory ROSA-SA-2023-2160
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2021-36160 BDU-ID: 2021-06099 CVE-Crit: HIGH CVE-DESC: A vulnerability in the modproxyuwsgi function of the Apache HTTP Server web server is related to reading data outside of the specified buffer. Exploitatio...
Advisory ROSA-SA-2023-2245
Software: bind 9.11.26 OS: ROSA Virtualization 2.1 packageevrstring: bind-9.11.26-6.rv3.src.rpm CVE-ID: CVE-2019-6470 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: There was a bug in a function in one of the ISC BIND libraries that dhcpd used when running in DHCPv6 mode. There was also a bug in dhcpd's...
Advisory ROSA-SA-2025-2835
Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 2.1 packageevrstring: bind-dyndb-ldap-11.6-5.rv3 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithm...
Advisory ROSA-SA-2024-2382
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.3.res7 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiatio...
Advisory ROSA-SA-2024-2359
software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16-1.src.rpm CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access delimitation flaws...
Advisory ROSA-SA-2024-2338
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3.src.rpm CVE-ID: CVE-2022-0561 BDU-ID: 2022-05790 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TIFFFetchStripThing function of the tifdirread.c component of the LibTIFF library is related to pointer...
Advisory ROSA-SA-2023-2258
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-3.src.rpm CVE-ID: CVE-2020-9484 BDU-ID: 2020-03620 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PersistenceManager component of the Apache Tomcat application server is related to the recovery of invalid data in memory...
Advisory ROSA-SA-2021-1975
Software: sqlite 3.7.17 OS: Cobalt 7.9 CVE-ID: CVE-2015-3717 CVE-Crit: HIGH CVE-DESC: Multiple buffer overflows in SQLite's printf function, used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service application crash via...
Advisory ROSA-SA-2024-2411
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-22.rv3.src.rpm CVE-ID: CVE-2021-22897 BDU-ID: 2022-00375 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Transport Layer Security TLS protocol implementation of the libcurl library is due to security flaws in the...