1374 matches found
Advisory ROSA-SA-2021-1803
Software: bind 9.11.4 OS: Cobalt 7.9 CVE-ID: CVE-2018-5744 CVE-Crit: HIGH CVE-DESC: Memory release failure may occur when processing messages with a specific combination of EDNS parameters. Affected versions are BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1 and versions 9.10.7-S...
Advisory ROSA-SA-2025-2662
software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...
Advisory ROSA-SA-2024-2491
Software: dhcp 4.2.5 OS: rosa-server79 packageevrstring: dhcp-4.2.5-83.res7.2 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and...
Advisory ROSA-SA-2024-2481
Software: java-11-openjdk 11.0.23.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.23.0.9-2.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK,...
Advisory ROSA-SA-2024-2458
Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29 CVE-ID: CVE-2022-43995 BDU-ID: 2022-06664 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the implementation of the crypt function of the Sudo system administration program is related to the ability to read outside of...
Advisory ROSA-SA-2024-2399
software: htmldoc 1.9.16 OS: ROSA-CHROME packageevrstring: htmldoc-1.9.16-1.src.rpm CVE-ID: CVE-2021-23165 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An error was detected in htmldoc. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may cause arbitrary code execution and denial of...
Advisory ROSA-SA-2024-2322
Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 2.1 packageevrstring: libjpeg-turbo-1.5.3-12.rv3.src.rpm CVE-ID: CVE-2020-17541 BDU-ID: 2023-07622 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libjpeg-turbo image manipulation library is related to writing beyond buffer boundaries...
Advisory ROSA-SA-2023-2221
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-32206 BDU-ID: 2022-06918 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CURL server communication software tool is related to the allocation of unlimited memory. Exploitation of...
Advisory ROSA-SA-2023-2215
Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2022-0392 BDU-ID: 2022-00992 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getexmodeline exgetln.c function of the vim text editor is related to writing beyond buffer boundaries in...
Advisory ROSA-SA-2023-2193
Software: libksba 1.3.5 OS: ROSA Virtualization 2.1 packageevrstring: libksba-1.3.5-9.rv3.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the...
Advisory ROSA-SA-2023-2151
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-39399 BDU-ID: None CVE-Crit: LOW CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM...
Advisory ROSA-SA-2023-2120
Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...
Advisory ROSA-SA-2021-1947
Software: pcre 8.32 OS: Cobalt 7.9 CVE-ID: CVE-2015-2327 CVE-Crit: MEDIUM CVE-DESC: PCRE before version 8.36 incorrectly handles the pattern / a \ 2 | a \ g / / and related patterns with certain internal recursive backlinks, allowing remote attackers to cause a denial of service segmentation erro...
Advisory ROSA-SA-2021-1851
Software: haproxy 1.5.18 OS: Cobalt 7.9 CVE-ID: CVE-2018-10184 CVE-Crit: HIGH CVE-DESC: An issue was found in HAProxy before 1.8.8. The length of the incoming H2 frame was checked by maxframesize instead of checking by bufsize. Maxframesize applies only to outgoing traffic, not incoming traffic, ...
Advisory ROSA-SA-2021-1808
Software: binutils 2.27 OS: Cobalt 7.9 CVE-ID: CVE-2017-12448 CVE-Crit: HIGH CVE-DESC: The bfdcacheclose function in bfd / cache.c in the Binary File Descriptor BFD library also known as libbfd distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke heap usage upon release...
Advisory ROSA-SA-2025-2792
Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 3.0 packageevrstring: bind-dyndb-ldap-11.6-5.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the...
Advisory ROSA-SA-2025-2653
software: libbacktrace 1.0 WASP: ROSA-CHROME packageevrstring: libbacktrace-1.0-1.gitcdb64b.3 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error...
Advisory ROSA-SA-2024-2432
Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 packageevrstring: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users with access to the man user account to gain root privileges, because /usr/bin/mandb is executed by the root user,...
Advisory ROSA-SA-2024-2358
Software: libwebp 1.2.3 OS: ROSA-CHROME packageevrstring: libwebp-1.2.3-1.src.rpm CVE-ID: CVE-2023-1999 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a use after free/double free in libwebp. An attacker could use ApplyFiltersAndEncode to free best.bw and assign the pointer best = Trial. The...
Advisory ROSA-SA-2024-2321
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...
Advisory ROSA-SA-2023-2298
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-6.0.1.rv3.src.rpm CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: An implementation vulnerability in the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...
Advisory ROSA-SA-2023-2270
software: thrift 0.10.0 WASP: ROSA-CHROME packageevrstring: thrift-0.10.0-18.src.rpm CVE-ID: CVE-2018-1320 BDU-ID: 2019-04255 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.thrift.transport.TSaslTransport class of the Apache Thrift interface description language is related to...
Advisory ROSA-SA-2023-2248
software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...
Advisory ROSA-SA-2023-2241
Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-3397 BDU-ID: 2023-03779 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the JFS file system of the Linux operating system kernel is related to the reuse of previously freed memory due to...
Advisory ROSA-SA-2023-2223
Software: nss 3.53.1 OS: ROSA Virtualization 2.1 packageevrstring: nss-3.53.1-17.rv3.1c.src.rpm CVE-ID: CVE-2020-12403 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A bug was discovered in the way CHACHA20-POLY1305 is implemented in NSS in versions prior to 3.55. When using a Chacha20 consisting of...
Advisory ROSA-SA-2023-2166
Software: thunderbird 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-2.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit...
Advisory ROSA-SA-2021-1997
Software: wirehark 1.10.14 OS: Cobalt 7.9 CVE-ID: CVE-2015-3814 CVE-Crit: HIGH CVE-DESC: The functions 1 exctfsrequest and 2 exctfsresponse in epan / dissectors / packet-ieee80211.c in IEEE 802.11 dissector in Wireshark 1.10.x through 1.10.14 and 1.12.x through 1.12.5 interpret the null. value as...
Advisory ROSA-SA-2021-1956
Software: procps-ng 3.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2018-1126. CVE-Crit: CRITICAL. CVE-DESC: procps-ng before version 3.3.15 is vulnerable due to incorrect integer size in proc / alloc. , Which leads to truncation / integer overflow problems. This flaw is related to CVE-2018-1124. CVE-STATUS:...
Advisory ROSA-SA-2025-3074
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 unaffected versions = openssh-8.0p1-26.0.1.1.rv3 affected versions openssh-8.0p1-26.0.1.1.rv3 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool exis...
Advisory ROSA-SA-2025-2872
Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.20.res7 CVE-ID: CVE-2022-40982 BDU-ID: 2023-04663 CVE-Crit: MEDIUM CVE-DESC.: A firmware vulnerability in Intel processors involves information leakage from vector registers. Exploitation of the vulnerability could...
Advisory ROSA-SA-2024-2482
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-29.res7 CVE-ID: CVE-2024-31080 BDU-ID: 2024-03132 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ProcXIGetSelectedEvents function of X Window System Xorg-server is related to an operation exceeding buffe...
Advisory ROSA-SA-2024-2426
software: busybox 1.36.1 OS: ROSA-CHROME packageevrstring: busybox-1.36.1-3 CVE-ID: CVE-2022-30065 BDU-ID: 2023-02631 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the copyvar function of the BusyBox suite of UNIX command line utilities is related to incorrect processing of a template created...
Advisory ROSA-SA-2024-2403
Software: vdsm 4.40.35.1 OS: ROSA Virtualization 2.1 packageevrstring: vdsm-4.40.35.1.rv3 CVE-ID: CVE-2022-0207 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A race condition has been detected in vdsm. Functionality to hide sensitive values in log files, which may cause values to be stored as plaintex...
Advisory ROSA-SA-2024-2401
Software: swtpm 0.7.0 OS: ROSA Virtualization 2.1 packageevrstring: swtpm-0.7.0-4.20211109gitb79fd91.module+el8.7.0+16689+53d59bc2.src.rpm CVE-ID: CVE-2022-23645 BDU-ID: 2022-06088 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the swtpm emulator TPM is related to reading beyond buffer boundaries...
Advisory ROSA-SA-2024-2325
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-28.res7 CVE-ID: CVE-2023-5367 BDU-ID: 2023-07145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X Window System Xorg-server XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty randr/rrrproperty.c functions...
Advisory ROSA-SA-2024-2323
Software: libmaxminddb 1.2.0 OS: ROSA Virtualization 2.1 packageevrstring: libmaxminddb-1.2.0.0-10.0.1.rv3.src.rpm CVE-ID: CVE-2020-28241 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: libmaxminddb has a process to overwrite data stored in a buffer located in dynamic memory in a function in the heap in...
Advisory ROSA-SA-2023-2228
Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.16.res7 CVE-ID: CVE-2022-21216 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Insufficient granularity in external management access control in some IntelR Atom and Intel Xeon scalable processors may allow a privileged...
Advisory ROSA-SA-2023-2211
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3.src.rpm CVE-ID: CVE-2021-23840 BDU-ID: 2021-03742 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions of the OpenSSL TLS and SSL protocols...
Advisory ROSA-SA-2023-2182
software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-3269 BDU-ID: 2023-03584 CVE-Crit: HIGH CVE-DESC: A vulnerability in the memory management subsystem of the Linux operating system kernel is related to memory usage after memory has...
Advisory ROSA-SA-2023-2176
Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-25.res7 CVE-ID: CVE-2023-25652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Up to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1 by submitting specially crafted input for git app...
Advisory ROSA-SA-2023-2152
Software: openssl 1.0.2k OS: rosa-server79 packageevrstring: 1.0.2k-20 CVE-ID: CVE-2023-0286 BDU-ID: 2023-00665 CVE-Crit: HIGH CVE-DESC: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to a flaw in the data type conversion mechanism for x400 address processing...
Advisory ROSA-SA-2021-1915
Software: mate-desktop 1.16.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...
Advisory ROSA-SA-2021-1900
Software: libvncserver 0.9.9 OS: Cobalt 7.9 CVE-ID: CVE-2016-9941 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before version 0.9.11 allows remote servers to cause a denial of service application failure or possibly execute arbitrary code v...
Advisory ROSA-SA-2021-1837
Software: fuse 2.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-3202 CVE-Crit: HIGH CVE-DESC: fusermount in FUSE before 2.9.3-15 incorrectly clears the environment before calling 1 mount or 2 umount as root user, which allows local users to write arbitrary files via a created environment variable...
Advisory ROSA-SA-2021-1833
Software: file 5.11 OS: Cobalt 7.9 CVE-ID: CVE-2014-9620 CVE-Crit: HIGH CVE-DESC: ELF parser in files 5.08 through 5.21 allows remote attackers to cause a denial of service with a large number of notes. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2018-1183 CVE-Crit: CRITICAL CVE-DESC: In Del...
Advisory ROSA-SA-2021-1807
Software: avahi 0.6.31 OS: Cobalt 7.9 CVE-ID: CVE-2021-26720 CVE-Crit: HIGH CVE-DESC: avahi-daemon-check-dns.sh in the Debian avahi package prior to version 0.8-4 is executed as root user via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create...
Advisory ROSA-SA-2026-3289
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...
Advisory ROSA-SA-2025-2855
Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.3 CVE-ID: CVE-2024-38477 BDU-ID: 2024-05195 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to an incorrect null pointer entry...
Advisory ROSA-SA-2024-2485
Software: postgresql14 14.12 OS: rosa-server79 packageevrstring: postgresql14-14.12-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2360
software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...