1374 matches found
Advisory ROSA-SA-2023-2235
Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5-1.src.rpm CVE-ID: CVE-2023-22742 BDU-ID: 2023-00574 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libssh2 library of the C Libgit2 implementation of Git methods is related to cryptographic signature verification errors...
Advisory ROSA-SA-2023-2218
software: multipath-tools 0.8.9 WASP: ROSA-CHROME packageevrstring: multipath-tools-0.8.9-3.src.rpm CVE-ID: CVE-2022-41973 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: multipath-tools 0.7.7 to 0.9.x to 0.9.2 allows local users to gain root access as used in conjunction with CVE-2022-41974. Local users...
Advisory ROSA-SA-2023-2202
Software: python 3.6.8 OS: rosa-server79 packageevrstring: python-3.6.8-19.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...
Advisory ROSA-SA-2021-1961
Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor also known as libraptor before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user, ...
Advisory ROSA-SA-2021-1907
Software: libzip 0.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-2331 CVE-Crit: HIGH CVE-DESC: An integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6. 7 and other products,...
Advisory ROSA-SA-2021-1841
Software: ghostscript 9.25 OS: Cobalt 7.9 CVE-ID: CVE-2018-19478 CVE-Crit: MEDIUM CVE-DESC: In Artifex Ghostscript before 9.26, a carefully crafted PDF file can run extremely long calculations when parsing the file. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-14373 CVE-Crit: MEDIUM...
Advisory ROSA-SA-2025-2629
software: jackson-databind 2.9.9.3 OS: ROSA-CHROME packageevrstring: jackson-databind-2.9.9.9.3 CVE-ID: CVE-2019-14540 BDU-ID: 2019-04085 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FasterXML com.zaxxer.hikari.HikariConfig function of the Java library for grammar parsing JSON files...
Advisory ROSA-SA-2025-2581
software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-4 CVE-ID: CVE-2024-1454 BDU-ID: 2024-03243 CVE-Crit: LOW CVE-DESC.: A vulnerability in the AuthentIC driver of the OpenSC smart card software toolkit and libraries is related to memory usage after it has been freed...
Advisory ROSA-SA-2024-2513
Software: python-setuptools 0.9.8 OS: rosa-server79 packageevrstring: python-setuptools-0.9.8-7.0.1.res7 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is related to functions...
Advisory ROSA-SA-2024-2486
Software: postgresql15 15.7 OS: rosa-server79 packageevrstring: postgresql15-15.7-1PGDG.res7 CVE-ID: CVE-2023-39418 BDU-ID: 2023-04768 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to access delimitation flaws. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2425
software: aspell 0.60.8 WASP: ROSA-CHROME packageevrstring: aspell-0.60.8-3 CVE-ID: CVE-2019-25051 BDU-ID: None CVE-Crit: N/A CVE-DESC.: objstack in GNU Aspell has a heap buffer overflow in acommon::ObjStack::duptop CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update aspell...
Advisory ROSA-SA-2024-2381
Software: rsyslog 8.1911.0 OS: ROSA Virtualization 2.1 packageevrstring: rsyslog-8.1911.0-6.0.1.rv3 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing beyond buffer boundaries ...
Advisory ROSA-SA-2023-2306
Software: hivex 1.3.18 OS: ROSA Virtualization 2.1 packageevrstring: hivex-1.3.18-23.rv3.src.rpm CVE-ID: CVE-2021-3622 BDU-ID: 2021-04419 CVE-Crit: LOW CVE-DESC.: A vulnerability in the getchildren function of the getchildren library for retrieving the contents of Windows hivex registry branches ...
Advisory ROSA-SA-2023-2301
Software: gzip 1.9 OS: ROSA Virtualization 2.1 packageevrstring: gzip-1.9-13.rv3.src.rpm CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2023-2286
Software: dhcp 4.3.6 OS: ROSA Virtualization 2.1 packageevrstring: dhcp-4.3.6-49.0.1.rv3.src.rpm CVE-ID: CVE-2022-2929 BDU-ID: None CVE-Crit: N/A CVE-DESC.: In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, a system with access to a DHCP server that sends DHCP packets created to...
Advisory ROSA-SA-2023-2273
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-1.src.rpm CVE-ID: CVE-2021-46784 BDU-ID: 2022-04051 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server's implementation of the Gopher network protocol is associated with the use of assert or a similar operator...
Advisory ROSA-SA-2023-2255
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-32088 BDU-ID: 2022-04064 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Exectimetracker::getloops/Filesorttracker::reportuse/filesort function of the MariaDB database management system is...
Advisory ROSA-SA-2023-2242
Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-2.rv3.src.rpm CVE-ID: CVE-2023-20900 BDU-ID: 2023-05064 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to the ability to bypass the SAML token signature...
Advisory ROSA-SA-2023-2232
Software: firefox 102.14.0 OS: rosa-server79 packageevrstring: firefox-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text directio...
Advisory ROSA-SA-2023-2227
software: buildah 1.30.0 AXIS: ROSA-CHROME packageevrstring: buildah-1.30.0-2.src.rpm CVE-ID: CVE-2022-27651 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There was a bug in the build that caused containers to incorrectly start with non-empty default permissions. A bug was discovered in Moby Docker...
Advisory ROSA-SA-2021-1984
Software: tar 1.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-12015. CVE-Crit: HIGH CVE-DESC: In Perl before 5.26.2, the Archive :: Tar module allows remote attackers to bypass the directory traversal protection mechanism and overwrite arbitrary files via an archive file containing a symbolic link and a...
Advisory ROSA-SA-2021-1899
Software: libvirt 4.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-25637 CVE-Crit: MEDIUM CVE-DESC: A double free memory issue has been detected in libvirt APIs in versions prior to 6.8.0 responsible for querying information about network interfaces of a running QEMU domain. This flaw affects the polkit...
Advisory ROSA-SA-2021-1884
Software: libpng 1.5.13 OS: Cobalt 7.9 CVE-ID: CVE-2013-7353 CVE-Crit: HIGH CVE-DESC: Integer overflow in pngsetunknownchunks function in libpng / pngset.c in libpng before 1.5.14beta08 allows context-sensitive attackers to cause a denial of service segmentation error and crash via a crafted imag...
Advisory ROSA-SA-2021-1817
Software: cups-filters 1.0.35 OS: Cobalt 7.9 CVE-ID: CVE-2013-6473 CVE-Crit: MEDIUM CVE-DESC: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 through 1.0.47 allow remote attackers to execute arbitrary code across a large 1 page or 2 lines in a URF file...
Advisory ROSA-SA-2021-1804
Software: accountservice 0.6.50 OS: Cobalt 7.9 CVE-ID: CVE-2020-16126 CVE-Crit: LOW CVE-DESC: Ubuntu-specific modification of AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, incorrectly removed ruid, allowing untrusted users to send signals to AccountsService,...
Advisory ROSA-SA-2025-2573
Software: qbittorrent 4.6.7 OS: ROSA-CHROME packageevrstring: qbittorrent-4.6.7-1 CVE-ID: CVE-2024-51774 BDU-ID: 2024-09433 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cross-platform BitTorrent client qBittorrent is related to improper SSL/TLS certificate authentication. Exploitation of the...
Advisory ROSA-SA-2024-2477
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...
Advisory ROSA-SA-2024-2442
software: usbredir 0.8.0 OS: ROSA-CHROME packageevrstring: usbredir-0.8.0-4 CVE-ID: CVE-2021-3700 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A post-release exploit vulnerability was discovered in usbredir in usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs when...
Advisory ROSA-SA-2024-2407
software: xz 5.2.9 AXIS: ROSA-CHROME packageevrstring: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extrac...
Advisory ROSA-SA-2023-2251
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-2813 BDU-ID: 2019-03456 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Server: DDL component of the MySQL Server database management system is related to a lack of service data protection...
Advisory ROSA-SA-2023-2129
Software: libksba 1.3.0 OS: rosa-server79 packageevrstring: libksba-1.3.0 CVE-ID: CVE-2022-47629 BDU-ID: 2022-07478 CVE-Crit: HIGH CVE-DESC: A vulnerability in the X.509 LibKSBA certificate function-providing library is related to an integer overflow in the CRL parser. Exploitation of the...
Advisory ROSA-SA-2023-2112
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87 CVE-ID: CVE-2022-28733 BDU-ID: 2022-03372 CVE-Crit: HIGH CVE-DESC: A vulnerability in the grubnetrecvip4packets function of the Grub operating systems bootloader program is related to integer overflow. Exploitation of the...
Advisory ROSA-SA-2021-2000
Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1991
Software: unzip 6.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9913 CVE-Crit: MEDIUM CVE-DESC: Buffer overflow in listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service failure using vectors associated with the compression method. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1985
Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...
Advisory ROSA-SA-2021-1980
Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...
Advisory ROSA-SA-2021-1967
Software: samba 4.10.16 OS: Cobalt 7.9 CVE-ID: CVE-2020-10745 CVE-Crit: HIGH CVE-DESC: In all versions of Samba prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4, a flaw has been discovered in the way NetBios is handled over TCP / IP. This flaw allows a remote attacker to cause excessive CP...
Advisory ROSA-SA-2021-1964
Software: rsync 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-15994 CVE-Crit: CRITICAL CVE-DESC: rsync 3.1.3-development before 10/24-2017 incorrectly handles outdated checksums, making it easy for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch is widely used...
Advisory ROSA-SA-2021-1960
Software: quagga 0.99.22.4 OS: Cobalt 7.9 CVE-ID: CVE-2016-1245 CVE-Crit: CRITICAL CVE-DESC: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffers from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The main reason was that the BUFSIZ was...
Advisory ROSA-SA-2021-1936
Software: opensc 0.19.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-15945 CVE-Crit: MEDIUM CVE-DESC: OpenSC before 0.20.0-rc1 has out-of-bounds access to ASN.1 bit string in decodebitstring in libopensc / asn1.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15946 CVE-Crit: MEDIUM CVE-DESC: OpenSC...
Advisory ROSA-SA-2021-1857
Software: junit 4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-15250 CVE-Crit: MEDIUM CVE-DESC: In JUnit4, from version 4.7 through 4.13.1, the TemporaryFolder test rule contains a local information disclosure vulnerability. In Unix-like systems, a system's temporary directory is shared by all users on tha...
Advisory ROSA-SA-2025-3069
Software: freeglut 3.0.0 OS: ROSA Virtualization 3.0 unaffected versions = freeglut-3.0.0.0-9.rv30 affected versions freeglut-3.0.0.0-9.rv30 CVE-ID: CVE-2024-24258 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GlutAddSubMenu function of the MuPDF PDF viewer is related to a memory leak...
Advisory ROSA-SA-2025-2836
Software: dhcp 4.3.6 OS: ROSA Virtualization 2.1 packageevrstring: dhcp-4.3.6-50.0.1.rv3 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity a...
Advisory ROSA-SA-2024-2437
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1 CVE-ID: CVE-2022-29458 BDU-ID: 2023-00296 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the convertstrings function of the convertstrings component of the tinfo/readentry.c component of the Ncurses terminal I/O...
Advisory ROSA-SA-2024-2415
software: hwloc 2.7.1 OS: ROSA-CHROME packageevrstring: hwloc-2.7.1-2 CVE-ID: CVE-2022-47022 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem discovered in open-mpi hwloc allows attackers to cause denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. CVE-STATUS:...
Advisory ROSA-SA-2024-2414
software: upx 4.2.1 OS: ROSA-CHROME packageevrstring: upx-4.2.1-1 CVE-ID: CVE-2023-23456 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack in the file ptmt.cpp. This thread allows an attacker to cause a denial of service interrupt using...
Advisory ROSA-SA-2024-2410
Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...
Advisory ROSA-SA-2024-2388
Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-0666 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Due to a failure in length validation provided by an attacker-created RTPS packet, Wireshark is vulnerable by default to a heap buffer overflow an...
Advisory ROSA-SA-2024-2386
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3-12.0.1.rv3.3.x8664.rpm CVE-ID: CVE-2020-10745 BDU-ID: 2021-01741 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Samba networking software package is associated with uncontrolled resource consumption. Exploitation ...
Advisory ROSA-SA-2024-2378
software: pcre2 10.36 WASP: ROSA-CHROME packageevrstring: pcre2-10.36-4.src.rpm CVE-ID: CVE-2022-41409 BDU-ID: 2023-05302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2test command of the PCRE2 regular expression library is related to integer overflow. Exploitation of the vulnerability...