Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2021/07/02 5:11 p.m.•45 views

Advisory ROSA-SA-2021-1865

Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...

7.1CVSS7.1AI score0.12996EPSS
Exploits7
Rosalinux
Rosalinux
•added 2025/01/28 7:35 p.m.•44 views

Advisory ROSA-SA-2025-2662

software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...

6.5CVSS7.3AI score0.93305EPSS
Exploits12
Rosalinux
Rosalinux
•added 2023/12/26 11:51 a.m.•44 views

Advisory ROSA-SA-2023-2316

Software: libgcrypt 1.8.5 OS: ROSA Virtualization 2.1 packageevrstring: libgcrypt-1.8.5-7.rv3.src.rpm CVE-ID: CVE-2021-40528 BDU-ID: 2022-00593 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libgcrypt cryptographic library is related to the use of a weak cryptographic algorithm. Exploitation ...

5.9CVSS6.7AI score0.01423EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/22 6:24 a.m.•44 views

Advisory ROSA-SA-2023-2274

software: strongswan 5.9.10 OS: ROSA-CHROME packageevrstring: strongswan-5.9.10-1.src.rpm CVE-ID: CVE-2021-41990 BDU-ID: 2022-04051 CVE-Crit: HIGH CVE-DESC.: The gmp plugin in StrongSwan prior to version 5.9.4 has a remote integer overflow via a generated RSASSA-PSS signed certificate. For exampl...

9.1CVSS9.6AI score0.06491EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/21 4:35 p.m.•44 views

Advisory ROSA-SA-2023-2257

Software: wireshark 4.0.5 OS: ROSA-CHROME packageevrstring: wireshark-4.0.5-1.src.rpm CVE-ID: CVE-2022-4344 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory shortage in the Kafka protocol dissector in Wireshark versions 4.0.0.0-4.0.1 and 3.6.0-3.6.9 allows denial of service via packet injection ...

7.5CVSS8.8AI score0.0462EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/08/08 8:12 a.m.•44 views

Advisory ROSA-SA-2023-2211

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3.src.rpm CVE-ID: CVE-2021-23840 BDU-ID: 2021-03742 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions of the OpenSSL TLS and SSL protocols...

10CVSS8.7AI score0.96275EPSS
Exploits8
Rosalinux
Rosalinux
•added 2023/07/11 11:3 a.m.•44 views

Advisory ROSA-SA-2023-2183

Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-8.rv3.src.rpm CVE-ID: CVE-2018-25009 BDU-ID: 2021-03097 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in...

9.8CVSS8.1AI score0.02662EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/06/20 9:12 a.m.•44 views

Advisory ROSA-SA-2023-2166

Software: thunderbird 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-2.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit...

8.1CVSS7.5AI score0.01673EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:18 p.m.•44 views

Advisory ROSA-SA-2021-1990

Software: unbound 1.6.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-15105 CVE-Crit: MEDIUM CVE-DESC: An error was found in the method of unbound to 1.6.8 verified NSEC records synthesized using wildcards. An improperly checked wildcard NSEC record may be used to prove the absence NXDOMAIN response of an...

7.5CVSS7.1AI score0.03506EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:0 p.m.•44 views

Advisory ROSA-SA-2021-1956

Software: procps-ng 3.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2018-1126. CVE-Crit: CRITICAL. CVE-DESC: procps-ng before version 3.3.15 is vulnerable due to incorrect integer size in proc / alloc. , Which leads to truncation / integer overflow problems. This flaw is related to CVE-2018-1124. CVE-STATUS:...

9.8CVSS8.8AI score0.09081EPSS
Exploits8
Rosalinux
Rosalinux
•added 2021/07/02 5:40 p.m.•44 views

Advisory ROSA-SA-2021-1947

Software: pcre 8.32 OS: Cobalt 7.9 CVE-ID: CVE-2015-2327 CVE-Crit: MEDIUM CVE-DESC: PCRE before version 8.36 incorrectly handles the pattern / a \ 2 | a \ g / / and related patterns with certain internal recursive backlinks, allowing remote attackers to cause a denial of service segmentation erro...

9.8CVSS9.1AI score0.06077EPSS
Exploits5
Rosalinux
Rosalinux
•added 2021/07/02 5:4 p.m.•44 views

Advisory ROSA-SA-2021-1851

Software: haproxy 1.5.18 OS: Cobalt 7.9 CVE-ID: CVE-2018-10184 CVE-Crit: HIGH CVE-DESC: An issue was found in HAProxy before 1.8.8. The length of the incoming H2 frame was checked by maxframesize instead of checking by bufsize. Maxframesize applies only to outgoing traffic, not incoming traffic, ...

9.8CVSS8.1AI score0.7024EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 4:31 p.m.•44 views

Advisory ROSA-SA-2021-1803

Software: bind 9.11.4 OS: Cobalt 7.9 CVE-ID: CVE-2018-5744 CVE-Crit: HIGH CVE-DESC: Memory release failure may occur when processing messages with a specific combination of EDNS parameters. Affected versions are BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1 and versions 9.10.7-S...

9.8CVSS8.4AI score0.82367EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/05/26 6:35 a.m.•43 views

Advisory ROSA-SA-2025-2872

Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.20.res7 CVE-ID: CVE-2022-40982 BDU-ID: 2023-04663 CVE-Crit: MEDIUM CVE-DESC.: A firmware vulnerability in Intel processors involves information leakage from vector registers. Exploitation of the vulnerability could...

8.8CVSS9.2AI score0.03882EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/10/03 9:14 p.m.•43 views

Advisory ROSA-SA-2024-2491

Software: dhcp 4.2.5 OS: rosa-server79 packageevrstring: dhcp-4.2.5-83.res7.2 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/07/31 9:7 a.m.•43 views

Advisory ROSA-SA-2024-2458

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29 CVE-ID: CVE-2022-43995 BDU-ID: 2022-06664 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the implementation of the crypt function of the Sudo system administration program is related to the ability to read outside of...

7.1CVSS6.7AI score0.00271EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/17 1:31 p.m.•43 views

Advisory ROSA-SA-2024-2399

software: htmldoc 1.9.16 OS: ROSA-CHROME packageevrstring: htmldoc-1.9.16-1.src.rpm CVE-ID: CVE-2021-23165 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An error was detected in htmldoc. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may cause arbitrary code execution and denial of...

10CVSS8.7AI score0.03291EPSS
Exploits5
Rosalinux
Rosalinux
•added 2024/01/09 9:59 a.m.•43 views

Advisory ROSA-SA-2024-2322

Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 2.1 packageevrstring: libjpeg-turbo-1.5.3-12.rv3.src.rpm CVE-ID: CVE-2020-17541 BDU-ID: 2023-07622 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libjpeg-turbo image manipulation library is related to writing beyond buffer boundaries...

8.8CVSS8.7AI score0.02728EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/08/22 1:21 p.m.•43 views

Advisory ROSA-SA-2023-2221

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-32206 BDU-ID: 2022-06918 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CURL server communication software tool is related to the allocation of unlimited memory. Exploitation of...

6.5CVSS6.9AI score0.3197EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/08/15 9:26 a.m.•43 views

Advisory ROSA-SA-2023-2215

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2022-0392 BDU-ID: 2022-00992 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getexmodeline exgetln.c function of the vim text editor is related to writing beyond buffer boundaries in...

8.4CVSS8.7AI score0.02303EPSS
Exploits9
Rosalinux
Rosalinux
•added 2023/07/18 11:25 a.m.•43 views

Advisory ROSA-SA-2023-2193

Software: libksba 1.3.5 OS: ROSA Virtualization 2.1 packageevrstring: libksba-1.3.5-9.rv3.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the...

9.8CVSS7.9AI score0.01635EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/02/21 9:24 a.m.•43 views

Advisory ROSA-SA-2023-2120

Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...

7.5CVSS7.6AI score0.85323EPSS
Exploits3
Rosalinux
Rosalinux
•added 2021/07/02 4:44 p.m.•43 views

Advisory ROSA-SA-2021-1837

Software: fuse 2.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-3202 CVE-Crit: HIGH CVE-DESC: fusermount in FUSE before 2.9.3-15 incorrectly clears the environment before calling 1 mount or 2 umount as root user, which allows local users to write arbitrary files via a created environment variable...

7.4CVSS6.8AI score0.01165EPSS
Exploits5
Rosalinux
Rosalinux
•added 2021/07/02 4:33 p.m.•43 views

Advisory ROSA-SA-2021-1808

Software: binutils 2.27 OS: Cobalt 7.9 CVE-ID: CVE-2017-12448 CVE-Crit: HIGH CVE-DESC: The bfdcacheclose function in bfd / cache.c in the Binary File Descriptor BFD library also known as libbfd distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke heap usage upon release...

7.8CVSS8.3AI score0.01989EPSS
Exploits3
Rosalinux
Rosalinux
•added 2025/04/11 9:49 p.m.•42 views

Advisory ROSA-SA-2025-2792

Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 3.0 packageevrstring: bind-dyndb-ldap-11.6-5.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/28 7:26 p.m.•42 views

Advisory ROSA-SA-2025-2653

software: libbacktrace 1.0 WASP: ROSA-CHROME packageevrstring: libbacktrace-1.0-1.gitcdb64b.3 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error...

9.8CVSS9.5AI score0.01356EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/06/17 8:57 a.m.•42 views

Advisory ROSA-SA-2024-2432

Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 packageevrstring: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users with access to the man user account to gain root privileges, because /usr/bin/mandb is executed by the root user,...

7.8CVSS7.8AI score0.00383EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/05/28 8:29 a.m.•42 views

Advisory ROSA-SA-2024-2426

software: busybox 1.36.1 OS: ROSA-CHROME packageevrstring: busybox-1.36.1-3 CVE-ID: CVE-2022-30065 BDU-ID: 2023-02631 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the copyvar function of the BusyBox suite of UNIX command line utilities is related to incorrect processing of a template created...

8.8CVSS8.1AI score0.03505EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/02/20 10:32 a.m.•42 views

Advisory ROSA-SA-2024-2358

Software: libwebp 1.2.3 OS: ROSA-CHROME packageevrstring: libwebp-1.2.3-1.src.rpm CVE-ID: CVE-2023-1999 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a use after free/double free in libwebp. An attacker could use ApplyFiltersAndEncode to free best.bw and assign the pointer best = Trial. The...

7.5CVSS7.3AI score0.00952EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/11/21 12:51 p.m.•42 views

Advisory ROSA-SA-2023-2298

Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-6.0.1.rv3.src.rpm CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: An implementation vulnerability in the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...

7.5CVSS7.1AI score0.01492EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:11 a.m.•42 views

Advisory ROSA-SA-2023-2270

software: thrift 0.10.0 WASP: ROSA-CHROME packageevrstring: thrift-0.10.0-18.src.rpm CVE-ID: CVE-2018-1320 BDU-ID: 2019-04255 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.thrift.transport.TSaslTransport class of the Apache Thrift interface description language is related to...

7.5CVSS6.7AI score0.08188EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/17 12:58 p.m.•42 views

Advisory ROSA-SA-2023-2248

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...

5.5CVSS8.2AI score0.01007EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/08/29 12:2 p.m.•42 views

Advisory ROSA-SA-2023-2223

Software: nss 3.53.1 OS: ROSA Virtualization 2.1 packageevrstring: nss-3.53.1-17.rv3.1c.src.rpm CVE-ID: CVE-2020-12403 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A bug was discovered in the way CHACHA20-POLY1305 is implemented in NSS in versions prior to 3.55. When using a Chacha20 consisting of...

9.8CVSS7.6AI score0.17563EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/03/07 12:33 p.m.•42 views

Advisory ROSA-SA-2023-2130

Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-23 CVE-ID: CVE-2022-23521 BDU-ID: 2023-00499 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to integer...

9.8CVSS9.9AI score0.56334EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:20 p.m.•42 views

Advisory ROSA-SA-2021-1997

Software: wirehark 1.10.14 OS: Cobalt 7.9 CVE-ID: CVE-2015-3814 CVE-Crit: HIGH CVE-DESC: The functions 1 exctfsrequest and 2 exctfsresponse in epan / dissectors / packet-ieee80211.c in IEEE 802.11 dissector in Wireshark 1.10.x through 1.10.14 and 1.12.x through 1.12.5 interpret the null. value as...

9.8CVSS7.3AI score0.03116EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/11/10 6:22 a.m.•41 views

Advisory ROSA-SA-2025-3074

Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 unaffected versions = openssh-8.0p1-26.0.1.1.rv3 affected versions openssh-8.0p1-26.0.1.1.rv3 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool exis...

7.8CVSS7.1AI score0.93305EPSS
Exploits25
Rosalinux
Rosalinux
•added 2025/04/30 7:46 a.m.•41 views

Advisory ROSA-SA-2025-2855

Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.3 CVE-ID: CVE-2024-38477 BDU-ID: 2024-05195 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to an incorrect null pointer entry...

7.5CVSS8.5AI score0.03153EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/29 8:35 a.m.•41 views

Advisory ROSA-SA-2024-2513

Software: python-setuptools 0.9.8 OS: rosa-server79 packageevrstring: python-setuptools-0.9.8-7.0.1.res7 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is related to functions...

8.8CVSS8.3AI score0.01939EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 8:43 p.m.•41 views

Advisory ROSA-SA-2024-2482

Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-29.res7 CVE-ID: CVE-2024-31080 BDU-ID: 2024-03132 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ProcXIGetSelectedEvents function of X Window System Xorg-server is related to an operation exceeding buffe...

7.8CVSS7.8AI score0.01843EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/23 11:19 a.m.•41 views

Advisory ROSA-SA-2024-2403

Software: vdsm 4.40.35.1 OS: ROSA Virtualization 2.1 packageevrstring: vdsm-4.40.35.1.rv3 CVE-ID: CVE-2022-0207 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A race condition has been detected in vdsm. Functionality to hide sensitive values in log files, which may cause values to be stored as plaintex...

4.7CVSS6.7AI score0.00186EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/17 1:39 p.m.•41 views

Advisory ROSA-SA-2024-2401

Software: swtpm 0.7.0 OS: ROSA Virtualization 2.1 packageevrstring: swtpm-0.7.0-4.20211109gitb79fd91.module+el8.7.0+16689+53d59bc2.src.rpm CVE-ID: CVE-2022-23645 BDU-ID: 2022-06088 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the swtpm emulator TPM is related to reading beyond buffer boundaries...

6.2CVSS7.3AI score0.00404EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/23 12:18 p.m.•41 views

Advisory ROSA-SA-2024-2325

Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-28.res7 CVE-ID: CVE-2023-5367 BDU-ID: 2023-07145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X Window System Xorg-server XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty randr/rrrproperty.c functions...

7.8CVSS7.2AI score0.00715EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/09 10:3 a.m.•41 views

Advisory ROSA-SA-2024-2323

Software: libmaxminddb 1.2.0 OS: ROSA Virtualization 2.1 packageevrstring: libmaxminddb-1.2.0.0-10.0.1.rv3.src.rpm CVE-ID: CVE-2020-28241 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: libmaxminddb has a process to overwrite data stored in a buffer located in dynamic memory in a function in the heap in...

6.5CVSS8.9AI score0.02133EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/21 4:53 p.m.•41 views

Advisory ROSA-SA-2023-2259

software: libxpm 3.5.14 OS: ROSA-CHROME packageevrstring: libxpm-3.5.14-2.src.rpm CVE-ID: CVE-2022-44617 BDU-ID: 2023-00389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ParsePixels function of the X Pixmap image file library XPM libXpm is related to insufficient input validation. Exploitation...

8.8CVSS9.1AI score0.01273EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/09/05 9:37 a.m.•41 views

Advisory ROSA-SA-2023-2228

Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.16.res7 CVE-ID: CVE-2022-21216 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Insufficient granularity in external management access control in some IntelR Atom and Intel Xeon scalable processors may allow a privileged...

7.5CVSS6.6AI score0.00539EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/08 8:22 a.m.•41 views

Advisory ROSA-SA-2023-2182

software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-3269 BDU-ID: 2023-03584 CVE-Crit: HIGH CVE-DESC: A vulnerability in the memory management subsystem of the Linux operating system kernel is related to memory usage after memory has...

7.8CVSS6.8AI score0.01484EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/06/27 9:16 a.m.•41 views

Advisory ROSA-SA-2023-2176

Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-25.res7 CVE-ID: CVE-2023-25652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Up to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1 by submitting specially crafted input for git app...

7.8CVSS7.5AI score0.52164EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/04/11 2:23 p.m.•41 views

Advisory ROSA-SA-2023-2152

Software: openssl 1.0.2k OS: rosa-server79 packageevrstring: 1.0.2k-20 CVE-ID: CVE-2023-0286 BDU-ID: 2023-00665 CVE-Crit: HIGH CVE-DESC: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to a flaw in the data type conversion mechanism for x400 address processing...

7.4CVSS7.7AI score0.59501EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•41 views

Advisory ROSA-SA-2021-1961

Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor also known as libraptor before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user, ...

6.5CVSS6.4AI score0.13682EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 5:27 p.m.•41 views

Advisory ROSA-SA-2021-1913

Software: mailman 2.1.15 OS: Cobalt 7.9 CVE-ID: CVE-2016-6893 CVE-Crit: HIGH CVE-DESC: A cross-site request forgery CSRF vulnerability in the user parameter page in GNU Mailman 2.1.x through 2.1.23 allows remote attackers to intercept arbitrary user authentication for requests that modify a...

8.8CVSS6.6AI score0.04569EPSS
Exploits4
Total number of security vulnerabilities1374