1374 matches found
Advisory ROSA-SA-2023-2253
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-21595 BDU-ID: 2022-06420 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitati...
Advisory ROSA-SA-2022-2013
Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...
Advisory ROSA-SA-2021-1968
Software: screen 4.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-5618 CVE-Crit: HIGH CVE-DESC: GNU screen before 4.5.1 allows local users to modify arbitrary files and therefore gain superuser privileges by improperly checking log file permissions. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-9366...
Advisory ROSA-SA-2024-2463
software: zlib 1.2.11 OS: ROSA-CHROME packageevrstring: zlib-1.2.11-5 CVE-ID: CVE-2023-45853 BDU-ID: 2023-07116 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the zipOpenNewFileInZip464 function of the MiniZip package of the zlib library relates to an integer overflow when processing file name...
Advisory ROSA-SA-2023-2198
Software: sysstat 12.7.2 OS: ROSA-CHROME packageevrstring: sysstat-12.7.2-1.src.rpm CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: On 32-bit systems in versions 9.1.16 and newer but before 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures...
Advisory ROSA-SA-2021-1802
Software: bash 4.2.46 OS: Cobalt 7.9 CVE-ID: CVE-2012-6711 CVE-Crit: HIGH CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LCCTYPE environment variable are printed using the built-in echo function...
Advisory ROSA-SA-2024-2377
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-7.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2021-1989
Software: trousers 0.3.14 OS: Cobalt 7.9 CVE-ID: CVE-2020-24330 CVE-Crit: HIGH CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed...
Advisory ROSA-SA-2021-1988
Software: tomcat 7.0.76 OS: Cobalt 7.9 CVE-ID: CVE-2012-5568 CVE-Crit: CRITICAL CVE-DESC: Apache Tomcat via 7.0.x allows remote attackers to cause a denial of service disabling the daemon via partial HTTP requests, as demonstrated by Slowloris. CVE-STATUS: default CVE-REV: default CVE-ID:...
Advisory ROSA-SA-2021-1949
Software: perl 5.16.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-4330 CVE-Crit: MEDIUM CVE-DESC: The Dumper method in Data :: Dumper before 2.154, which was used in Perl 5.20.1 and earlier, allows context-sensitive attackers to cause a denial of service stack consumption and failure via an array reference...
Advisory ROSA-SA-2021-1929
Software: net-snmp 5.7.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-2284 CVE-Crit: HIGH CVE-DESC: The Linux implementation of ICMP-MIB in Net-SNMP 5.5 through 5.5.2.1, 5.6.x through 5.6.2.1, and 5.7.x through 5.7.2.1 incorrectly validates input, allowing remote attackers to cause a denial of service via...
Advisory ROSA-SA-2021-1909
Software: log4j 1.2.17 OS: Cobalt 7.9 CVE-ID: CVE-2019-17571 CVE-Crit: CRITICAL CVE-DESC: Log4j 1.2 includes a SocketServer class vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in conjunction with a deserialization gadget while listening to...
Advisory ROSA-SA-2021-1890
Software: libsndfile 1.0.25 OS: Cobalt 7.9 CVE-ID: CVE-2014-9756 CVE-Crit: CRITICAL CVE-DESC: The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service division-by-zero error and application crash via undefined vectors associated with the headindex variable...
Advisory ROSA-SA-2025-2714
Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 packageevrstring: openssh-8.0p1-19.0.1 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool ...
Advisory ROSA-SA-2024-2402
Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...
Advisory ROSA-SA-2024-2365
Software: net-snmp 5.8 OS: ROSA Virtualization 2.1 packageevrstring: net-snmp-5.8-27.rv3 CVE-ID: CVE-2022-44792 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception error, which could be used by a remote attacker...
Advisory ROSA-SA-2023-2138
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...
Advisory ROSA-SA-2023-2096
Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...
Advisory ROSA-SA-2021-1962
Software: rpcbind 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-8779 CVE-Crit: HIGH CVE-DESC: rpcbind before 0.2.4, LIBTIRPC before 1.0.1 and 1.0.2-rc before 1.0.2-rc3 and NTIRPC before 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, allowing remote attackers to...
Advisory ROSA-SA-2021-1869
Software: libevent 2.0.21 OS: Cobalt 7.9 CVE-ID: CVE-2014-6272 CVE-Crit: MEDIUM CVE-DESC: Multiple integer overflows in the evbuffer API in Libevent 1.4.x through 1.4.15, 2.0.x through 2.0.22, and 2.1.x through 2.1.The 5-beta allow context-aware attackers to cause a denial of service or possibly...
Advisory ROSA-SA-2026-3307
Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...
Advisory ROSA-SA-2024-2490
Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...
Advisory ROSA-SA-2024-2340
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.1.res7 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to an argument injection or...
Advisory ROSA-SA-2023-2237
SOFTWARE: 389-ds-base 1.4.4.4.4. WASP: ROSA-CHROME packageevrstring: 389-ds-base-1.4.4.4-12.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...
Advisory ROSA-SA-2023-2208
software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-38431 BDU-ID: 2023-03952 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ksmbdconnhandlerloop function in the fs/smb/server/connection.c module of the KSMBD file system of the...
Advisory ROSA-SA-2023-2131
Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-19 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2021-1995
Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...
Advisory ROSA-SA-2021-1993
Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1973
Software: spamassassin 3.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-11780 CVE-Crit: CRITICAL CVE-DESC: A potential remote code execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. CVE-STATUS: Default CVE-REV: default CVE-ID: CVE-2018-11805 CVE-Crit: MEDIUM CVE-DESC: In Apach...
Advisory ROSA-SA-2021-1957
Software: python 2.7.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-7040 CVE-Crit: CRITICAL. CVE-DESC: Python 2.7 through 3.4 uses only the last eight bits of the prefix to randomize hash values, causing it to compute hash values without limiting the ability to predictably initiate hash code collisions and...
Advisory ROSA-SA-2024-2519
software: log4j12 1.2.17 OS: ROSA-CHROME packageevrstring: log4j12-1.2.17-26 CVE-ID: CVE-2019-17571 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: Log4j 1.2 includes a SocketServer class that is vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in...
Advisory ROSA-SA-2024-2494
Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.1.res7 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document generation softwar...
Advisory ROSA-SA-2024-2489
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.16 CVE-ID: CVE-2023-2828 BDU-ID: 2023-07642 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2397
Software: protobuf-c 1.4.1 OS: ROSA-CHROME packageevrstring: protobuf-c-1.4.1-2.src.rpm CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow. Exploitatio...
Advisory ROSA-SA-2024-2385
Software: kernel-ml-6.6 6.6.11 OS: rosa-server79 packageevrstring: kernel-ml-6.6.6.11-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...
Advisory ROSA-SA-2024-2362
Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...
Advisory ROSA-SA-2024-2333
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-10.rv3.src.rpm CVE-ID: CVE-2021-3634 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in libssh for versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets throughout a session. One ...
Advisory ROSA-SA-2023-2312
Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2023-22045 BDU-ID: 2023-04350 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Enterprise Edition...
Advisory ROSA-SA-2023-2214
Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2021-3796 BDU-ID: 2021-05417 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the nvreplace function of the VIM text editor is related to memory usage after it has been freed. Exploitation o...
Advisory ROSA-SA-2023-2121
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26 CVE-ID: CVE-2022-2795 BDU-ID: 2022-06124 CVE-Crit: HIGH CVE-DESC: A vulnerability in the DNS BIND server is related to improper management of internal resources within the application when processing large delegations...
Advisory ROSA-SA-2021-1982
Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...
Advisory ROSA-SA-2021-1916
Software: mate-screensaver 1.16.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...
Advisory ROSA-SA-2021-1915
Software: mate-desktop 1.16.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...
Advisory ROSA-SA-2025-2568
software: dnsmasq 2.90 WASP: ROSA-CHROME packageevrstring: dnsmasq-2.90-1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted...
Advisory ROSA-SA-2024-2344
Software: gstreamer-plugins-bad-free 0.10.23 OS: rosa-server79 packageevrstring: gstreamer-plugins-bad-free-0.10.23-24.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...
Advisory ROSA-SA-2024-2335
software: xterm 386 WASP: ROSA-CHROME packageevrstring: xterm-386-1.src.rpm CVE-ID: CVE-2023-40359 BDU-ID: 2023-07914 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting ReGIS Reporting feature of the XTerm terminal emulator is related to an operation exceeding...
Advisory ROSA-SA-2023-2268
software: vim 9.0.1572 WASP: ROSA-CHROME packageevrstring: vim-9.0.1572-1.src.rpm CVE-ID: CVE-2023-0049 BDU-ID: 2023-00068 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the buildstlstrhl buffer.c function of the Vim text editor is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2023-2250
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2203
Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...
Advisory ROSA-SA-2023-2180
Software: kernel-ml 5.15.114 OS: rosa-server79 packageevrstring: kernel-ml-5.15.114-1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...