Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2021/07/02 4:31 p.m.•44 views

Advisory ROSA-SA-2021-1803

Software: bind 9.11.4 OS: Cobalt 7.9 CVE-ID: CVE-2018-5744 CVE-Crit: HIGH CVE-DESC: Memory release failure may occur when processing messages with a specific combination of EDNS parameters. Affected versions are BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1 and versions 9.10.7-S...

9.8CVSS8.4AI score0.82367EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/28 7:35 p.m.•43 views

Advisory ROSA-SA-2025-2662

software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...

6.5CVSS7.3AI score0.93305EPSS
Exploits12
Rosalinux
Rosalinux
•added 2024/10/03 9:14 p.m.•43 views

Advisory ROSA-SA-2024-2491

Software: dhcp 4.2.5 OS: rosa-server79 packageevrstring: dhcp-4.2.5-83.res7.2 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 8:39 p.m.•43 views

Advisory ROSA-SA-2024-2481

Software: java-11-openjdk 11.0.23.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.23.0.9-2.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK,...

7.4CVSS5.3AI score0.01361EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/07/31 9:7 a.m.•43 views

Advisory ROSA-SA-2024-2458

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29 CVE-ID: CVE-2022-43995 BDU-ID: 2022-06664 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the implementation of the crypt function of the Sudo system administration program is related to the ability to read outside of...

7.1CVSS6.7AI score0.00271EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/17 1:31 p.m.•43 views

Advisory ROSA-SA-2024-2399

software: htmldoc 1.9.16 OS: ROSA-CHROME packageevrstring: htmldoc-1.9.16-1.src.rpm CVE-ID: CVE-2021-23165 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An error was detected in htmldoc. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may cause arbitrary code execution and denial of...

10CVSS8.7AI score0.03291EPSS
Exploits5
Rosalinux
Rosalinux
•added 2024/01/09 9:59 a.m.•43 views

Advisory ROSA-SA-2024-2322

Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 2.1 packageevrstring: libjpeg-turbo-1.5.3-12.rv3.src.rpm CVE-ID: CVE-2020-17541 BDU-ID: 2023-07622 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libjpeg-turbo image manipulation library is related to writing beyond buffer boundaries...

8.8CVSS8.7AI score0.02728EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/08/22 1:21 p.m.•43 views

Advisory ROSA-SA-2023-2221

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-32206 BDU-ID: 2022-06918 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CURL server communication software tool is related to the allocation of unlimited memory. Exploitation of...

6.5CVSS6.9AI score0.3197EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/08/15 9:26 a.m.•43 views

Advisory ROSA-SA-2023-2215

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2022-0392 BDU-ID: 2022-00992 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getexmodeline exgetln.c function of the vim text editor is related to writing beyond buffer boundaries in...

8.4CVSS8.7AI score0.02303EPSS
Exploits9
Rosalinux
Rosalinux
•added 2023/07/18 11:25 a.m.•43 views

Advisory ROSA-SA-2023-2193

Software: libksba 1.3.5 OS: ROSA Virtualization 2.1 packageevrstring: libksba-1.3.5-9.rv3.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the...

9.8CVSS7.9AI score0.01635EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/04/11 2:18 p.m.•43 views

Advisory ROSA-SA-2023-2151

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-39399 BDU-ID: None CVE-Crit: LOW CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM...

5.3CVSS5.4AI score0.02376EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/02/21 9:24 a.m.•43 views

Advisory ROSA-SA-2023-2120

Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...

7.5CVSS7.6AI score0.85323EPSS
Exploits3
Rosalinux
Rosalinux
•added 2021/07/02 5:40 p.m.•43 views

Advisory ROSA-SA-2021-1947

Software: pcre 8.32 OS: Cobalt 7.9 CVE-ID: CVE-2015-2327 CVE-Crit: MEDIUM CVE-DESC: PCRE before version 8.36 incorrectly handles the pattern / a \ 2 | a \ g / / and related patterns with certain internal recursive backlinks, allowing remote attackers to cause a denial of service segmentation erro...

9.8CVSS9.1AI score0.06077EPSS
Exploits5
Rosalinux
Rosalinux
•added 2021/07/02 5:4 p.m.•43 views

Advisory ROSA-SA-2021-1851

Software: haproxy 1.5.18 OS: Cobalt 7.9 CVE-ID: CVE-2018-10184 CVE-Crit: HIGH CVE-DESC: An issue was found in HAProxy before 1.8.8. The length of the incoming H2 frame was checked by maxframesize instead of checking by bufsize. Maxframesize applies only to outgoing traffic, not incoming traffic, ...

9.8CVSS8.1AI score0.7024EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 4:33 p.m.•43 views

Advisory ROSA-SA-2021-1808

Software: binutils 2.27 OS: Cobalt 7.9 CVE-ID: CVE-2017-12448 CVE-Crit: HIGH CVE-DESC: The bfdcacheclose function in bfd / cache.c in the Binary File Descriptor BFD library also known as libbfd distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke heap usage upon release...

7.8CVSS8.3AI score0.01989EPSS
Exploits3
Rosalinux
Rosalinux
•added 2025/04/11 9:49 p.m.•42 views

Advisory ROSA-SA-2025-2792

Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 3.0 packageevrstring: bind-dyndb-ldap-11.6-5.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the...

7.5CVSS7.8AI score0.99995EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/28 7:26 p.m.•42 views

Advisory ROSA-SA-2025-2653

software: libbacktrace 1.0 WASP: ROSA-CHROME packageevrstring: libbacktrace-1.0-1.gitcdb64b.3 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error...

9.8CVSS9.5AI score0.01356EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/06/17 8:57 a.m.•42 views

Advisory ROSA-SA-2024-2432

Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 packageevrstring: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users with access to the man user account to gain root privileges, because /usr/bin/mandb is executed by the root user,...

7.8CVSS7.8AI score0.00383EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/02/20 10:32 a.m.•42 views

Advisory ROSA-SA-2024-2358

Software: libwebp 1.2.3 OS: ROSA-CHROME packageevrstring: libwebp-1.2.3-1.src.rpm CVE-ID: CVE-2023-1999 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a use after free/double free in libwebp. An attacker could use ApplyFiltersAndEncode to free best.bw and assign the pointer best = Trial. The...

7.5CVSS7.3AI score0.00952EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/09 9:53 a.m.•42 views

Advisory ROSA-SA-2024-2321

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...

6.5CVSS6.8AI score0.01086EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/11/21 12:51 p.m.•42 views

Advisory ROSA-SA-2023-2298

Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-6.0.1.rv3.src.rpm CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: An implementation vulnerability in the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...

7.5CVSS7.1AI score0.01492EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:11 a.m.•42 views

Advisory ROSA-SA-2023-2270

software: thrift 0.10.0 WASP: ROSA-CHROME packageevrstring: thrift-0.10.0-18.src.rpm CVE-ID: CVE-2018-1320 BDU-ID: 2019-04255 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.thrift.transport.TSaslTransport class of the Apache Thrift interface description language is related to...

7.5CVSS6.7AI score0.08188EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/17 12:58 p.m.•42 views

Advisory ROSA-SA-2023-2248

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...

5.5CVSS8.2AI score0.01007EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/10 9:26 a.m.•42 views

Advisory ROSA-SA-2023-2241

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-3397 BDU-ID: 2023-03779 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the JFS file system of the Linux operating system kernel is related to the reuse of previously freed memory due to...

7.8CVSS6.9AI score0.0205EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/08/29 12:2 p.m.•42 views

Advisory ROSA-SA-2023-2223

Software: nss 3.53.1 OS: ROSA Virtualization 2.1 packageevrstring: nss-3.53.1-17.rv3.1c.src.rpm CVE-ID: CVE-2020-12403 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A bug was discovered in the way CHACHA20-POLY1305 is implemented in NSS in versions prior to 3.55. When using a Chacha20 consisting of...

9.8CVSS7.6AI score0.17563EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/06/20 9:12 a.m.•42 views

Advisory ROSA-SA-2023-2166

Software: thunderbird 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-2.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit...

8.1CVSS7.5AI score0.01673EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:20 p.m.•42 views

Advisory ROSA-SA-2021-1997

Software: wirehark 1.10.14 OS: Cobalt 7.9 CVE-ID: CVE-2015-3814 CVE-Crit: HIGH CVE-DESC: The functions 1 exctfsrequest and 2 exctfsresponse in epan / dissectors / packet-ieee80211.c in IEEE 802.11 dissector in Wireshark 1.10.x through 1.10.14 and 1.12.x through 1.12.5 interpret the null. value as...

9.8CVSS7.3AI score0.03116EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:0 p.m.•42 views

Advisory ROSA-SA-2021-1956

Software: procps-ng 3.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2018-1126. CVE-Crit: CRITICAL. CVE-DESC: procps-ng before version 3.3.15 is vulnerable due to incorrect integer size in proc / alloc. , Which leads to truncation / integer overflow problems. This flaw is related to CVE-2018-1124. CVE-STATUS:...

9.8CVSS8.8AI score0.09081EPSS
Exploits8
Rosalinux
Rosalinux
•added 2025/11/10 6:22 a.m.•41 views

Advisory ROSA-SA-2025-3074

Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 unaffected versions = openssh-8.0p1-26.0.1.1.rv3 affected versions openssh-8.0p1-26.0.1.1.rv3 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool exis...

7.8CVSS7.1AI score0.93305EPSS
Exploits25
Rosalinux
Rosalinux
•added 2025/05/26 6:35 a.m.•41 views

Advisory ROSA-SA-2025-2872

Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.20.res7 CVE-ID: CVE-2022-40982 BDU-ID: 2023-04663 CVE-Crit: MEDIUM CVE-DESC.: A firmware vulnerability in Intel processors involves information leakage from vector registers. Exploitation of the vulnerability could...

8.8CVSS9.2AI score0.03882EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/10/03 8:43 p.m.•41 views

Advisory ROSA-SA-2024-2482

Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-29.res7 CVE-ID: CVE-2024-31080 BDU-ID: 2024-03132 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ProcXIGetSelectedEvents function of X Window System Xorg-server is related to an operation exceeding buffe...

7.8CVSS7.8AI score0.01843EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/05/28 8:29 a.m.•41 views

Advisory ROSA-SA-2024-2426

software: busybox 1.36.1 OS: ROSA-CHROME packageevrstring: busybox-1.36.1-3 CVE-ID: CVE-2022-30065 BDU-ID: 2023-02631 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the copyvar function of the BusyBox suite of UNIX command line utilities is related to incorrect processing of a template created...

8.8CVSS8.1AI score0.03505EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/04/23 11:19 a.m.•41 views

Advisory ROSA-SA-2024-2403

Software: vdsm 4.40.35.1 OS: ROSA Virtualization 2.1 packageevrstring: vdsm-4.40.35.1.rv3 CVE-ID: CVE-2022-0207 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A race condition has been detected in vdsm. Functionality to hide sensitive values in log files, which may cause values to be stored as plaintex...

4.7CVSS6.7AI score0.00186EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/17 1:39 p.m.•41 views

Advisory ROSA-SA-2024-2401

Software: swtpm 0.7.0 OS: ROSA Virtualization 2.1 packageevrstring: swtpm-0.7.0-4.20211109gitb79fd91.module+el8.7.0+16689+53d59bc2.src.rpm CVE-ID: CVE-2022-23645 BDU-ID: 2022-06088 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the swtpm emulator TPM is related to reading beyond buffer boundaries...

6.2CVSS7.3AI score0.00404EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/23 12:18 p.m.•41 views

Advisory ROSA-SA-2024-2325

Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-28.res7 CVE-ID: CVE-2023-5367 BDU-ID: 2023-07145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X Window System Xorg-server XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty randr/rrrproperty.c functions...

7.8CVSS7.2AI score0.00715EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/01/09 10:3 a.m.•41 views

Advisory ROSA-SA-2024-2323

Software: libmaxminddb 1.2.0 OS: ROSA Virtualization 2.1 packageevrstring: libmaxminddb-1.2.0.0-10.0.1.rv3.src.rpm CVE-ID: CVE-2020-28241 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: libmaxminddb has a process to overwrite data stored in a buffer located in dynamic memory in a function in the heap in...

6.5CVSS8.9AI score0.02133EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/09/05 9:37 a.m.•41 views

Advisory ROSA-SA-2023-2228

Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.16.res7 CVE-ID: CVE-2022-21216 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Insufficient granularity in external management access control in some IntelR Atom and Intel Xeon scalable processors may allow a privileged...

7.5CVSS6.6AI score0.00539EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/08 8:12 a.m.•41 views

Advisory ROSA-SA-2023-2211

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3.src.rpm CVE-ID: CVE-2021-23840 BDU-ID: 2021-03742 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions of the OpenSSL TLS and SSL protocols...

10CVSS8.7AI score0.96275EPSS
Exploits8
Rosalinux
Rosalinux
•added 2023/07/08 8:22 a.m.•41 views

Advisory ROSA-SA-2023-2182

software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-3269 BDU-ID: 2023-03584 CVE-Crit: HIGH CVE-DESC: A vulnerability in the memory management subsystem of the Linux operating system kernel is related to memory usage after memory has...

7.8CVSS6.8AI score0.01484EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/06/27 9:16 a.m.•41 views

Advisory ROSA-SA-2023-2176

Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-25.res7 CVE-ID: CVE-2023-25652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Up to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1 by submitting specially crafted input for git app...

7.8CVSS7.5AI score0.52164EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/04/11 2:23 p.m.•41 views

Advisory ROSA-SA-2023-2152

Software: openssl 1.0.2k OS: rosa-server79 packageevrstring: 1.0.2k-20 CVE-ID: CVE-2023-0286 BDU-ID: 2023-00665 CVE-Crit: HIGH CVE-DESC: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to a flaw in the data type conversion mechanism for x400 address processing...

7.4CVSS7.7AI score0.59501EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:27 p.m.•41 views

Advisory ROSA-SA-2021-1915

Software: mate-desktop 1.16.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...

6.1CVSS6.4AI score0.00576EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:22 p.m.•41 views

Advisory ROSA-SA-2021-1900

Software: libvncserver 0.9.9 OS: Cobalt 7.9 CVE-ID: CVE-2016-9941 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before version 0.9.11 allows remote servers to cause a denial of service application failure or possibly execute arbitrary code v...

9.8CVSS9.3AI score0.26543EPSS
Exploits4
Rosalinux
Rosalinux
•added 2021/07/02 4:44 p.m.•41 views

Advisory ROSA-SA-2021-1837

Software: fuse 2.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-3202 CVE-Crit: HIGH CVE-DESC: fusermount in FUSE before 2.9.3-15 incorrectly clears the environment before calling 1 mount or 2 umount as root user, which allows local users to write arbitrary files via a created environment variable...

7.4CVSS6.8AI score0.01165EPSS
Exploits5
Rosalinux
Rosalinux
•added 2021/07/02 4:40 p.m.•41 views

Advisory ROSA-SA-2021-1833

Software: file 5.11 OS: Cobalt 7.9 CVE-ID: CVE-2014-9620 CVE-Crit: HIGH CVE-DESC: ELF parser in files 5.08 through 5.21 allows remote attackers to cause a denial of service with a large number of notes. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2018-1183 CVE-Crit: CRITICAL CVE-DESC: In Del...

9.8CVSS8.7AI score0.04683EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:32 p.m.•41 views

Advisory ROSA-SA-2021-1807

Software: avahi 0.6.31 OS: Cobalt 7.9 CVE-ID: CVE-2021-26720 CVE-Crit: HIGH CVE-DESC: avahi-daemon-check-dns.sh in the Debian avahi package prior to version 0.8-4 is executed as root user via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create...

7.8CVSS6.9AI score0.00395EPSS
Exploits0
Rosalinux
Rosalinux
•added 2026/05/20 7:5 a.m.•40 views

Advisory ROSA-SA-2026-3289

software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...

7.8CVSS5.8AI score0.03663EPSS
Exploits17
Rosalinux
Rosalinux
•added 2025/04/30 7:46 a.m.•40 views

Advisory ROSA-SA-2025-2855

Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.3 CVE-ID: CVE-2024-38477 BDU-ID: 2024-05195 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to an incorrect null pointer entry...

7.5CVSS8.5AI score0.03153EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 8:55 p.m.•40 views

Advisory ROSA-SA-2024-2485

Software: postgresql14 14.12 OS: rosa-server79 packageevrstring: postgresql14-14.12-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...

8.8CVSS7.8AI score0.04322EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/27 9:6 a.m.•40 views

Advisory ROSA-SA-2024-2360

software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...

9.8CVSS7.5AI score0.01105EPSS
Exploits0
Total number of security vulnerabilities1374