1374 matches found
Advisory ROSA-SA-2021-1833
Software: file 5.11 OS: Cobalt 7.9 CVE-ID: CVE-2014-9620 CVE-Crit: HIGH CVE-DESC: ELF parser in files 5.08 through 5.21 allows remote attackers to cause a denial of service with a large number of notes. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2018-1183 CVE-Crit: CRITICAL CVE-DESC: In Del...
Advisory ROSA-SA-2021-1826
Software: ed 1.9 OS: Cobalt 7.9 CVE-ID: CVE-2015-2987 CVE-Crit: MEDIUM CVE-DESC: Type74 ED before 4.0 incorrectly uses 128-bit ECB encryption for small files, making it easier for attackers to obtain plaintext data by differential cryptanalysis of a file with an original length of less than 128...
Advisory ROSA-SA-2021-1824
Software: dovecot 2.2.36 OS: Cobalt 7.9 CVE-ID: CVE-2019-10691 CVE-Crit: HIGH CVE-DESC: The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly cause the authentication service to fail by attempting to authenticate with an invalid UTF-8 sequence as the username. CVE-STATUS:...
Advisory ROSA-SA-2021-1807
Software: avahi 0.6.31 OS: Cobalt 7.9 CVE-ID: CVE-2021-26720 CVE-Crit: HIGH CVE-DESC: avahi-daemon-check-dns.sh in the Debian avahi package prior to version 0.8-4 is executed as root user via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create...
Advisory ROSA-SA-2026-3289
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...
Advisory ROSA-SA-2025-3042
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...
Advisory ROSA-SA-2024-2485
Software: postgresql14 14.12 OS: rosa-server79 packageevrstring: postgresql14-14.12-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2360
software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...
Advisory ROSA-SA-2023-2308
Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.0.1.rv3.src.rpm CVE-ID: CVE-2018-1000879 BDU-ID: 2020-01816 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the archiveaclfromtextlins function of the libarchive library is related to NULL pointer...
Advisory ROSA-SA-2023-2271
software: pdfbox 2.0.24 WASP: ROSA-CHROME packageevrstring: pdfbox-2.0.24-1.src.rpm CVE-ID: CVE-2021-27807 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A carefully crafted PDF file may cause an infinite loop when loading the file. This issue affects Apache PDFBox version 2.0.22 and earlier versions of...
Advisory ROSA-SA-2023-2212
Software: freetype 2.9.1 OS: ROSA Virtualization 2.1 packageevrstring: freetype-2.9.1-9.rv3.src.rpm CVE-ID: CVE-2022-27404 BDU-ID: 2022-06908 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the sfntinitface function of the FreeType library is related to writing beyond buffer boundaries...
Advisory ROSA-SA-2023-2188
Software: pure-ftpd 1.0.51 OS: ROSA-CHROME packageevrstring: pure-ftpd-1.0.51-1.src.rpm CVE-ID: CVE-2020-9274 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An uninitialized pointer vulnerability has been discovered in the linked list of diraliases. When the lookupaliasconst char alias or printaliasesvoi...
Advisory ROSA-SA-2023-2169
software: log4net 1.2.15 OS: ROSA-CHROME packageevrstring: log4net-1.2.15-6.src.rpm CVE-ID: CVE-2018-1285 BDU-ID: 2021-01050 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the logging library to the .NET Framework log4net platform is related to XML external object XXE link restriction errors...
Advisory ROSA-SA-2023-2164
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-2.rv3.src.rpm CVE-ID: CVE-2019-25038 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: Unbound before version 1.9.5 allows integer overflow on size calculation in dnscrypt/dnscrypt.c. CVE-STATUS: Fixed CVE-REV: Run the...
Advisory ROSA-SA-2021-2002
Software: yum 3.4.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-1910 CVE-Crit: CRITICAL CVE-DESC: yum mishandles bad metadata, allowing an attacker to cause a denial of service and possibly other undefined impact via a Trojan horse file in the metadata of a remote repository. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1961
Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor also known as libraptor before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user, ...
Advisory ROSA-SA-2021-1906
Software: libxslt 1.1.28 OS: Cobalt 7.9 CVE-ID: CVE-2015-7995 CVE-Crit: MEDIUM CVE-DESC: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, allowing attackers to cause a denial of service via a generated XML file related to the "type...
Advisory ROSA-SA-2021-1885
Software: libproxy 0.4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-25219 CVE-Crit: HIGH CVE-DESC: url :: recvline in url.cpp in libproxy 0.4.x to 0.4.15 allows a remote HTTP server to run uncontrolled recursion through a response consisting of an infinite stream with no newline character. This results in...
Advisory ROSA-SA-2021-1857
Software: junit 4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-15250 CVE-Crit: MEDIUM CVE-DESC: In JUnit4, from version 4.7 through 4.13.1, the TemporaryFolder test rule contains a local information disclosure vulnerability. In Unix-like systems, a system's temporary directory is shared by all users on tha...
Advisory ROSA-SA-2021-1855
Software: iptables 1.4.21 OS: Cobalt 7.9 CVE-ID: CVE-2012-2663 CVE-Crit: CRITICAL CVE-DESC: extension / libxttcp.c in iptables before 1.4.21 does not match TCP SYN + FIN packets in --syn rules, which may allow remote attackers to bypass intended firewall restrictions using crafted packets. NOTE:...
Advisory ROSA-SA-2021-1853
Software: hivex 1.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2014-9273 CVE-Crit: HIGH CVE-DESC: lib / handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges using small bush files, which triggers reads or writes outside the allowed range. CVE-STATUS: default CVE-REV...
Advisory ROSA-SA-2021-1823
Software: dnsmasq 2.76 OS: Cobalt 7.9 CVE-ID: CVE-2017-13704 CVE-Crit: HIGH CVE-DESC: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in the memset call gets a negative value. Since this is an unsigned value, memset writes up to...
Advisory ROSA-SA-2025-2828
Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...
Advisory ROSA-SA-2025-2597
software: packagekit 1.1.13 OS: ROSA-CHROME packageevrstring: packagekit-1.1.13-4 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory. CVE-STATUS: The vulnerability has been resolved. CVE-REV: To close...
Advisory ROSA-SA-2024-2384
Software: kernel-ml 5.15.146 OS: rosa-server79 packageevrstring: kernel-ml-5.15.146-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/T...
Advisory ROSA-SA-2024-2356
Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-16.rv3 CVE-ID: CVE-2016-3709 BDU-ID: 2023-07602 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to protect the structure of a web page. Exploitation of...
Advisory ROSA-SA-2024-2343
software: libx11 1.8.1 OS: ROSA-CHROME packageevrstring: libx11-1.8.1-3.src.rpm CVE-ID: CVE-2023-3138 BDU-ID: 2023-03596 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/InitExt.c file of the libX11 client API provisioning library for the X Window System libX11 is related to an operation...
Advisory ROSA-SA-2023-2285
software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2266
software: sqlite 3.41.2 OS: ROSA-CHROME packageevrstring: sqlite-3.41.2-1.src.rpm CVE-ID: CVE-2022-46908 BDU-ID: 2023-05686 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the command line interface of the SQLite database management system is related to implementation errors in the...
Advisory ROSA-SA-2023-2172
Software: libtar 1.2.20 OS: ROSA Virtualization 2.1 packageevrstring: libtar-1.2.20-17.rv3 CVE-ID: CVE-2021-33644 BDU-ID: None CVE-Crit: HIGH CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc0 for the gnulongname variabl...
Advisory ROSA-SA-2023-2168
Software: firefox 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-1.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit. Exploitation ...
Advisory ROSA-SA-2023-2162
Software: wpasupplicant 2.10 OS: ROSA Virtualization 2.1 packageevrstring: wpasupplicant-2.10-1.rv3.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information...
Advisory ROSA-SA-2023-2092
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-common-1.20.4-16. CVE-ID: CVE-2022-4283 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to...
Advisory ROSA-SA-2021-1804
Software: accountservice 0.6.50 OS: Cobalt 7.9 CVE-ID: CVE-2020-16126 CVE-Crit: LOW CVE-DESC: Ubuntu-specific modification of AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, incorrectly removed ruid, allowing untrusted users to send signals to AccountsService,...
Advisory ROSA-SA-2025-2645
software: binutils 2.38 WASP: ROSA-CHROME packageevrstring: binutils-2.38-4 CVE-ID: CVE-2023-1972 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Buffer overflow vulnerability in bfdselfslurpversiontables in bfd/self.c could cause loss of availability. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2024-2434
Software: giflib 5.2.1 OS: ROSA-CHROME packageevrstring: giflib-5.2.1-4 CVE-ID: CVE-2023-39742 BDU-ID: 2023-05863 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getarg.c component of the GIFLIB library for handling GIF files is related to a segmentation error. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2024-2398
software: git 2.41.0 WASP: ROSA-CHROME packageevrstring: git-2.41.0-2.src.rpm CVE-ID: CVE-2022-23521 BDU-ID: 2023-00499 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to...
Advisory ROSA-SA-2024-2336
software: hiredis 0.13.3 AXIS: ROSA-CHROME packageevrstring: hiredis-0.13.3-2.src.rpm CVE-ID: CVE-2021-32765 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In vulnerable versions, Hiredis is vulnerable to integer overflow if provided with maliciously crafted or corrupted RESP mult-bulk protocol data. Whe...
Advisory ROSA-SA-2023-2302
software: qemu 7.2.0 OS: ROSA-CHROME packageevrstring: qemu-7.2.0-2.src.rpm CVE-ID: CVE-2023-0330 BDU-ID: 2023-04834 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the lsi53c895a.c component of the QEMU hardware emulator is related to writing beyond buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2023-2284
software: c-ares 1.18.1 OS: ROSA-CHROME packageevrstring: c-ares-1.18.1-2.src.rpm CVE-ID: CVE-2022-4904 BDU-ID: 2023-01258 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aressetsortlist function of the c-ares asynchronous DNS query library is related to a lack of input string validation, allowi...
Advisory ROSA-SA-2023-2220
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-22576 BDU-ID: 2022-03036 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OAUTH2 protocol implementation of the cURL command line utility is related to the reuse of a connection wi...
Advisory ROSA-SA-2023-2201
Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-3.res7.6 CVE-ID: CVE-2023-20867 BDU-ID: 2023-03162 CVE-Crit: LOW CVE-DESC.: A vulnerability in the vgauth module of the VMware Tools component of the VMware ESXi hypervisor is related to errors in the...
Advisory ROSA-SA-2023-2191
Software: emacs 24.3-23. OS: rosa-server79 packageevrstring: 24.3-23.res7.1 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir parameter come from external input, and...
Advisory ROSA-SA-2023-2135
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21366 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...
Advisory ROSA-SA-2021-1905
Software: libxml2 2.9.1 OS: Cobalt 7.9 CVE-ID: CVE-2013-0339 CVE-Crit: HIGH CVE-DESC: libxml2 before 2.9.1 does not handle external entity extension properly if the application developer does not use the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to...
Advisory ROSA-SA-2021-1901
Software: libvorbis 1.3.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-20412 CVE-Crit: MEDIUM CVE-DESC: lib / codebook.c in libvorbis before 1.3.6, which was used in StepMania 5.0.12 and other products, has insufficient array bounds checking with the created OGG file. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1859
Software: kernel 3.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-10751 CVE-Crit: MEDIUM CVE-DESC: A bug was discovered in the implementation of the SELinux LSM trap in Linux kernels prior to version 5.7, where it was incorrectly assumed that skb would only contain a single netlink message. The trap...
Advisory ROSA-SA-2025-2735
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 packageevrstring: cups-2.2.6-60.rv30 CVE-ID: CVE-2023-32360 BDU-ID: 2023-07653 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authentication procedure. Exploitation of the vulnerability could allow a...
Advisory ROSA-SA-2024-2454
software: dom4j 2.0.3 AXIS: ROSA-CHROME packageevrstring: dom4j-2.0.3-1 CVE-ID: CVE-2018-1000632 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The dom4j version contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute, which could lead to an attacker forging XM...
Advisory ROSA-SA-2024-2425
software: aspell 0.60.8 WASP: ROSA-CHROME packageevrstring: aspell-0.60.8-3 CVE-ID: CVE-2019-25051 BDU-ID: None CVE-Crit: N/A CVE-DESC.: objstack in GNU Aspell has a heap buffer overflow in acommon::ObjStack::duptop CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update aspell...