Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2023/10/21 3:31 p.m.•55 views

Advisory ROSA-SA-2023-2253

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-21595 BDU-ID: 2022-06420 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitati...

7.8CVSS8AI score0.02406EPSS
Exploits11
Rosalinux
Rosalinux
•added 2022/01/31 2:3 p.m.•55 views

Advisory ROSA-SA-2022-2013

Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...

7.8CVSS8.5AI score0.94921EPSS
Exploits152
Rosalinux
Rosalinux
•added 2021/07/02 6:7 p.m.•55 views

Advisory ROSA-SA-2021-1968

Software: screen 4.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-5618 CVE-Crit: HIGH CVE-DESC: GNU screen before 4.5.1 allows local users to modify arbitrary files and therefore gain superuser privileges by improperly checking log file permissions. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-9366...

9.8CVSS9.3AI score0.09147EPSS
Exploits7
Rosalinux
Rosalinux
•added 2024/08/06 9:33 a.m.•54 views

Advisory ROSA-SA-2024-2463

software: zlib 1.2.11 OS: ROSA-CHROME packageevrstring: zlib-1.2.11-5 CVE-ID: CVE-2023-45853 BDU-ID: 2023-07116 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the zipOpenNewFileInZip464 function of the MiniZip package of the zlib library relates to an integer overflow when processing file name...

9.8CVSS8.2AI score0.52063EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/07/25 10:17 a.m.•54 views

Advisory ROSA-SA-2023-2198

Software: sysstat 12.7.2 OS: ROSA-CHROME packageevrstring: sysstat-12.7.2-1.src.rpm CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: On 32-bit systems in versions 9.1.16 and newer but before 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures...

7.8CVSS8.2AI score0.01096EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:30 p.m.•54 views

Advisory ROSA-SA-2021-1802

Software: bash 4.2.46 OS: Cobalt 7.9 CVE-ID: CVE-2012-6711 CVE-Crit: HIGH CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LCCTYPE environment variable are printed using the built-in echo function...

7.8CVSS7.5AI score0.02608EPSS
Exploits5
Rosalinux
Rosalinux
•added 2024/03/19 12:44 p.m.•53 views

Advisory ROSA-SA-2024-2377

software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-7.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability could allow an...

7.2CVSS7.2AI score0.01395EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:17 p.m.•53 views

Advisory ROSA-SA-2021-1989

Software: trousers 0.3.14 OS: Cobalt 7.9 CVE-ID: CVE-2020-24330 CVE-Crit: HIGH CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed...

7.8CVSS6.7AI score0.00553EPSS
Exploits3
Rosalinux
Rosalinux
•added 2021/07/02 6:17 p.m.•53 views

Advisory ROSA-SA-2021-1988

Software: tomcat 7.0.76 OS: Cobalt 7.9 CVE-ID: CVE-2012-5568 CVE-Crit: CRITICAL CVE-DESC: Apache Tomcat via 7.0.x allows remote attackers to cause a denial of service disabling the daemon via partial HTTP requests, as demonstrated by Slowloris. CVE-STATUS: default CVE-REV: default CVE-ID:...

7.5CVSS7.7AI score0.708EPSS
Exploits24
Rosalinux
Rosalinux
•added 2021/07/02 5:41 p.m.•53 views

Advisory ROSA-SA-2021-1949

Software: perl 5.16.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-4330 CVE-Crit: MEDIUM CVE-DESC: The Dumper method in Data :: Dumper before 2.154, which was used in Perl 5.20.1 and earlier, allows context-sensitive attackers to cause a denial of service stack consumption and failure via an array reference...

9.8CVSS9.2AI score0.12093EPSS
Exploits8
Rosalinux
Rosalinux
•added 2021/07/02 5:32 p.m.•53 views

Advisory ROSA-SA-2021-1929

Software: net-snmp 5.7.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-2284 CVE-Crit: HIGH CVE-DESC: The Linux implementation of ICMP-MIB in Net-SNMP 5.5 through 5.5.2.1, 5.6.x through 5.6.2.1, and 5.7.x through 5.7.2.1 incorrectly validates input, allowing remote attackers to cause a denial of service via...

9.8CVSS8.8AI score0.40002EPSS
Exploits6
Rosalinux
Rosalinux
•added 2021/07/02 5:26 p.m.•53 views

Advisory ROSA-SA-2021-1909

Software: log4j 1.2.17 OS: Cobalt 7.9 CVE-ID: CVE-2019-17571 CVE-Crit: CRITICAL CVE-DESC: Log4j 1.2 includes a SocketServer class vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in conjunction with a deserialization gadget while listening to...

9.8CVSS7.6AI score0.6906EPSS
Exploits3
Rosalinux
Rosalinux
•added 2021/07/02 5:16 p.m.•53 views

Advisory ROSA-SA-2021-1890

Software: libsndfile 1.0.25 OS: Cobalt 7.9 CVE-ID: CVE-2014-9756 CVE-Crit: CRITICAL CVE-DESC: The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service division-by-zero error and application crash via undefined vectors associated with the headindex variable...

9.3CVSS7.7AI score0.13294EPSS
Exploits5
Rosalinux
Rosalinux
•added 2025/02/24 12:28 p.m.•52 views

Advisory ROSA-SA-2025-2714

Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 packageevrstring: openssh-8.0p1-19.0.1 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool ...

9.8CVSS7.7AI score0.76768EPSS
Exploits10
Rosalinux
Rosalinux
•added 2024/04/17 1:41 p.m.•52 views

Advisory ROSA-SA-2024-2402

Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...

7.8CVSS8.7AI score0.01096EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/03/05 8:36 a.m.•52 views

Advisory ROSA-SA-2024-2365

Software: net-snmp 5.8 OS: ROSA Virtualization 2.1 packageevrstring: net-snmp-5.8-27.rv3 CVE-ID: CVE-2022-44792 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception error, which could be used by a remote attacker...

6.5CVSS6.9AI score0.5346EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/04/04 3:18 p.m.•52 views

Advisory ROSA-SA-2023-2138

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...

7.5CVSS7.6AI score0.17673EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/02/07 8:35 a.m.•52 views

Advisory ROSA-SA-2023-2096

Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...

8.8CVSS8.8AI score0.01199EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•52 views

Advisory ROSA-SA-2021-1962

Software: rpcbind 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-8779 CVE-Crit: HIGH CVE-DESC: rpcbind before 0.2.4, LIBTIRPC before 1.0.1 and 1.0.2-rc before 1.0.2-rc3 and NTIRPC before 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, allowing remote attackers to...

7.8CVSS7.2AI score0.81921EPSS
Exploits4
Rosalinux
Rosalinux
•added 2021/07/02 5:13 p.m.•52 views

Advisory ROSA-SA-2021-1869

Software: libevent 2.0.21 OS: Cobalt 7.9 CVE-ID: CVE-2014-6272 CVE-Crit: MEDIUM CVE-DESC: Multiple integer overflows in the evbuffer API in Libevent 1.4.x through 1.4.15, 2.0.x through 2.0.22, and 2.1.x through 2.1.The 5-beta allow context-aware attackers to cause a denial of service or possibly...

9.8CVSS8.3AI score0.06681EPSS
Exploits3
Rosalinux
Rosalinux
•added 2026/06/01 11:49 a.m.•51 views

Advisory ROSA-SA-2026-3307

Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...

7.5CVSS5.8AI score0.01804EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/10/03 9:13 p.m.•51 views

Advisory ROSA-SA-2024-2490

Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/14 9:58 a.m.•51 views

Advisory ROSA-SA-2024-2340

Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.1.res7 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to an argument injection or...

6.5CVSS8.3AI score0.19753EPSS
Exploits8
Rosalinux
Rosalinux
•added 2023/09/19 9:31 a.m.•51 views

Advisory ROSA-SA-2023-2237

SOFTWARE: 389-ds-base 1.4.4.4.4. WASP: ROSA-CHROME packageevrstring: 389-ds-base-1.4.4.4-12.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...

6.5CVSS7.1AI score0.01428EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/01 1:30 p.m.•51 views

Advisory ROSA-SA-2023-2208

software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-38431 BDU-ID: 2023-03952 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ksmbdconnhandlerloop function in the fs/smb/server/connection.c module of the KSMBD file system of the...

9.8CVSS6.8AI score0.01129EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/03/14 2:13 p.m.•51 views

Advisory ROSA-SA-2023-2131

Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-19 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...

9.8CVSS9.8AI score0.16004EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:19 p.m.•51 views

Advisory ROSA-SA-2021-1995

Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...

7.8CVSS6.3AI score0.03044EPSS
Exploits12
Rosalinux
Rosalinux
•added 2021/07/02 6:19 p.m.•51 views

Advisory ROSA-SA-2021-1993

Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...

5.5CVSS5.8AI score0.00504EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:8 p.m.•51 views

Advisory ROSA-SA-2021-1973

Software: spamassassin 3.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-11780 CVE-Crit: CRITICAL CVE-DESC: A potential remote code execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. CVE-STATUS: Default CVE-REV: default CVE-ID: CVE-2018-11805 CVE-Crit: MEDIUM CVE-DESC: In Apach...

10CVSS8.5AI score0.1082EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:3 p.m.•51 views

Advisory ROSA-SA-2021-1957

Software: python 2.7.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-7040 CVE-Crit: CRITICAL. CVE-DESC: Python 2.7 through 3.4 uses only the last eight bits of the prefix to randomize hash values, causing it to compute hash values without limiting the ability to predictably initiate hash code collisions and...

10CVSS9.4AI score0.28319EPSS
Exploits12
Rosalinux
Rosalinux
•added 2024/11/12 9:20 a.m.•50 views

Advisory ROSA-SA-2024-2519

software: log4j12 1.2.17 OS: ROSA-CHROME packageevrstring: log4j12-1.2.17-26 CVE-ID: CVE-2019-17571 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: Log4j 1.2 includes a SocketServer class that is vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in...

9.8CVSS9AI score0.81147EPSS
Exploits13
Rosalinux
Rosalinux
•added 2024/10/03 9:20 p.m.•50 views

Advisory ROSA-SA-2024-2494

Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.1.res7 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document generation softwar...

8.8CVSS8.9AI score0.01425EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 9:12 p.m.•50 views

Advisory ROSA-SA-2024-2489

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.16 CVE-ID: CVE-2023-2828 BDU-ID: 2023-07642 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker...

7.5CVSS7.8AI score0.99995EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/04/11 7:53 a.m.•50 views

Advisory ROSA-SA-2024-2397

Software: protobuf-c 1.4.1 OS: ROSA-CHROME packageevrstring: protobuf-c-1.4.1-2.src.rpm CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow. Exploitatio...

5.5CVSS6.1AI score0.00369EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/03/28 6:53 a.m.•50 views

Advisory ROSA-SA-2024-2385

Software: kernel-ml-6.6 6.6.11 OS: rosa-server79 packageevrstring: kernel-ml-6.6.6.11-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...

8.8CVSS7.7AI score0.09141EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/02/27 9:20 a.m.•50 views

Advisory ROSA-SA-2024-2362

Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...

6.1CVSS7.3AI score0.0175EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/01/30 8:34 a.m.•50 views

Advisory ROSA-SA-2024-2333

Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-10.rv3.src.rpm CVE-ID: CVE-2021-3634 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in libssh for versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets throughout a session. One ...

6.5CVSS7.4AI score0.04683EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/12/19 11:53 a.m.•50 views

Advisory ROSA-SA-2023-2312

Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2023-22045 BDU-ID: 2023-04350 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Enterprise Edition...

5.9CVSS7.2AI score0.08346EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/15 9:10 a.m.•50 views

Advisory ROSA-SA-2023-2214

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2021-3796 BDU-ID: 2021-05417 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the nvreplace function of the VIM text editor is related to memory usage after it has been freed. Exploitation o...

9.8CVSS8.4AI score0.02086EPSS
Exploits10
Rosalinux
Rosalinux
•added 2023/02/21 9:45 a.m.•50 views

Advisory ROSA-SA-2023-2121

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26 CVE-ID: CVE-2022-2795 BDU-ID: 2022-06124 CVE-Crit: HIGH CVE-DESC: A vulnerability in the DNS BIND server is related to improper management of internal resources within the application when processing large delegations...

6.8CVSS6.6AI score0.0325EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:13 p.m.•50 views

Advisory ROSA-SA-2021-1982

Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...

10CVSS8.3AI score0.55116EPSS
Exploits18
Rosalinux
Rosalinux
•added 2021/07/02 5:28 p.m.•50 views

Advisory ROSA-SA-2021-1916

Software: mate-screensaver 1.16.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...

6.1CVSS6.4AI score0.00576EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:27 p.m.•50 views

Advisory ROSA-SA-2021-1915

Software: mate-desktop 1.16.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...

6.1CVSS6.4AI score0.00576EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/01/27 7:51 a.m.•49 views

Advisory ROSA-SA-2025-2568

software: dnsmasq 2.90 WASP: ROSA-CHROME packageevrstring: dnsmasq-2.90-1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted...

7.5CVSS7.7AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/20 8:34 a.m.•49 views

Advisory ROSA-SA-2024-2344

Software: gstreamer-plugins-bad-free 0.10.23 OS: rosa-server79 packageevrstring: gstreamer-plugins-bad-free-0.10.23-24.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...

8.8CVSS7AI score0.01744EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/30 8:44 a.m.•49 views

Advisory ROSA-SA-2024-2335

software: xterm 386 WASP: ROSA-CHROME packageevrstring: xterm-386-1.src.rpm CVE-ID: CVE-2023-40359 BDU-ID: 2023-07914 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting ReGIS Reporting feature of the XTerm terminal emulator is related to an operation exceeding...

9.8CVSS7AI score0.00734EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:2 a.m.•49 views

Advisory ROSA-SA-2023-2268

software: vim 9.0.1572 WASP: ROSA-CHROME packageevrstring: vim-9.0.1572-1.src.rpm CVE-ID: CVE-2023-0049 BDU-ID: 2023-00068 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the buildstlstrhl buffer.c function of the Vim text editor is related to an operation exceeding buffer boundaries in memory...

8.4CVSS8.7AI score0.00555EPSS
Exploits11
Rosalinux
Rosalinux
•added 2023/10/21 1:39 p.m.•49 views

Advisory ROSA-SA-2023-2250

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...

7.7CVSS6.5AI score0.52063EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/08/01 12:58 p.m.•49 views

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

9.8CVSS7.8AI score0.23293EPSS
Exploits6
Rosalinux
Rosalinux
•added 2023/07/04 1:1 p.m.•49 views

Advisory ROSA-SA-2023-2180

Software: kernel-ml 5.15.114 OS: rosa-server79 packageevrstring: kernel-ml-5.15.114-1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...

7.8CVSS6.8AI score0.00491EPSS
Exploits1
Total number of security vulnerabilities1374