Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2023/07/04 1:1 p.m.•49 views

Advisory ROSA-SA-2023-2180

Software: kernel-ml 5.15.114 OS: rosa-server79 packageevrstring: kernel-ml-5.15.114-1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...

7.8CVSS6.8AI score0.00491EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/06/20 10:21 a.m.•49 views

Advisory ROSA-SA-2023-2170

software: libksba 1.3.5 OS: ROSA-CHROME packageevrstring: libksba-1.3.5-10.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the CRL parser...

9.8CVSS7.9AI score0.01635EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/03/28 1:38 p.m.•49 views

Advisory ROSA-SA-2023-2136

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:21 p.m.•49 views

Advisory ROSA-SA-2021-1998

Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...

8.1CVSS7.2AI score0.05372EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:19 p.m.•49 views

Advisory ROSA-SA-2021-1996

Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...

8.1CVSS8.3AI score0.07499EPSS
Exploits7
Rosalinux
Rosalinux
•added 2021/07/02 5:38 p.m.•49 views

Advisory ROSA-SA-2021-1938

Software: openssh 7.4p1 OS: Cobalt 7.9 CVE-ID: CVE-2011-4327 CVE-Crit: CRITICAL CVE-DESC: ssh-keysign.c in ssh-keysign in OpenSSH before version 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, allowing local users to obtain sensitive key information via ...

7.8CVSS8.3AI score0.88944EPSS
Exploits39
Rosalinux
Rosalinux
•added 2021/07/02 5:33 p.m.•49 views

Advisory ROSA-SA-2021-1930

Software: nettle 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-16869 CVE-Crit: MEDIUM. CVE-DESC: An oracle attack based on a Bleichenbacher-type side-channel was discovered in the way nettle handles the final transformation of PKCS 1 v1.5 data decrypted with RSA. An attacker who could run a process on th...

8.1CVSS6.6AI score0.01607EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:32 p.m.•49 views

Advisory ROSA-SA-2021-1927

Software: ncurses 5.9 OS: Cobalt 7.9 CVE-ID: CVE-2019-15547 CVE-Crit: HIGH CVE-DESC: An issue has been discovered in the ncurses box prior to version 5.99.0 for Rust. The printw functions have format string problems due to improper handling of C format arguments. CVE-STATUS: default CVE-REV:...

9.8CVSS7.2AI score0.02034EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/07/15 8:46 a.m.•48 views

Advisory ROSA-SA-2024-2450

Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2016-2124 BDU-ID: 2021-05993 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability was discovered in the way Samba implemented SMB1 authentication. An attacker could use this vulnerability to extract the public...

9CVSS7.4AI score0.13794EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/05/14 9:30 a.m.•48 views

Advisory ROSA-SA-2024-2420

Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 packageevrstring: jackson-databind-2.10.0 CVE-ID: CVE-2020-35490 BDU-ID: 2022-03804 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library o...

8.8CVSS8.1AI score0.20929EPSS
Exploits14
Rosalinux
Rosalinux
•added 2024/04/11 7:39 a.m.•48 views

Advisory ROSA-SA-2024-2396

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional...

7.8CVSS7.2AI score0.55367EPSS
Exploits20
Rosalinux
Rosalinux
•added 2024/04/02 7:35 a.m.•48 views

Advisory ROSA-SA-2024-2390

Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-2858 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file. CVE-STATUS: Fixed CVE-REV: To close, run the...

7.5CVSS7.8AI score0.02771EPSS
Exploits7
Rosalinux
Rosalinux
•added 2023/12/26 12:4 p.m.•48 views

Advisory ROSA-SA-2023-2319

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...

6.5CVSS6.8AI score0.01086EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/08/08 7:51 a.m.•48 views

Advisory ROSA-SA-2023-2209

software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.1.7-1.src.rpm CVE-ID: CVE-2021-43784 BDU-ID: 2023-02652 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting...

7.8CVSS7.1AI score0.01677EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/08/01 1:17 p.m.•48 views

Advisory ROSA-SA-2023-2206

software: kernel-5.15 5.15.117 WASP: ROSA-CHROME packageevrstring: kernel-5.15-generic-5.15.117-1.src.rpm CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control duri...

7.8CVSS6.7AI score0.00491EPSS
Exploits1
Rosalinux
Rosalinux
•added 2022/12/06 12:24 p.m.•48 views

Advisory ROSA-SA-2022-2062

Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...

8.8CVSS8.6AI score0.00956EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:21 p.m.•48 views

Advisory ROSA-SA-2021-1999

Software: xchat 2.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2011-5129 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service failure and possibly execute arbitrary code using a long response string. CVE-STATUS: default CVE-REV:...

5CVSS7.8AI score0.07696EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/10/03 8:39 p.m.•47 views

Advisory ROSA-SA-2024-2481

Software: java-11-openjdk 11.0.23.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.23.0.9-2.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK,...

7.4CVSS5.3AI score0.01361EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/08/28 8:15 a.m.•47 views

Advisory ROSA-SA-2024-2471

software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3-22 CVE-ID: CVE-2021-36770 BDU-ID: 2021-05374 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Encode.pm module of the Perl programming language interpreter is related to incorrect search path handling. Exploitation of the...

8.1CVSS8.2AI score0.01742EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/06/03 8:46 a.m.•47 views

Advisory ROSA-SA-2024-2429

Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3 CVE-ID: CVE-2023-2731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing bug was found in the LZWDecode function of the Libtiff library in the libtiff/tiflzw.c file. This flaw allows a...

5.5CVSS5.9AI score0.00427EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/12/19 8:49 a.m.•47 views

Advisory ROSA-SA-2023-2311

software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...

9.8CVSS6.2AI score0.02944EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/31 2:41 p.m.•47 views

Advisory ROSA-SA-2023-2287

Software: dnsmasq 2.79 OS: ROSA Virtualization 2.1 packageevrstring: dnsmasq-2.79-26.rv3.src.rpm CVE-ID: CVE-2022-0934 BDU-ID: 2022-03253 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DHCPv6 protocol implementation of the Dnsmasq DNS server is related to a memory usage error after memory is...

7.5CVSS6.7AI score0.01499EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/15 9:37 a.m.•47 views

Advisory ROSA-SA-2023-2216

software: subversion 1.14.2 OS: ROSA-CHROME packageevrstring: subversion-1.14.2-1.src.rpm CVE-ID: CVE-2020-17525 BDU-ID: 2022-00306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrect handling of reques...

7.5CVSS7AI score0.40075EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/04/04 3:28 p.m.•47 views

Advisory ROSA-SA-2023-2139

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21282 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...

5.3CVSS5.2AI score0.03782EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/01/31 12:50 p.m.•47 views

Advisory ROSA-SA-2023-2075

Software: sudo 1.8.23 OS: rosa-server79 packageevrstring: sudo-1.8.23-11 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: HIGH CVE-DESC: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional arguments in environmen...

7.8CVSS7.8AI score0.55367EPSS
Exploits20
Rosalinux
Rosalinux
•added 2021/07/02 6:10 p.m.•47 views

Advisory ROSA-SA-2021-1976

Software: squid 3.5.20 OS: Cobalt 7.9 CVE-ID: CVE-2016-10003 CVE-Crit: HIGH CVE-DESC: An incorrect comparison of HTTP request headers in Squid HTTP Proxy 3.5.0.0.1-3.5.22 and 4.0.1-4.0.16 causes Collapsed Forwarding to incorrectly identify some private responses as suitable for delivery to multip...

9.8CVSS9.6AI score0.40982EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•47 views

Advisory ROSA-SA-2021-1963

Software: rpm 4.11.3 OS: Cobalt 7.9 CVE-ID: CVE-2017-7501 CVE-Crit: HIGH CVE-DESC: It was discovered that rpm versions prior to 4.13.0.2 use temporary files with predictable names when installing RPM. An attacker with the ability to write to the directory where the files will be installed could...

7.8CVSS7.1AI score0.01706EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:29 p.m.•47 views

Advisory ROSA-SA-2021-1918

Software: mercurial 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-9462 CVE-Crit: CRITICAL CVE-DESC: The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via the created repository name in the clone command. CVE-STATUS: default CVE-REV: defau...

10CVSS8.2AI score0.06331EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:18 p.m.•47 views

Advisory ROSA-SA-2021-1896

Software: libtiff 4.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-3620 CVE-Crit: HIGH CVE-DESC: The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" parameter is used, allows remote attackers to cause a denial of service buffer overflow via a generated BMP...

9.1CVSS9.7AI score0.05789EPSS
Exploits4
Rosalinux
Rosalinux
•added 2026/06/01 12:20 p.m.•46 views

Advisory ROSA-SA-2026-3308

CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: The vulnerability in the tcsd daemon of the TrouSerS package relates to the possibility of attacks through symbolic links when creating the system.data file. It allows a local malicious actor tss user to create or damage arbitrar...

7.8CVSS5.9AI score0.00553EPSS
Exploits3
Rosalinux
Rosalinux
•added 2025/01/28 7:26 p.m.•46 views

Advisory ROSA-SA-2025-2654

software: unifdef 2.12 WASP: ROSA-CHROME packageevrstring: unifdef-2.12-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...

9.8CVSS9.5AI score0.01356EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 9:44 p.m.•46 views

Advisory ROSA-SA-2024-2495

Software: libvpx 1.7.0 OS: ROSA Virtualization 2.1 packageevrstring: libvpx-1.7.0-11.rv3 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special form...

9.1CVSS8.4AI score0.49013EPSS
Exploits4
Rosalinux
Rosalinux
•added 2024/03/28 6:51 a.m.•46 views

Advisory ROSA-SA-2024-2383

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.105.1.el7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP...

8.8CVSS7.8AI score0.09141EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/02/20 9:34 a.m.•46 views

Advisory ROSA-SA-2024-2352

Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-31.res7 CVE-ID: CVE-2023-6816 BDU-ID: 2024-00405 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related to an operation...

9.8CVSS10AI score0.02106EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/10 8:57 a.m.•46 views

Advisory ROSA-SA-2023-2239

software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...

7.5CVSS7.4AI score0.1074EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/04 1:1 p.m.•46 views

Advisory ROSA-SA-2023-2179

Software: kernel-ml 6.1.31 OS: rosa-server79 packageevrstring: kernel-ml-6.1.31-1.0.1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...

7.8CVSS6.8AI score0.00491EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/04/11 2:18 p.m.•46 views

Advisory ROSA-SA-2023-2151

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-39399 BDU-ID: None CVE-Crit: LOW CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM...

5.3CVSS5.4AI score0.02376EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 4:58 p.m.•46 views

Advisory ROSA-SA-2021-1847

Software: gnutls 3.3.29 OS: Cobalt 7.9 CVE-ID: CVE-2014-3469 CVE-Crit: CRITICAL CVE-DESC: The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allow context-sensitive attackers to cause a denial of service dereferencing a NULL pointer and crashing via a NULL value in t...

7.5CVSS7.3AI score0.068EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:39 p.m.•46 views

Advisory ROSA-SA-2021-1828

Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...

8.8CVSS8.2AI score0.04009EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/03/01 9:32 p.m.•45 views

Advisory ROSA-SA-2025-2740

Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.1 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...

7.5CVSS7.5AI score0.99999EPSS
Exploits22
Rosalinux
Rosalinux
•added 2024/10/03 10:17 p.m.•45 views

Advisory ROSA-SA-2024-2499

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 2.1 packageevrstring: python-setuptools-39.2.0-8.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...

8.8CVSS7.6AI score0.02617EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/10/03 9:51 p.m.•45 views

Advisory ROSA-SA-2024-2496

Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-60.rv3 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the...

7.5CVSS8.1AI score0.02421EPSS
Exploits3
Rosalinux
Rosalinux
•added 2024/05/14 8:56 a.m.•45 views

Advisory ROSA-SA-2024-2419

software: heimdal 7.8.0 WASP: ROSA-CHROME packageevrstring: heimdal-7.8.0-1 CVE-ID: CVE-2021-44758 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: heimdal allowed attackers to cause null pointer dereferencing in the SPNEGO receiver via the preferredmechtype GSSCNOOID and a non-zero initialresponse value f...

9.8CVSS8.4AI score0.06419EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/01/30 8:40 a.m.•45 views

Advisory ROSA-SA-2024-2334

software: ansible 2.9.27 WASP: ROSA-CHROME packageevrstring: ansible-2.9.27-1.src.rpm CVE-ID: CVE-2021-20178 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in the ansible module where default credentials are exposed in the console log and are not protected by the security feature...

7.5CVSS6.6AI score0.00712EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/10 9:26 a.m.•45 views

Advisory ROSA-SA-2023-2241

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-3397 BDU-ID: 2023-03779 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the JFS file system of the Linux operating system kernel is related to the reuse of previously freed memory due to...

7.8CVSS6.9AI score0.0205EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/05/15 7:47 a.m.•45 views

Advisory ROSA-SA-2023-2163

Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-2.rv3.src.rpm CVE-ID: CVE-2019-25032 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: Unbound before 1.9.5 allows integer overflow in the regional allocator via regionalalloc. CVE-STATUS: Fixed CVE-REV: Run the yum...

9.8CVSS7.3AI score0.02179EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:18 p.m.•45 views

Advisory ROSA-SA-2021-1992

Software: util-linux 2.23.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-5224 CVE-Crit: CRITICAL CVE-DESC: The mkostemp function in login-utils in util-linux, when misused, allows remote attackers to cause file name conflict and possibly other attacks. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2016-501...

9.8CVSS6.9AI score0.04526EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:17 p.m.•45 views

Advisory ROSA-SA-2021-1893

Software: libssh2 1.8.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-13115 CVE-Crit: HIGH CVE-DESC: In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that can cause out-of-range reads when reading packets from the server. A remote attacker...

8.1CVSS7.6AI score0.11659EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:11 p.m.•45 views

Advisory ROSA-SA-2021-1865

Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...

7.1CVSS7.1AI score0.12996EPSS
Exploits7
Rosalinux
Rosalinux
•added 2025/01/28 7:35 p.m.•44 views

Advisory ROSA-SA-2025-2662

software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...

6.5CVSS7.3AI score0.93305EPSS
Exploits12
Total number of security vulnerabilities1374