Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2021/07/02 4:40 p.m.•41 views

Advisory ROSA-SA-2021-1833

Software: file 5.11 OS: Cobalt 7.9 CVE-ID: CVE-2014-9620 CVE-Crit: HIGH CVE-DESC: ELF parser in files 5.08 through 5.21 allows remote attackers to cause a denial of service with a large number of notes. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2018-1183 CVE-Crit: CRITICAL CVE-DESC: In Del...

9.8CVSS8.7AI score0.04683EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:39 p.m.•41 views

Advisory ROSA-SA-2021-1826

Software: ed 1.9 OS: Cobalt 7.9 CVE-ID: CVE-2015-2987 CVE-Crit: MEDIUM CVE-DESC: Type74 ED before 4.0 incorrectly uses 128-bit ECB encryption for small files, making it easier for attackers to obtain plaintext data by differential cryptanalysis of a file with an original length of less than 128...

7.5CVSS7AI score0.03044EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 4:38 p.m.•41 views

Advisory ROSA-SA-2021-1824

Software: dovecot 2.2.36 OS: Cobalt 7.9 CVE-ID: CVE-2019-10691 CVE-Crit: HIGH CVE-DESC: The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly cause the authentication service to fail by attempting to authenticate with an invalid UTF-8 sequence as the username. CVE-STATUS:...

7.5CVSS7.4AI score0.08153EPSS
Exploits5
Rosalinux
Rosalinux
•added 2021/07/02 4:32 p.m.•41 views

Advisory ROSA-SA-2021-1807

Software: avahi 0.6.31 OS: Cobalt 7.9 CVE-ID: CVE-2021-26720 CVE-Crit: HIGH CVE-DESC: avahi-daemon-check-dns.sh in the Debian avahi package prior to version 0.8-4 is executed as root user via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create...

7.8CVSS6.9AI score0.00395EPSS
Exploits0
Rosalinux
Rosalinux
•added 2026/05/20 7:5 a.m.•40 views

Advisory ROSA-SA-2026-3289

software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...

7.8CVSS5.8AI score0.03663EPSS
Exploits17
Rosalinux
Rosalinux
•added 2025/10/27 6:20 a.m.•40 views

Advisory ROSA-SA-2025-3042

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...

8.2CVSS7AI score0.01245EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 8:55 p.m.•40 views

Advisory ROSA-SA-2024-2485

Software: postgresql14 14.12 OS: rosa-server79 packageevrstring: postgresql14-14.12-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...

8.8CVSS7.8AI score0.04322EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/27 9:6 a.m.•40 views

Advisory ROSA-SA-2024-2360

software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...

9.8CVSS7.5AI score0.01105EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/12/19 8:39 a.m.•40 views

Advisory ROSA-SA-2023-2308

Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.0.1.rv3.src.rpm CVE-ID: CVE-2018-1000879 BDU-ID: 2020-01816 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the archiveaclfromtextlins function of the libarchive library is related to NULL pointer...

6.5CVSS6.8AI score0.04056EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:15 a.m.•40 views

Advisory ROSA-SA-2023-2271

software: pdfbox 2.0.24 WASP: ROSA-CHROME packageevrstring: pdfbox-2.0.24-1.src.rpm CVE-ID: CVE-2021-27807 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A carefully crafted PDF file may cause an infinite loop when loading the file. This issue affects Apache PDFBox version 2.0.22 and earlier versions of...

5.5CVSS5.7AI score0.03445EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/08 8:21 a.m.•40 views

Advisory ROSA-SA-2023-2212

Software: freetype 2.9.1 OS: ROSA Virtualization 2.1 packageevrstring: freetype-2.9.1-9.rv3.src.rpm CVE-ID: CVE-2022-27404 BDU-ID: 2022-06908 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the sfntinitface function of the FreeType library is related to writing beyond buffer boundaries...

9.8CVSS8.7AI score0.0339EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/07/11 12:13 p.m.•40 views

Advisory ROSA-SA-2023-2188

Software: pure-ftpd 1.0.51 OS: ROSA-CHROME packageevrstring: pure-ftpd-1.0.51-1.src.rpm CVE-ID: CVE-2020-9274 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An uninitialized pointer vulnerability has been discovered in the linked list of diraliases. When the lookupaliasconst char alias or printaliasesvoi...

7.5CVSS6.9AI score0.05957EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/06/20 10:11 a.m.•40 views

Advisory ROSA-SA-2023-2169

software: log4net 1.2.15 OS: ROSA-CHROME packageevrstring: log4net-1.2.15-6.src.rpm CVE-ID: CVE-2018-1285 BDU-ID: 2021-01050 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the logging library to the .NET Framework log4net platform is related to XML external object XXE link restriction errors...

9.8CVSS6.9AI score0.17823EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/05/15 7:50 a.m.•40 views

Advisory ROSA-SA-2023-2164

Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-2.rv3.src.rpm CVE-ID: CVE-2019-25038 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: Unbound before version 1.9.5 allows integer overflow on size calculation in dnscrypt/dnscrypt.c. CVE-STATUS: Fixed CVE-REV: Run the...

9.8CVSS7.3AI score0.02037EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:21 p.m.•40 views

Advisory ROSA-SA-2021-2002

Software: yum 3.4.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-1910 CVE-Crit: CRITICAL CVE-DESC: yum mishandles bad metadata, allowing an attacker to cause a denial of service and possibly other undefined impact via a Trojan horse file in the metadata of a remote repository. CVE-STATUS: default CVE-REV:...

9.8CVSS8.9AI score0.02496EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•40 views

Advisory ROSA-SA-2021-1961

Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor also known as libraptor before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user, ...

6.5CVSS6.4AI score0.13682EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 5:26 p.m.•40 views

Advisory ROSA-SA-2021-1906

Software: libxslt 1.1.28 OS: Cobalt 7.9 CVE-ID: CVE-2015-7995 CVE-Crit: MEDIUM CVE-DESC: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, allowing attackers to cause a denial of service via a generated XML file related to the "type...

9.8CVSS8.1AI score0.05146EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:16 p.m.•40 views

Advisory ROSA-SA-2021-1885

Software: libproxy 0.4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-25219 CVE-Crit: HIGH CVE-DESC: url :: recvline in url.cpp in libproxy 0.4.x to 0.4.15 allows a remote HTTP server to run uncontrolled recursion through a response consisting of an infinite stream with no newline character. This results in...

9.8CVSS7.5AI score0.04284EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:7 p.m.•40 views

Advisory ROSA-SA-2021-1857

Software: junit 4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-15250 CVE-Crit: MEDIUM CVE-DESC: In JUnit4, from version 4.7 through 4.13.1, the TemporaryFolder test rule contains a local information disclosure vulnerability. In Unix-like systems, a system's temporary directory is shared by all users on tha...

5.5CVSS6.2AI score0.01695EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:5 p.m.•40 views

Advisory ROSA-SA-2021-1855

Software: iptables 1.4.21 OS: Cobalt 7.9 CVE-ID: CVE-2012-2663 CVE-Crit: CRITICAL CVE-DESC: extension / libxttcp.c in iptables before 1.4.21 does not match TCP SYN + FIN packets in --syn rules, which may allow remote attackers to bypass intended firewall restrictions using crafted packets. NOTE:...

7.5CVSS7.1AI score0.02849EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:4 p.m.•40 views

Advisory ROSA-SA-2021-1853

Software: hivex 1.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2014-9273 CVE-Crit: HIGH CVE-DESC: lib / handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges using small bush files, which triggers reads or writes outside the allowed range. CVE-STATUS: default CVE-REV...

5.8CVSS7.7AI score0.01916EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:38 p.m.•40 views

Advisory ROSA-SA-2021-1823

Software: dnsmasq 2.76 OS: Cobalt 7.9 CVE-ID: CVE-2017-13704 CVE-Crit: HIGH CVE-DESC: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in the memset call gets a negative value. Since this is an unsigned value, memset writes up to...

8.3CVSS8.6AI score0.86692EPSS
Exploits3
Rosalinux
Rosalinux
•added 2025/04/11 9:55 p.m.•39 views

Advisory ROSA-SA-2025-2828

Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...

8.8CVSS9.2AI score0.89914EPSS
Exploits11
Rosalinux
Rosalinux
•added 2025/01/27 12:42 p.m.•39 views

Advisory ROSA-SA-2025-2597

software: packagekit 1.1.13 OS: ROSA-CHROME packageevrstring: packagekit-1.1.13-4 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory. CVE-STATUS: The vulnerability has been resolved. CVE-REV: To close...

3.3CVSS6.8AI score0.00228EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/03/28 6:52 a.m.•39 views

Advisory ROSA-SA-2024-2384

Software: kernel-ml 5.15.146 OS: rosa-server79 packageevrstring: kernel-ml-5.15.146-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/T...

8.8CVSS7.8AI score0.09141EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/02/20 10:5 a.m.•39 views

Advisory ROSA-SA-2024-2356

Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-16.rv3 CVE-ID: CVE-2016-3709 BDU-ID: 2023-07602 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to protect the structure of a web page. Exploitation of...

7.8CVSS8.9AI score0.22791EPSS
Exploits6
Rosalinux
Rosalinux
•added 2024/02/14 10:40 a.m.•39 views

Advisory ROSA-SA-2024-2343

software: libx11 1.8.1 OS: ROSA-CHROME packageevrstring: libx11-1.8.1-3.src.rpm CVE-ID: CVE-2023-3138 BDU-ID: 2023-03596 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/InitExt.c file of the libX11 client API provisioning library for the X Window System libX11 is related to an operation...

7.5CVSS7.3AI score0.01656EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/31 2:7 p.m.•39 views

Advisory ROSA-SA-2023-2285

software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...

7.8CVSS6.6AI score0.0663EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/22 5:45 a.m.•39 views

Advisory ROSA-SA-2023-2266

software: sqlite 3.41.2 OS: ROSA-CHROME packageevrstring: sqlite-3.41.2-1.src.rpm CVE-ID: CVE-2022-46908 BDU-ID: 2023-05686 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the command line interface of the SQLite database management system is related to implementation errors in the...

7.3CVSS7AI score0.00425EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/06/20 10:44 a.m.•39 views

Advisory ROSA-SA-2023-2172

Software: libtar 1.2.20 OS: ROSA Virtualization 2.1 packageevrstring: libtar-1.2.20-17.rv3 CVE-ID: CVE-2021-33644 BDU-ID: None CVE-Crit: HIGH CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc0 for the gnulongname variabl...

8.1CVSS7AI score0.01431EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/06/20 9:22 a.m.•39 views

Advisory ROSA-SA-2023-2168

Software: firefox 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-1.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit. Exploitation ...

8.1CVSS7.5AI score0.01673EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/05/03 11:24 a.m.•39 views

Advisory ROSA-SA-2023-2162

Software: wpasupplicant 2.10 OS: ROSA Virtualization 2.1 packageevrstring: wpasupplicant-2.10-1.rv3.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information...

9.8CVSS6.3AI score0.02944EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/02/02 9:29 a.m.•39 views

Advisory ROSA-SA-2023-2092

Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-common-1.20.4-16. CVE-ID: CVE-2022-4283 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to...

8.8CVSS8.7AI score0.02685EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 4:31 p.m.•39 views

Advisory ROSA-SA-2021-1804

Software: accountservice 0.6.50 OS: Cobalt 7.9 CVE-ID: CVE-2020-16126 CVE-Crit: LOW CVE-DESC: Ubuntu-specific modification of AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, incorrectly removed ruid, allowing untrusted users to send signals to AccountsService,...

5.5CVSS6.8AI score0.00541EPSS
Exploits3
Rosalinux
Rosalinux
•added 2025/01/28 7:8 p.m.•38 views

Advisory ROSA-SA-2025-2645

software: binutils 2.38 WASP: ROSA-CHROME packageevrstring: binutils-2.38-4 CVE-ID: CVE-2023-1972 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Buffer overflow vulnerability in bfdselfslurpversiontables in bfd/self.c could cause loss of availability. CVE-STATUS: The vulnerability has been resolved...

7.8CVSS7.4AI score0.00895EPSS
Exploits12
Rosalinux
Rosalinux
•added 2024/06/17 9:9 a.m.•38 views

Advisory ROSA-SA-2024-2434

Software: giflib 5.2.1 OS: ROSA-CHROME packageevrstring: giflib-5.2.1-4 CVE-ID: CVE-2023-39742 BDU-ID: 2023-05863 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getarg.c component of the GIFLIB library for handling GIF files is related to a segmentation error. Exploitation of the vulnerabilit...

5.5CVSS5.7AI score0.01264EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/04/11 8:8 a.m.•38 views

Advisory ROSA-SA-2024-2398

software: git 2.41.0 WASP: ROSA-CHROME packageevrstring: git-2.41.0-2.src.rpm CVE-ID: CVE-2022-23521 BDU-ID: 2023-00499 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to...

9.8CVSS8.1AI score0.56334EPSS
Exploits6
Rosalinux
Rosalinux
•added 2024/02/06 7:40 a.m.•38 views

Advisory ROSA-SA-2024-2336

software: hiredis 0.13.3 AXIS: ROSA-CHROME packageevrstring: hiredis-0.13.3-2.src.rpm CVE-ID: CVE-2021-32765 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In vulnerable versions, Hiredis is vulnerable to integer overflow if provided with maliciously crafted or corrupted RESP mult-bulk protocol data. Whe...

8.8CVSS8.9AI score0.02045EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/12/05 10:39 a.m.•38 views

Advisory ROSA-SA-2023-2302

software: qemu 7.2.0 OS: ROSA-CHROME packageevrstring: qemu-7.2.0-2.src.rpm CVE-ID: CVE-2023-0330 BDU-ID: 2023-04834 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the lsi53c895a.c component of the QEMU hardware emulator is related to writing beyond buffer boundaries. Exploitation of the...

6.5CVSS6.9AI score0.00409EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/31 2:4 p.m.•38 views

Advisory ROSA-SA-2023-2284

software: c-ares 1.18.1 OS: ROSA-CHROME packageevrstring: c-ares-1.18.1-2.src.rpm CVE-ID: CVE-2022-4904 BDU-ID: 2023-01258 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aressetsortlist function of the c-ares asynchronous DNS query library is related to a lack of input string validation, allowi...

8.6CVSS8.9AI score0.01577EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/08/22 1:18 p.m.•38 views

Advisory ROSA-SA-2023-2220

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-22576 BDU-ID: 2022-03036 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OAUTH2 protocol implementation of the cURL command line utility is related to the reuse of a connection wi...

8.1CVSS7.3AI score0.06762EPSS
Exploits5
Rosalinux
Rosalinux
•added 2023/07/25 10:25 a.m.•38 views

Advisory ROSA-SA-2023-2201

Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-3.res7.6 CVE-ID: CVE-2023-20867 BDU-ID: 2023-03162 CVE-Crit: LOW CVE-DESC.: A vulnerability in the vgauth module of the VMware Tools component of the VMware ESXi hypervisor is related to errors in the...

3.9CVSS7.1AI score0.13638EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/18 11:16 a.m.•38 views

Advisory ROSA-SA-2023-2191

Software: emacs 24.3-23. OS: rosa-server79 packageevrstring: 24.3-23.res7.1 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir parameter come from external input, and...

7.8CVSS7.7AI score0.01132EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/03/28 1:24 p.m.•38 views

Advisory ROSA-SA-2023-2135

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21366 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...

5.3CVSS5.5AI score0.07748EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:25 p.m.•38 views

Advisory ROSA-SA-2021-1905

Software: libxml2 2.9.1 OS: Cobalt 7.9 CVE-ID: CVE-2013-0339 CVE-Crit: HIGH CVE-DESC: libxml2 before 2.9.1 does not handle external entity extension properly if the application developer does not use the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to...

9.8CVSS8.8AI score0.05436EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:22 p.m.•38 views

Advisory ROSA-SA-2021-1901

Software: libvorbis 1.3.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-20412 CVE-Crit: MEDIUM CVE-DESC: lib / codebook.c in libvorbis before 1.3.6, which was used in StepMania 5.0.12 and other products, has insufficient array bounds checking with the created OGG file. CVE-STATUS: default CVE-REV: default...

6.5CVSS7.2AI score0.01028EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:8 p.m.•38 views

Advisory ROSA-SA-2021-1859

Software: kernel 3.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-10751 CVE-Crit: MEDIUM CVE-DESC: A bug was discovered in the implementation of the SELinux LSM trap in Linux kernels prior to version 5.7, where it was incorrectly assumed that skb would only contain a single netlink message. The trap...

6.1CVSS6.8AI score0.00348EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/03/01 9:32 p.m.•37 views

Advisory ROSA-SA-2025-2735

Software: cups 2.2.6 OS: ROSA Virtualization 3.0 packageevrstring: cups-2.2.6-60.rv30 CVE-ID: CVE-2023-32360 BDU-ID: 2023-07653 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authentication procedure. Exploitation of the vulnerability could allow a...

7.5CVSS7.7AI score0.02421EPSS
Exploits3
Rosalinux
Rosalinux
•added 2024/07/23 11:11 a.m.•37 views

Advisory ROSA-SA-2024-2454

software: dom4j 2.0.3 AXIS: ROSA-CHROME packageevrstring: dom4j-2.0.3-1 CVE-ID: CVE-2018-1000632 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The dom4j version contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute, which could lead to an attacker forging XM...

9.8CVSS7.8AI score0.07269EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/05/28 8:24 a.m.•37 views

Advisory ROSA-SA-2024-2425

software: aspell 0.60.8 WASP: ROSA-CHROME packageevrstring: aspell-0.60.8-3 CVE-ID: CVE-2019-25051 BDU-ID: None CVE-Crit: N/A CVE-DESC.: objstack in GNU Aspell has a heap buffer overflow in acommon::ObjStack::duptop CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update aspell...

7.8CVSS7.5AI score0.00549EPSS
Exploits0
Total number of security vulnerabilities1374