1374 matches found
Advisory ROSA-SA-2023-2253
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-21595 BDU-ID: 2022-06420 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitati...
Advisory ROSA-SA-2021-1829
Software: erlang R16B OS: Cobalt 7.9 CVE-ID: CVE-2011-0766 CVE-Crit: MEDIUM CVE-DESC: The random number generator in the Crypto application before 2.0.2.2.2 and SSH before 2.0.5, which was used in the Erlang / OTP ssh library before R14B03, uses predictable starting numbers based on the current...
Advisory ROSA-SA-2024-2463
software: zlib 1.2.11 OS: ROSA-CHROME packageevrstring: zlib-1.2.11-5 CVE-ID: CVE-2023-45853 BDU-ID: 2023-07116 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the zipOpenNewFileInZip464 function of the MiniZip package of the zlib library relates to an integer overflow when processing file name...
Advisory ROSA-SA-2024-2402
Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...
Advisory ROSA-SA-2024-2365
Software: net-snmp 5.8 OS: ROSA Virtualization 2.1 packageevrstring: net-snmp-5.8-27.rv3 CVE-ID: CVE-2022-44792 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception error, which could be used by a remote attacker...
Advisory ROSA-SA-2023-2138
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...
Advisory ROSA-SA-2021-1909
Software: log4j 1.2.17 OS: Cobalt 7.9 CVE-ID: CVE-2019-17571 CVE-Crit: CRITICAL CVE-DESC: Log4j 1.2 includes a SocketServer class vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in conjunction with a deserialization gadget while listening to...
Advisory ROSA-SA-2026-3307
Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...
Advisory ROSA-SA-2025-2851
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2023-27522 BDU-ID: 2023-02021 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxyuwsgi component of the Apache HTTP Server web server is related to flaws in HTTP request handling...
Advisory ROSA-SA-2025-2714
Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 packageevrstring: openssh-8.0p1-19.0.1 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool ...
Advisory ROSA-SA-2024-2461
software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-20 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems loader is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2340
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.1.res7 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to an argument injection or...
Advisory ROSA-SA-2023-2237
SOFTWARE: 389-ds-base 1.4.4.4.4. WASP: ROSA-CHROME packageevrstring: 389-ds-base-1.4.4.4-12.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...
Advisory ROSA-SA-2023-2131
Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-19 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2021-1995
Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...
Advisory ROSA-SA-2021-1973
Software: spamassassin 3.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-11780 CVE-Crit: CRITICAL CVE-DESC: A potential remote code execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. CVE-STATUS: Default CVE-REV: default CVE-ID: CVE-2018-11805 CVE-Crit: MEDIUM CVE-DESC: In Apach...
Advisory ROSA-SA-2021-1949
Software: perl 5.16.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-4330 CVE-Crit: MEDIUM CVE-DESC: The Dumper method in Data :: Dumper before 2.154, which was used in Perl 5.20.1 and earlier, allows context-sensitive attackers to cause a denial of service stack consumption and failure via an array reference...
Advisory ROSA-SA-2021-1929
Software: net-snmp 5.7.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-2284 CVE-Crit: HIGH CVE-DESC: The Linux implementation of ICMP-MIB in Net-SNMP 5.5 through 5.5.2.1, 5.6.x through 5.6.2.1, and 5.7.x through 5.7.2.1 incorrectly validates input, allowing remote attackers to cause a denial of service via...
Advisory ROSA-SA-2021-1869
Software: libevent 2.0.21 OS: Cobalt 7.9 CVE-ID: CVE-2014-6272 CVE-Crit: MEDIUM CVE-DESC: Multiple integer overflows in the evbuffer API in Libevent 1.4.x through 1.4.15, 2.0.x through 2.0.22, and 2.1.x through 2.1.The 5-beta allow context-aware attackers to cause a denial of service or possibly...
Advisory ROSA-SA-2024-2489
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.16 CVE-ID: CVE-2023-2828 BDU-ID: 2023-07642 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2438
Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...
Advisory ROSA-SA-2024-2397
Software: protobuf-c 1.4.1 OS: ROSA-CHROME packageevrstring: protobuf-c-1.4.1-2.src.rpm CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow. Exploitatio...
Advisory ROSA-SA-2024-2385
Software: kernel-ml-6.6 6.6.11 OS: rosa-server79 packageevrstring: kernel-ml-6.6.6.11-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...
Advisory ROSA-SA-2024-2333
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-10.rv3.src.rpm CVE-ID: CVE-2021-3634 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in libssh for versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets throughout a session. One ...
Advisory ROSA-SA-2023-2208
software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-38431 BDU-ID: 2023-03952 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ksmbdconnhandlerloop function in the fs/smb/server/connection.c module of the KSMBD file system of the...
Advisory ROSA-SA-2023-2121
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26 CVE-ID: CVE-2022-2795 BDU-ID: 2022-06124 CVE-Crit: HIGH CVE-DESC: A vulnerability in the DNS BIND server is related to improper management of internal resources within the application when processing large delegations...
Advisory ROSA-SA-2021-1989
Software: trousers 0.3.14 OS: Cobalt 7.9 CVE-ID: CVE-2020-24330 CVE-Crit: HIGH CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed...
Advisory ROSA-SA-2021-1988
Software: tomcat 7.0.76 OS: Cobalt 7.9 CVE-ID: CVE-2012-5568 CVE-Crit: CRITICAL CVE-DESC: Apache Tomcat via 7.0.x allows remote attackers to cause a denial of service disabling the daemon via partial HTTP requests, as demonstrated by Slowloris. CVE-STATUS: default CVE-REV: default CVE-ID:...
Advisory ROSA-SA-2021-1982
Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...
Advisory ROSA-SA-2021-1890
Software: libsndfile 1.0.25 OS: Cobalt 7.9 CVE-ID: CVE-2014-9756 CVE-Crit: CRITICAL CVE-DESC: The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service division-by-zero error and application crash via undefined vectors associated with the headindex variable...
Advisory ROSA-SA-2024-2344
Software: gstreamer-plugins-bad-free 0.10.23 OS: rosa-server79 packageevrstring: gstreamer-plugins-bad-free-0.10.23-24.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...
Advisory ROSA-SA-2024-2335
software: xterm 386 WASP: ROSA-CHROME packageevrstring: xterm-386-1.src.rpm CVE-ID: CVE-2023-40359 BDU-ID: 2023-07914 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting ReGIS Reporting feature of the XTerm terminal emulator is related to an operation exceeding...
Advisory ROSA-SA-2023-2268
software: vim 9.0.1572 WASP: ROSA-CHROME packageevrstring: vim-9.0.1572-1.src.rpm CVE-ID: CVE-2023-0049 BDU-ID: 2023-00068 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the buildstlstrhl buffer.c function of the Vim text editor is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2023-2203
Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...
Advisory ROSA-SA-2023-2180
Software: kernel-ml 5.15.114 OS: rosa-server79 packageevrstring: kernel-ml-5.15.114-1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...
Advisory ROSA-SA-2023-2170
software: libksba 1.3.5 OS: ROSA-CHROME packageevrstring: libksba-1.3.5-10.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the CRL parser...
Advisory ROSA-SA-2023-2136
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...
Advisory ROSA-SA-2021-1998
Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...
Advisory ROSA-SA-2021-1996
Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...
Advisory ROSA-SA-2021-1993
Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1930
Software: nettle 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-16869 CVE-Crit: MEDIUM. CVE-DESC: An oracle attack based on a Bleichenbacher-type side-channel was discovered in the way nettle handles the final transformation of PKCS 1 v1.5 data decrypted with RSA. An attacker who could run a process on th...
Advisory ROSA-SA-2025-2568
software: dnsmasq 2.90 WASP: ROSA-CHROME packageevrstring: dnsmasq-2.90-1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted...
Advisory ROSA-SA-2024-2490
Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...
Advisory ROSA-SA-2023-2209
software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.1.7-1.src.rpm CVE-ID: CVE-2021-43784 BDU-ID: 2023-02652 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting...
Advisory ROSA-SA-2023-2206
software: kernel-5.15 5.15.117 WASP: ROSA-CHROME packageevrstring: kernel-5.15-generic-5.15.117-1.src.rpm CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control duri...
Advisory ROSA-SA-2023-2096
Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...
Advisory ROSA-SA-2022-2062
Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...
Advisory ROSA-SA-2021-1962
Software: rpcbind 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-8779 CVE-Crit: HIGH CVE-DESC: rpcbind before 0.2.4, LIBTIRPC before 1.0.1 and 1.0.2-rc before 1.0.2-rc3 and NTIRPC before 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, allowing remote attackers to...
Advisory ROSA-SA-2021-1957
Software: python 2.7.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-7040 CVE-Crit: CRITICAL. CVE-DESC: Python 2.7 through 3.4 uses only the last eight bits of the prefix to randomize hash values, causing it to compute hash values without limiting the ability to predictably initiate hash code collisions and...
Advisory ROSA-SA-2021-1938
Software: openssh 7.4p1 OS: Cobalt 7.9 CVE-ID: CVE-2011-4327 CVE-Crit: CRITICAL CVE-DESC: ssh-keysign.c in ssh-keysign in OpenSSH before version 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, allowing local users to obtain sensitive key information via ...