Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2023/10/21 3:31 p.m.•53 views

Advisory ROSA-SA-2023-2253

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-21595 BDU-ID: 2022-06420 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitati...

7.8CVSS8AI score0.02406EPSS
Exploits11
Rosalinux
Rosalinux
•added 2021/07/02 4:39 p.m.•53 views

Advisory ROSA-SA-2021-1829

Software: erlang R16B OS: Cobalt 7.9 CVE-ID: CVE-2011-0766 CVE-Crit: MEDIUM CVE-DESC: The random number generator in the Crypto application before 2.0.2.2.2 and SSH before 2.0.5, which was used in the Erlang / OTP ssh library before R14B03, uses predictable starting numbers based on the current...

7.8CVSS7.2AI score0.03046EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/08/06 9:33 a.m.•52 views

Advisory ROSA-SA-2024-2463

software: zlib 1.2.11 OS: ROSA-CHROME packageevrstring: zlib-1.2.11-5 CVE-ID: CVE-2023-45853 BDU-ID: 2023-07116 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the zipOpenNewFileInZip464 function of the MiniZip package of the zlib library relates to an integer overflow when processing file name...

9.8CVSS8.2AI score0.52063EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/04/17 1:41 p.m.•52 views

Advisory ROSA-SA-2024-2402

Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...

7.8CVSS8.7AI score0.01096EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/03/05 8:36 a.m.•52 views

Advisory ROSA-SA-2024-2365

Software: net-snmp 5.8 OS: ROSA Virtualization 2.1 packageevrstring: net-snmp-5.8-27.rv3 CVE-ID: CVE-2022-44792 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception error, which could be used by a remote attacker...

6.5CVSS6.9AI score0.5346EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/04/04 3:18 p.m.•52 views

Advisory ROSA-SA-2023-2138

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...

7.5CVSS7.6AI score0.17673EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 5:26 p.m.•52 views

Advisory ROSA-SA-2021-1909

Software: log4j 1.2.17 OS: Cobalt 7.9 CVE-ID: CVE-2019-17571 CVE-Crit: CRITICAL CVE-DESC: Log4j 1.2 includes a SocketServer class vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in conjunction with a deserialization gadget while listening to...

9.8CVSS7.6AI score0.6906EPSS
Exploits3
Rosalinux
Rosalinux
•added 2026/06/01 11:49 a.m.•51 views

Advisory ROSA-SA-2026-3307

Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...

7.5CVSS5.8AI score0.01804EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/04/30 7:45 a.m.•51 views

Advisory ROSA-SA-2025-2851

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2023-27522 BDU-ID: 2023-02021 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxyuwsgi component of the Apache HTTP Server web server is related to flaws in HTTP request handling...

9.8CVSS9AI score0.99957EPSS
Exploits2
Rosalinux
Rosalinux
•added 2025/02/24 12:28 p.m.•51 views

Advisory ROSA-SA-2025-2714

Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 packageevrstring: openssh-8.0p1-19.0.1 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool ...

9.8CVSS7.7AI score0.76768EPSS
Exploits10
Rosalinux
Rosalinux
•added 2024/07/31 9:54 a.m.•51 views

Advisory ROSA-SA-2024-2461

software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-20 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems loader is related to an operation exceeding buffer boundaries in memory...

8.6CVSS7.5AI score0.00872EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/02/14 9:58 a.m.•51 views

Advisory ROSA-SA-2024-2340

Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.1.res7 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to an argument injection or...

6.5CVSS8.3AI score0.19753EPSS
Exploits8
Rosalinux
Rosalinux
•added 2023/09/19 9:31 a.m.•51 views

Advisory ROSA-SA-2023-2237

SOFTWARE: 389-ds-base 1.4.4.4.4. WASP: ROSA-CHROME packageevrstring: 389-ds-base-1.4.4.4-12.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...

6.5CVSS7.1AI score0.01428EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/03/14 2:13 p.m.•51 views

Advisory ROSA-SA-2023-2131

Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-19 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...

9.8CVSS9.8AI score0.16004EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:19 p.m.•51 views

Advisory ROSA-SA-2021-1995

Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...

7.8CVSS6.3AI score0.03044EPSS
Exploits12
Rosalinux
Rosalinux
•added 2021/07/02 6:8 p.m.•51 views

Advisory ROSA-SA-2021-1973

Software: spamassassin 3.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-11780 CVE-Crit: CRITICAL CVE-DESC: A potential remote code execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. CVE-STATUS: Default CVE-REV: default CVE-ID: CVE-2018-11805 CVE-Crit: MEDIUM CVE-DESC: In Apach...

10CVSS8.5AI score0.1082EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:41 p.m.•51 views

Advisory ROSA-SA-2021-1949

Software: perl 5.16.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-4330 CVE-Crit: MEDIUM CVE-DESC: The Dumper method in Data :: Dumper before 2.154, which was used in Perl 5.20.1 and earlier, allows context-sensitive attackers to cause a denial of service stack consumption and failure via an array reference...

9.8CVSS9.2AI score0.12093EPSS
Exploits8
Rosalinux
Rosalinux
•added 2021/07/02 5:32 p.m.•51 views

Advisory ROSA-SA-2021-1929

Software: net-snmp 5.7.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-2284 CVE-Crit: HIGH CVE-DESC: The Linux implementation of ICMP-MIB in Net-SNMP 5.5 through 5.5.2.1, 5.6.x through 5.6.2.1, and 5.7.x through 5.7.2.1 incorrectly validates input, allowing remote attackers to cause a denial of service via...

9.8CVSS8.8AI score0.40002EPSS
Exploits6
Rosalinux
Rosalinux
•added 2021/07/02 5:13 p.m.•51 views

Advisory ROSA-SA-2021-1869

Software: libevent 2.0.21 OS: Cobalt 7.9 CVE-ID: CVE-2014-6272 CVE-Crit: MEDIUM CVE-DESC: Multiple integer overflows in the evbuffer API in Libevent 1.4.x through 1.4.15, 2.0.x through 2.0.22, and 2.1.x through 2.1.The 5-beta allow context-aware attackers to cause a denial of service or possibly...

9.8CVSS8.3AI score0.06681EPSS
Exploits3
Rosalinux
Rosalinux
•added 2024/10/03 9:12 p.m.•50 views

Advisory ROSA-SA-2024-2489

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.16 CVE-ID: CVE-2023-2828 BDU-ID: 2023-07642 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker...

7.5CVSS7.8AI score0.99995EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/06/27 10:51 a.m.•50 views

Advisory ROSA-SA-2024-2438

Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...

5.5CVSS6.8AI score0.00263EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/11 7:53 a.m.•50 views

Advisory ROSA-SA-2024-2397

Software: protobuf-c 1.4.1 OS: ROSA-CHROME packageevrstring: protobuf-c-1.4.1-2.src.rpm CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow. Exploitatio...

5.5CVSS6.1AI score0.00369EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/03/28 6:53 a.m.•50 views

Advisory ROSA-SA-2024-2385

Software: kernel-ml-6.6 6.6.11 OS: rosa-server79 packageevrstring: kernel-ml-6.6.6.11-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...

8.8CVSS7.7AI score0.09141EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/01/30 8:34 a.m.•50 views

Advisory ROSA-SA-2024-2333

Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-10.rv3.src.rpm CVE-ID: CVE-2021-3634 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in libssh for versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets throughout a session. One ...

6.5CVSS7.4AI score0.04683EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/08/01 1:30 p.m.•50 views

Advisory ROSA-SA-2023-2208

software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-38431 BDU-ID: 2023-03952 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ksmbdconnhandlerloop function in the fs/smb/server/connection.c module of the KSMBD file system of the...

9.8CVSS6.8AI score0.01129EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/02/21 9:45 a.m.•50 views

Advisory ROSA-SA-2023-2121

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26 CVE-ID: CVE-2022-2795 BDU-ID: 2022-06124 CVE-Crit: HIGH CVE-DESC: A vulnerability in the DNS BIND server is related to improper management of internal resources within the application when processing large delegations...

6.8CVSS6.6AI score0.0325EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:17 p.m.•50 views

Advisory ROSA-SA-2021-1989

Software: trousers 0.3.14 OS: Cobalt 7.9 CVE-ID: CVE-2020-24330 CVE-Crit: HIGH CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed...

7.8CVSS6.7AI score0.00553EPSS
Exploits3
Rosalinux
Rosalinux
•added 2021/07/02 6:17 p.m.•50 views

Advisory ROSA-SA-2021-1988

Software: tomcat 7.0.76 OS: Cobalt 7.9 CVE-ID: CVE-2012-5568 CVE-Crit: CRITICAL CVE-DESC: Apache Tomcat via 7.0.x allows remote attackers to cause a denial of service disabling the daemon via partial HTTP requests, as demonstrated by Slowloris. CVE-STATUS: default CVE-REV: default CVE-ID:...

7.5CVSS7.7AI score0.708EPSS
Exploits24
Rosalinux
Rosalinux
•added 2021/07/02 6:13 p.m.•50 views

Advisory ROSA-SA-2021-1982

Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...

10CVSS8.3AI score0.55116EPSS
Exploits18
Rosalinux
Rosalinux
•added 2021/07/02 5:16 p.m.•50 views

Advisory ROSA-SA-2021-1890

Software: libsndfile 1.0.25 OS: Cobalt 7.9 CVE-ID: CVE-2014-9756 CVE-Crit: CRITICAL CVE-DESC: The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service division-by-zero error and application crash via undefined vectors associated with the headindex variable...

9.3CVSS7.7AI score0.13294EPSS
Exploits5
Rosalinux
Rosalinux
•added 2024/02/20 8:34 a.m.•49 views

Advisory ROSA-SA-2024-2344

Software: gstreamer-plugins-bad-free 0.10.23 OS: rosa-server79 packageevrstring: gstreamer-plugins-bad-free-0.10.23-24.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...

8.8CVSS7AI score0.01744EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/30 8:44 a.m.•49 views

Advisory ROSA-SA-2024-2335

software: xterm 386 WASP: ROSA-CHROME packageevrstring: xterm-386-1.src.rpm CVE-ID: CVE-2023-40359 BDU-ID: 2023-07914 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting ReGIS Reporting feature of the XTerm terminal emulator is related to an operation exceeding...

9.8CVSS7AI score0.00734EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:2 a.m.•49 views

Advisory ROSA-SA-2023-2268

software: vim 9.0.1572 WASP: ROSA-CHROME packageevrstring: vim-9.0.1572-1.src.rpm CVE-ID: CVE-2023-0049 BDU-ID: 2023-00068 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the buildstlstrhl buffer.c function of the Vim text editor is related to an operation exceeding buffer boundaries in memory...

8.4CVSS8.7AI score0.00555EPSS
Exploits11
Rosalinux
Rosalinux
•added 2023/08/01 12:58 p.m.•49 views

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

9.8CVSS7.8AI score0.23293EPSS
Exploits6
Rosalinux
Rosalinux
•added 2023/07/04 1:1 p.m.•49 views

Advisory ROSA-SA-2023-2180

Software: kernel-ml 5.15.114 OS: rosa-server79 packageevrstring: kernel-ml-5.15.114-1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...

7.8CVSS6.8AI score0.00491EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/06/20 10:21 a.m.•49 views

Advisory ROSA-SA-2023-2170

software: libksba 1.3.5 OS: ROSA-CHROME packageevrstring: libksba-1.3.5-10.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the CRL parser...

9.8CVSS7.9AI score0.01635EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/03/28 1:38 p.m.•49 views

Advisory ROSA-SA-2023-2136

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:21 p.m.•49 views

Advisory ROSA-SA-2021-1998

Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...

8.1CVSS7.2AI score0.05372EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:19 p.m.•49 views

Advisory ROSA-SA-2021-1996

Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...

8.1CVSS8.3AI score0.07499EPSS
Exploits7
Rosalinux
Rosalinux
•added 2021/07/02 6:19 p.m.•49 views

Advisory ROSA-SA-2021-1993

Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...

5.5CVSS5.8AI score0.00504EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:33 p.m.•49 views

Advisory ROSA-SA-2021-1930

Software: nettle 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-16869 CVE-Crit: MEDIUM. CVE-DESC: An oracle attack based on a Bleichenbacher-type side-channel was discovered in the way nettle handles the final transformation of PKCS 1 v1.5 data decrypted with RSA. An attacker who could run a process on th...

8.1CVSS6.6AI score0.01607EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/27 7:51 a.m.•48 views

Advisory ROSA-SA-2025-2568

software: dnsmasq 2.90 WASP: ROSA-CHROME packageevrstring: dnsmasq-2.90-1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted...

7.5CVSS7.7AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 9:13 p.m.•48 views

Advisory ROSA-SA-2024-2490

Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/08 7:51 a.m.•48 views

Advisory ROSA-SA-2023-2209

software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.1.7-1.src.rpm CVE-ID: CVE-2021-43784 BDU-ID: 2023-02652 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting...

7.8CVSS7.1AI score0.01663EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/08/01 1:17 p.m.•48 views

Advisory ROSA-SA-2023-2206

software: kernel-5.15 5.15.117 WASP: ROSA-CHROME packageevrstring: kernel-5.15-generic-5.15.117-1.src.rpm CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control duri...

7.8CVSS6.7AI score0.00491EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/02/07 8:35 a.m.•48 views

Advisory ROSA-SA-2023-2096

Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...

8.8CVSS8.8AI score0.01199EPSS
Exploits0
Rosalinux
Rosalinux
•added 2022/12/06 12:24 p.m.•48 views

Advisory ROSA-SA-2022-2062

Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...

8.8CVSS8.6AI score0.00956EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•48 views

Advisory ROSA-SA-2021-1962

Software: rpcbind 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-8779 CVE-Crit: HIGH CVE-DESC: rpcbind before 0.2.4, LIBTIRPC before 1.0.1 and 1.0.2-rc before 1.0.2-rc3 and NTIRPC before 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, allowing remote attackers to...

7.8CVSS7.2AI score0.81921EPSS
Exploits4
Rosalinux
Rosalinux
•added 2021/07/02 6:3 p.m.•48 views

Advisory ROSA-SA-2021-1957

Software: python 2.7.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-7040 CVE-Crit: CRITICAL. CVE-DESC: Python 2.7 through 3.4 uses only the last eight bits of the prefix to randomize hash values, causing it to compute hash values without limiting the ability to predictably initiate hash code collisions and...

10CVSS9.4AI score0.28319EPSS
Exploits12
Rosalinux
Rosalinux
•added 2021/07/02 5:38 p.m.•48 views

Advisory ROSA-SA-2021-1938

Software: openssh 7.4p1 OS: Cobalt 7.9 CVE-ID: CVE-2011-4327 CVE-Crit: CRITICAL CVE-DESC: ssh-keysign.c in ssh-keysign in OpenSSH before version 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, allowing local users to obtain sensitive key information via ...

7.8CVSS8.3AI score0.88944EPSS
Exploits39
Total number of security vulnerabilities1374