1374 matches found
Advisory ROSA-SA-2023-2180
Software: kernel-ml 5.15.114 OS: rosa-server79 packageevrstring: kernel-ml-5.15.114-1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...
Advisory ROSA-SA-2023-2170
software: libksba 1.3.5 OS: ROSA-CHROME packageevrstring: libksba-1.3.5-10.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the CRL parser...
Advisory ROSA-SA-2023-2136
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...
Advisory ROSA-SA-2021-1998
Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...
Advisory ROSA-SA-2021-1996
Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...
Advisory ROSA-SA-2021-1938
Software: openssh 7.4p1 OS: Cobalt 7.9 CVE-ID: CVE-2011-4327 CVE-Crit: CRITICAL CVE-DESC: ssh-keysign.c in ssh-keysign in OpenSSH before version 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, allowing local users to obtain sensitive key information via ...
Advisory ROSA-SA-2021-1930
Software: nettle 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-16869 CVE-Crit: MEDIUM. CVE-DESC: An oracle attack based on a Bleichenbacher-type side-channel was discovered in the way nettle handles the final transformation of PKCS 1 v1.5 data decrypted with RSA. An attacker who could run a process on th...
Advisory ROSA-SA-2021-1927
Software: ncurses 5.9 OS: Cobalt 7.9 CVE-ID: CVE-2019-15547 CVE-Crit: HIGH CVE-DESC: An issue has been discovered in the ncurses box prior to version 5.99.0 for Rust. The printw functions have format string problems due to improper handling of C format arguments. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2024-2450
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2016-2124 BDU-ID: 2021-05993 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability was discovered in the way Samba implemented SMB1 authentication. An attacker could use this vulnerability to extract the public...
Advisory ROSA-SA-2024-2420
Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 packageevrstring: jackson-databind-2.10.0 CVE-ID: CVE-2020-35490 BDU-ID: 2022-03804 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library o...
Advisory ROSA-SA-2024-2396
Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional...
Advisory ROSA-SA-2024-2390
Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-2858 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file. CVE-STATUS: Fixed CVE-REV: To close, run the...
Advisory ROSA-SA-2023-2319
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...
Advisory ROSA-SA-2023-2209
software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.1.7-1.src.rpm CVE-ID: CVE-2021-43784 BDU-ID: 2023-02652 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting...
Advisory ROSA-SA-2023-2206
software: kernel-5.15 5.15.117 WASP: ROSA-CHROME packageevrstring: kernel-5.15-generic-5.15.117-1.src.rpm CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control duri...
Advisory ROSA-SA-2022-2062
Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...
Advisory ROSA-SA-2021-1999
Software: xchat 2.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2011-5129 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service failure and possibly execute arbitrary code using a long response string. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2024-2481
Software: java-11-openjdk 11.0.23.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.23.0.9-2.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK,...
Advisory ROSA-SA-2024-2471
software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3-22 CVE-ID: CVE-2021-36770 BDU-ID: 2021-05374 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Encode.pm module of the Perl programming language interpreter is related to incorrect search path handling. Exploitation of the...
Advisory ROSA-SA-2024-2429
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3 CVE-ID: CVE-2023-2731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing bug was found in the LZWDecode function of the Libtiff library in the libtiff/tiflzw.c file. This flaw allows a...
Advisory ROSA-SA-2023-2311
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...
Advisory ROSA-SA-2023-2287
Software: dnsmasq 2.79 OS: ROSA Virtualization 2.1 packageevrstring: dnsmasq-2.79-26.rv3.src.rpm CVE-ID: CVE-2022-0934 BDU-ID: 2022-03253 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DHCPv6 protocol implementation of the Dnsmasq DNS server is related to a memory usage error after memory is...
Advisory ROSA-SA-2023-2216
software: subversion 1.14.2 OS: ROSA-CHROME packageevrstring: subversion-1.14.2-1.src.rpm CVE-ID: CVE-2020-17525 BDU-ID: 2022-00306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrect handling of reques...
Advisory ROSA-SA-2023-2139
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21282 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...
Advisory ROSA-SA-2023-2075
Software: sudo 1.8.23 OS: rosa-server79 packageevrstring: sudo-1.8.23-11 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: HIGH CVE-DESC: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional arguments in environmen...
Advisory ROSA-SA-2021-1976
Software: squid 3.5.20 OS: Cobalt 7.9 CVE-ID: CVE-2016-10003 CVE-Crit: HIGH CVE-DESC: An incorrect comparison of HTTP request headers in Squid HTTP Proxy 3.5.0.0.1-3.5.22 and 4.0.1-4.0.16 causes Collapsed Forwarding to incorrectly identify some private responses as suitable for delivery to multip...
Advisory ROSA-SA-2021-1963
Software: rpm 4.11.3 OS: Cobalt 7.9 CVE-ID: CVE-2017-7501 CVE-Crit: HIGH CVE-DESC: It was discovered that rpm versions prior to 4.13.0.2 use temporary files with predictable names when installing RPM. An attacker with the ability to write to the directory where the files will be installed could...
Advisory ROSA-SA-2021-1918
Software: mercurial 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-9462 CVE-Crit: CRITICAL CVE-DESC: The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via the created repository name in the clone command. CVE-STATUS: default CVE-REV: defau...
Advisory ROSA-SA-2021-1896
Software: libtiff 4.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-3620 CVE-Crit: HIGH CVE-DESC: The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" parameter is used, allows remote attackers to cause a denial of service buffer overflow via a generated BMP...
Advisory ROSA-SA-2026-3308
CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: The vulnerability in the tcsd daemon of the TrouSerS package relates to the possibility of attacks through symbolic links when creating the system.data file. It allows a local malicious actor tss user to create or damage arbitrar...
Advisory ROSA-SA-2025-2654
software: unifdef 2.12 WASP: ROSA-CHROME packageevrstring: unifdef-2.12-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...
Advisory ROSA-SA-2024-2495
Software: libvpx 1.7.0 OS: ROSA Virtualization 2.1 packageevrstring: libvpx-1.7.0-11.rv3 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special form...
Advisory ROSA-SA-2024-2383
Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.105.1.el7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP...
Advisory ROSA-SA-2024-2352
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-31.res7 CVE-ID: CVE-2023-6816 BDU-ID: 2024-00405 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related to an operation...
Advisory ROSA-SA-2023-2239
software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...
Advisory ROSA-SA-2023-2179
Software: kernel-ml 6.1.31 OS: rosa-server79 packageevrstring: kernel-ml-6.1.31-1.0.1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...
Advisory ROSA-SA-2023-2151
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-39399 BDU-ID: None CVE-Crit: LOW CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM...
Advisory ROSA-SA-2021-1847
Software: gnutls 3.3.29 OS: Cobalt 7.9 CVE-ID: CVE-2014-3469 CVE-Crit: CRITICAL CVE-DESC: The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allow context-sensitive attackers to cause a denial of service dereferencing a NULL pointer and crashing via a NULL value in t...
Advisory ROSA-SA-2021-1828
Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...
Advisory ROSA-SA-2025-2740
Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.1 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...
Advisory ROSA-SA-2024-2499
Software: python-setuptools 39.2.0 OS: ROSA Virtualization 2.1 packageevrstring: python-setuptools-39.2.0-8.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...
Advisory ROSA-SA-2024-2496
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-60.rv3 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2024-2419
software: heimdal 7.8.0 WASP: ROSA-CHROME packageevrstring: heimdal-7.8.0-1 CVE-ID: CVE-2021-44758 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: heimdal allowed attackers to cause null pointer dereferencing in the SPNEGO receiver via the preferredmechtype GSSCNOOID and a non-zero initialresponse value f...
Advisory ROSA-SA-2024-2334
software: ansible 2.9.27 WASP: ROSA-CHROME packageevrstring: ansible-2.9.27-1.src.rpm CVE-ID: CVE-2021-20178 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in the ansible module where default credentials are exposed in the console log and are not protected by the security feature...
Advisory ROSA-SA-2023-2241
Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-3397 BDU-ID: 2023-03779 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the JFS file system of the Linux operating system kernel is related to the reuse of previously freed memory due to...
Advisory ROSA-SA-2023-2163
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-2.rv3.src.rpm CVE-ID: CVE-2019-25032 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: Unbound before 1.9.5 allows integer overflow in the regional allocator via regionalalloc. CVE-STATUS: Fixed CVE-REV: Run the yum...
Advisory ROSA-SA-2021-1992
Software: util-linux 2.23.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-5224 CVE-Crit: CRITICAL CVE-DESC: The mkostemp function in login-utils in util-linux, when misused, allows remote attackers to cause file name conflict and possibly other attacks. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2016-501...
Advisory ROSA-SA-2021-1893
Software: libssh2 1.8.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-13115 CVE-Crit: HIGH CVE-DESC: In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that can cause out-of-range reads when reading packets from the server. A remote attacker...
Advisory ROSA-SA-2021-1865
Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2025-2662
software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...