Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2022/12/06 12:24 p.m.•48 views

Advisory ROSA-SA-2022-2062

Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...

8.8CVSS8.6AI score0.00956EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•48 views

Advisory ROSA-SA-2021-1962

Software: rpcbind 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-8779 CVE-Crit: HIGH CVE-DESC: rpcbind before 0.2.4, LIBTIRPC before 1.0.1 and 1.0.2-rc before 1.0.2-rc3 and NTIRPC before 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, allowing remote attackers to...

7.8CVSS7.2AI score0.81921EPSS
Exploits4
Rosalinux
Rosalinux
•added 2021/07/02 6:3 p.m.•48 views

Advisory ROSA-SA-2021-1957

Software: python 2.7.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-7040 CVE-Crit: CRITICAL. CVE-DESC: Python 2.7 through 3.4 uses only the last eight bits of the prefix to randomize hash values, causing it to compute hash values without limiting the ability to predictably initiate hash code collisions and...

10CVSS9.4AI score0.28319EPSS
Exploits12
Rosalinux
Rosalinux
•added 2021/07/02 5:10 p.m.•48 views

Advisory ROSA-SA-2021-1862

Software: libarchive 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-2304 CVE-Crit: HIGH CVE-DESC: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via the full path in the archive. CVE-STATUS: default CVE-REV: default...

8.6CVSS9AI score0.06251EPSS
Exploits8
Rosalinux
Rosalinux
•added 2024/08/28 8:15 a.m.•47 views

Advisory ROSA-SA-2024-2471

software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3-22 CVE-ID: CVE-2021-36770 BDU-ID: 2021-05374 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Encode.pm module of the Perl programming language interpreter is related to incorrect search path handling. Exploitation of the...

8.1CVSS8.2AI score0.01742EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/07/15 9:4 a.m.•47 views

Advisory ROSA-SA-2024-2451

Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2020-25722 BDU-ID: 2022-00004 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Active Directory Domain Controller component of the Samba networking software package is caused by a buffer overflow...

9.8CVSS8.1AI score0.7372EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/06/03 8:46 a.m.•47 views

Advisory ROSA-SA-2024-2429

Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3 CVE-ID: CVE-2023-2731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing bug was found in the LZWDecode function of the Libtiff library in the libtiff/tiflzw.c file. This flaw allows a...

5.5CVSS5.9AI score0.00427EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/05/14 9:30 a.m.•47 views

Advisory ROSA-SA-2024-2420

Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 packageevrstring: jackson-databind-2.10.0 CVE-ID: CVE-2020-35490 BDU-ID: 2022-03804 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library o...

8.8CVSS8.1AI score0.20929EPSS
Exploits14
Rosalinux
Rosalinux
•added 2024/02/27 9:20 a.m.•47 views

Advisory ROSA-SA-2024-2362

Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...

6.1CVSS7.3AI score0.0175EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/31 2:41 p.m.•47 views

Advisory ROSA-SA-2023-2287

Software: dnsmasq 2.79 OS: ROSA Virtualization 2.1 packageevrstring: dnsmasq-2.79-26.rv3.src.rpm CVE-ID: CVE-2022-0934 BDU-ID: 2022-03253 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DHCPv6 protocol implementation of the Dnsmasq DNS server is related to a memory usage error after memory is...

7.5CVSS6.7AI score0.01487EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/15 9:37 a.m.•47 views

Advisory ROSA-SA-2023-2216

software: subversion 1.14.2 OS: ROSA-CHROME packageevrstring: subversion-1.14.2-1.src.rpm CVE-ID: CVE-2020-17525 BDU-ID: 2022-00306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrect handling of reques...

7.5CVSS7AI score0.40075EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/01/31 12:50 p.m.•47 views

Advisory ROSA-SA-2023-2075

Software: sudo 1.8.23 OS: rosa-server79 packageevrstring: sudo-1.8.23-11 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: HIGH CVE-DESC: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional arguments in environmen...

7.8CVSS7.8AI score0.55367EPSS
Exploits20
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•47 views

Advisory ROSA-SA-2021-1963

Software: rpm 4.11.3 OS: Cobalt 7.9 CVE-ID: CVE-2017-7501 CVE-Crit: HIGH CVE-DESC: It was discovered that rpm versions prior to 4.13.0.2 use temporary files with predictable names when installing RPM. An attacker with the ability to write to the directory where the files will be installed could...

7.8CVSS7.1AI score0.01706EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:29 p.m.•47 views

Advisory ROSA-SA-2021-1918

Software: mercurial 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-9462 CVE-Crit: CRITICAL CVE-DESC: The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via the created repository name in the clone command. CVE-STATUS: default CVE-REV: defau...

10CVSS8.2AI score0.06331EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:18 p.m.•47 views

Advisory ROSA-SA-2021-1896

Software: libtiff 4.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-3620 CVE-Crit: HIGH CVE-DESC: The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" parameter is used, allows remote attackers to cause a denial of service buffer overflow via a generated BMP...

9.1CVSS9.7AI score0.05789EPSS
Exploits4
Rosalinux
Rosalinux
•added 2026/06/01 12:20 p.m.•46 views

Advisory ROSA-SA-2026-3308

CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: The vulnerability in the tcsd daemon of the TrouSerS package relates to the possibility of attacks through symbolic links when creating the system.data file. It allows a local malicious actor tss user to create or damage arbitrar...

7.8CVSS5.9AI score0.00553EPSS
Exploits3
Rosalinux
Rosalinux
•added 2024/03/28 6:51 a.m.•46 views

Advisory ROSA-SA-2024-2383

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.105.1.el7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP...

8.8CVSS7.8AI score0.09141EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/02/20 9:34 a.m.•46 views

Advisory ROSA-SA-2024-2352

Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-31.res7 CVE-ID: CVE-2023-6816 BDU-ID: 2024-00405 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related to an operation...

9.8CVSS10AI score0.02106EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/10 8:57 a.m.•46 views

Advisory ROSA-SA-2023-2239

software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...

7.5CVSS7.4AI score0.1074EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/04 1:1 p.m.•46 views

Advisory ROSA-SA-2023-2179

Software: kernel-ml 6.1.31 OS: rosa-server79 packageevrstring: kernel-ml-6.1.31-1.0.1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...

7.8CVSS6.8AI score0.00491EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/04/04 3:28 p.m.•46 views

Advisory ROSA-SA-2023-2139

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21282 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...

5.3CVSS5.2AI score0.03782EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:32 p.m.•46 views

Advisory ROSA-SA-2021-1927

Software: ncurses 5.9 OS: Cobalt 7.9 CVE-ID: CVE-2019-15547 CVE-Crit: HIGH CVE-DESC: An issue has been discovered in the ncurses box prior to version 5.99.0 for Rust. The printw functions have format string problems due to improper handling of C format arguments. CVE-STATUS: default CVE-REV:...

9.8CVSS7.2AI score0.02034EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 4:58 p.m.•46 views

Advisory ROSA-SA-2021-1847

Software: gnutls 3.3.29 OS: Cobalt 7.9 CVE-ID: CVE-2014-3469 CVE-Crit: CRITICAL CVE-DESC: The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allow context-sensitive attackers to cause a denial of service dereferencing a NULL pointer and crashing via a NULL value in t...

7.5CVSS7.3AI score0.068EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:39 p.m.•46 views

Advisory ROSA-SA-2021-1828

Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...

8.8CVSS8.2AI score0.04009EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/03/01 9:32 p.m.•45 views

Advisory ROSA-SA-2025-2740

Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.1 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...

7.5CVSS7.5AI score0.99999EPSS
Exploits22
Rosalinux
Rosalinux
•added 2025/01/28 7:26 p.m.•45 views

Advisory ROSA-SA-2025-2654

software: unifdef 2.12 WASP: ROSA-CHROME packageevrstring: unifdef-2.12-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...

9.8CVSS9.5AI score0.01356EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 10:17 p.m.•45 views

Advisory ROSA-SA-2024-2499

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 2.1 packageevrstring: python-setuptools-39.2.0-8.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...

8.8CVSS7.6AI score0.02617EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/10/03 9:51 p.m.•45 views

Advisory ROSA-SA-2024-2496

Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-60.rv3 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the...

7.5CVSS8.1AI score0.02421EPSS
Exploits3
Rosalinux
Rosalinux
•added 2024/10/03 9:44 p.m.•45 views

Advisory ROSA-SA-2024-2495

Software: libvpx 1.7.0 OS: ROSA Virtualization 2.1 packageevrstring: libvpx-1.7.0-11.rv3 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special form...

9.1CVSS8.4AI score0.49013EPSS
Exploits4
Rosalinux
Rosalinux
•added 2024/01/30 8:40 a.m.•45 views

Advisory ROSA-SA-2024-2334

software: ansible 2.9.27 WASP: ROSA-CHROME packageevrstring: ansible-2.9.27-1.src.rpm CVE-ID: CVE-2021-20178 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in the ansible module where default credentials are exposed in the console log and are not protected by the security feature...

7.5CVSS6.6AI score0.00712EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/12/26 12:4 p.m.•45 views

Advisory ROSA-SA-2023-2319

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...

6.5CVSS6.8AI score0.01086EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/12/19 11:53 a.m.•45 views

Advisory ROSA-SA-2023-2312

Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2023-22045 BDU-ID: 2023-04350 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Enterprise Edition...

5.9CVSS7.2AI score0.08346EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/05/15 7:47 a.m.•45 views

Advisory ROSA-SA-2023-2163

Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-2.rv3.src.rpm CVE-ID: CVE-2019-25032 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: Unbound before 1.9.5 allows integer overflow in the regional allocator via regionalalloc. CVE-STATUS: Fixed CVE-REV: Run the yum...

9.8CVSS7.3AI score0.02179EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:18 p.m.•45 views

Advisory ROSA-SA-2021-1992

Software: util-linux 2.23.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-5224 CVE-Crit: CRITICAL CVE-DESC: The mkostemp function in login-utils in util-linux, when misused, allows remote attackers to cause file name conflict and possibly other attacks. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2016-501...

9.8CVSS6.9AI score0.04526EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:11 p.m.•45 views

Advisory ROSA-SA-2021-1865

Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...

7.1CVSS7.1AI score0.12996EPSS
Exploits7
Rosalinux
Rosalinux
•added 2024/04/11 7:39 a.m.•44 views

Advisory ROSA-SA-2024-2396

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional...

7.8CVSS7.2AI score0.55367EPSS
Exploits20
Rosalinux
Rosalinux
•added 2024/04/02 7:35 a.m.•44 views

Advisory ROSA-SA-2024-2390

Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-2858 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file. CVE-STATUS: Fixed CVE-REV: To close, run the...

7.5CVSS7.8AI score0.02771EPSS
Exploits7
Rosalinux
Rosalinux
•added 2023/12/19 8:49 a.m.•44 views

Advisory ROSA-SA-2023-2311

software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...

9.8CVSS6.2AI score0.02944EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:24 a.m.•44 views

Advisory ROSA-SA-2023-2274

software: strongswan 5.9.10 OS: ROSA-CHROME packageevrstring: strongswan-5.9.10-1.src.rpm CVE-ID: CVE-2021-41990 BDU-ID: 2022-04051 CVE-Crit: HIGH CVE-DESC.: The gmp plugin in StrongSwan prior to version 5.9.4 has a remote integer overflow via a generated RSASSA-PSS signed certificate. For exampl...

9.1CVSS9.6AI score0.06438EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/11 11:3 a.m.•44 views

Advisory ROSA-SA-2023-2183

Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-8.rv3.src.rpm CVE-ID: CVE-2018-25009 BDU-ID: 2021-03097 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in...

9.8CVSS8.1AI score0.02662EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:18 p.m.•44 views

Advisory ROSA-SA-2021-1990

Software: unbound 1.6.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-15105 CVE-Crit: MEDIUM CVE-DESC: An error was found in the method of unbound to 1.6.8 verified NSEC records synthesized using wildcards. An improperly checked wildcard NSEC record may be used to prove the absence NXDOMAIN response of an...

7.5CVSS7.1AI score0.03506EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/10/03 9:14 p.m.•43 views

Advisory ROSA-SA-2024-2491

Software: dhcp 4.2.5 OS: rosa-server79 packageevrstring: dhcp-4.2.5-83.res7.2 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/17 1:31 p.m.•43 views

Advisory ROSA-SA-2024-2399

software: htmldoc 1.9.16 OS: ROSA-CHROME packageevrstring: htmldoc-1.9.16-1.src.rpm CVE-ID: CVE-2021-23165 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An error was detected in htmldoc. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may cause arbitrary code execution and denial of...

10CVSS8.7AI score0.03291EPSS
Exploits5
Rosalinux
Rosalinux
•added 2024/01/09 9:59 a.m.•43 views

Advisory ROSA-SA-2024-2322

Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 2.1 packageevrstring: libjpeg-turbo-1.5.3-12.rv3.src.rpm CVE-ID: CVE-2020-17541 BDU-ID: 2023-07622 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libjpeg-turbo image manipulation library is related to writing beyond buffer boundaries...

8.8CVSS8.7AI score0.02728EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/21 4:35 p.m.•43 views

Advisory ROSA-SA-2023-2257

Software: wireshark 4.0.5 OS: ROSA-CHROME packageevrstring: wireshark-4.0.5-1.src.rpm CVE-ID: CVE-2022-4344 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory shortage in the Kafka protocol dissector in Wireshark versions 4.0.0.0-4.0.1 and 3.6.0-3.6.9 allows denial of service via packet injection ...

7.5CVSS8.8AI score0.0462EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/08/15 9:26 a.m.•43 views

Advisory ROSA-SA-2023-2215

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2022-0392 BDU-ID: 2022-00992 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getexmodeline exgetln.c function of the vim text editor is related to writing beyond buffer boundaries in...

8.4CVSS8.7AI score0.02303EPSS
Exploits9
Rosalinux
Rosalinux
•added 2023/07/18 11:25 a.m.•43 views

Advisory ROSA-SA-2023-2193

Software: libksba 1.3.5 OS: ROSA Virtualization 2.1 packageevrstring: libksba-1.3.5-9.rv3.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the...

9.8CVSS7.9AI score0.01635EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/04/11 2:18 p.m.•43 views

Advisory ROSA-SA-2023-2151

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-39399 BDU-ID: None CVE-Crit: LOW CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM...

5.3CVSS5.4AI score0.02376EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/02/21 9:24 a.m.•43 views

Advisory ROSA-SA-2023-2120

Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...

7.5CVSS7.6AI score0.85323EPSS
Exploits3
Rosalinux
Rosalinux
•added 2021/07/02 6:10 p.m.•43 views

Advisory ROSA-SA-2021-1976

Software: squid 3.5.20 OS: Cobalt 7.9 CVE-ID: CVE-2016-10003 CVE-Crit: HIGH CVE-DESC: An incorrect comparison of HTTP request headers in Squid HTTP Proxy 3.5.0.0.1-3.5.22 and 4.0.1-4.0.16 causes Collapsed Forwarding to incorrectly identify some private responses as suitable for delivery to multip...

9.8CVSS9.6AI score0.40982EPSS
Exploits1
Total number of security vulnerabilities1374