Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2024/05/07 8:22 a.m.•37 views

Advisory ROSA-SA-2024-2417

Software: faad2 2.8.8 OS: ROSA Virtualization 2.1 packageevrstring: faad2-2.8.8-6.0.1.rv3 CVE-ID: CVE-2021-32272 BDU-ID: 2022-01810 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the stszin function of the mp4read.c component of the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related t...

7.8CVSS7.5AI score0.01218EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/04/23 12:4 p.m.•37 views

Advisory ROSA-SA-2024-2406

software: gcc 11.4.0 OS: ROSA-CHROME packageevrstring: gcc-11.4.0-10 CVE-ID: CVE-2023-4039 BDU-ID: 2023-05920 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the stack protection feature of the GNU Compiler Collection GCC stack for various programming languages involves a breach of the data...

4.8CVSS5.2AI score0.00666EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/02/14 10:25 a.m.•37 views

Advisory ROSA-SA-2024-2341

Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-148.0.1.rv3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding...

8.6CVSS8.4AI score0.00514EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/12/12 12:25 p.m.•37 views

Advisory ROSA-SA-2023-2306

Software: hivex 1.3.18 OS: ROSA Virtualization 2.1 packageevrstring: hivex-1.3.18-23.rv3.src.rpm CVE-ID: CVE-2021-3622 BDU-ID: 2021-04419 CVE-Crit: LOW CVE-DESC.: A vulnerability in the getchildren function of the getchildren library for retrieving the contents of Windows hivex registry branches ...

4.3CVSS7.7AI score0.04794EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/12/12 12:21 p.m.•37 views

Advisory ROSA-SA-2023-2305

software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...

9.8CVSS7.9AI score0.01105EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 5:19 a.m.•37 views

Advisory ROSA-SA-2023-2260

software: upx 4.0.2 OS: ROSA-CHROME packageevrstring: upx-4.0.2-1.src.rpm CVE-ID: CVE-2019-20805 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: plxelf.cpp in UPX before version 3.96 has an integer overflow during unpacking via created values in the PTDYNAMIC segment. CVE-STATUS: Fixed CVE-REV: To close...

7.5CVSS7AI score0.00817EPSS
Exploits12
Rosalinux
Rosalinux
•added 2023/10/21 3:57 p.m.•37 views

Advisory ROSA-SA-2023-2255

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-32088 BDU-ID: 2022-04064 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Exectimetracker::getloops/Filesorttracker::reportuse/filesort function of the MariaDB database management system is...

7.5CVSS6.9AI score0.02082EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/10/10 8:59 a.m.•37 views

Advisory ROSA-SA-2023-2240

software: pcs 0.10.7 WASP: ROSA-CHROME packageevrstring: pcs-0.10.7-3.src.rpm CVE-ID: CVE-2022-2735 BDU-ID: 2022-05554 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the corosync/pacemaker PCS configuration utility is related to flaws in the authentication procedure. Exploitation of the vulnerabili...

7.8CVSS7.1AI score0.00299EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/09/12 12:11 p.m.•37 views

Advisory ROSA-SA-2023-2235

Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5-1.src.rpm CVE-ID: CVE-2023-22742 BDU-ID: 2023-00574 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libssh2 library of the C Libgit2 implementation of Git methods is related to cryptographic signature verification errors...

5.9CVSS6.7AI score0.0058EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/08/22 8:47 a.m.•37 views

Advisory ROSA-SA-2023-2218

software: multipath-tools 0.8.9 WASP: ROSA-CHROME packageevrstring: multipath-tools-0.8.9-3.src.rpm CVE-ID: CVE-2022-41973 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: multipath-tools 0.7.7 to 0.9.x to 0.9.2 allows local users to gain root access as used in conjunction with CVE-2022-41974. Local users...

7.8CVSS6.9AI score0.00658EPSS
Exploits4
Rosalinux
Rosalinux
•added 2023/07/25 10:31 a.m.•37 views

Advisory ROSA-SA-2023-2202

Software: python 3.6.8 OS: rosa-server79 packageevrstring: python-3.6.8-19.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

7.5CVSS6.9AI score0.20459EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/02/14 11:48 a.m.•37 views

Advisory ROSA-SA-2023-2112

Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87 CVE-ID: CVE-2022-28733 BDU-ID: 2022-03372 CVE-Crit: HIGH CVE-DESC: A vulnerability in the grubnetrecvip4packets function of the Grub operating systems bootloader program is related to integer overflow. Exploitation of the...

8.1CVSS9.1AI score0.01284EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•37 views

Advisory ROSA-SA-2021-1960

Software: quagga 0.99.22.4 OS: Cobalt 7.9 CVE-ID: CVE-2016-1245 CVE-Crit: CRITICAL CVE-DESC: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffers from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The main reason was that the BUFSIZ was...

9.8CVSS6.8AI score0.74599EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:26 p.m.•37 views

Advisory ROSA-SA-2021-1907

Software: libzip 0.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-2331 CVE-Crit: HIGH CVE-DESC: An integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6. 7 and other products,...

7.5CVSS10AI score0.27692EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:44 p.m.•37 views

Advisory ROSA-SA-2021-1841

Software: ghostscript 9.25 OS: Cobalt 7.9 CVE-ID: CVE-2018-19478 CVE-Crit: MEDIUM CVE-DESC: In Artifex Ghostscript before 9.26, a carefully crafted PDF file can run extremely long calculations when parsing the file. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-14373 CVE-Crit: MEDIUM...

5.5CVSS6.7AI score0.01888EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/01/28 6:31 p.m.•36 views

Advisory ROSA-SA-2025-2629

software: jackson-databind 2.9.9.3 OS: ROSA-CHROME packageevrstring: jackson-databind-2.9.9.9.3 CVE-ID: CVE-2019-14540 BDU-ID: 2019-04085 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FasterXML com.zaxxer.hikari.HikariConfig function of the Java library for grammar parsing JSON files...

9.8CVSS9.1AI score0.10676EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/01/27 10:40 a.m.•36 views

Advisory ROSA-SA-2025-2581

software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-4 CVE-ID: CVE-2024-1454 BDU-ID: 2024-03243 CVE-Crit: LOW CVE-DESC.: A vulnerability in the AuthentIC driver of the OpenSC smart card software toolkit and libraries is related to memory usage after it has been freed...

3.4CVSS6.7AI score0.00422EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 8:57 p.m.•36 views

Advisory ROSA-SA-2024-2486

Software: postgresql15 15.7 OS: rosa-server79 packageevrstring: postgresql15-15.7-1PGDG.res7 CVE-ID: CVE-2023-39418 BDU-ID: 2023-04768 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to access delimitation flaws. Exploitation of the vulnerability...

8.8CVSS8.3AI score0.04322EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/07/01 2:13 p.m.•36 views

Advisory ROSA-SA-2024-2442

software: usbredir 0.8.0 OS: ROSA-CHROME packageevrstring: usbredir-0.8.0-4 CVE-ID: CVE-2021-3700 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A post-release exploit vulnerability was discovered in usbredir in usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs when...

6.4CVSS6.8AI score0.00309EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/11 7:21 a.m.•36 views

Advisory ROSA-SA-2024-2394

Software: spice 0.14.3 OS: ROSA Virtualization 2.1 packageevrstring: spice-0.14.3-4.rv3 CVE-ID: CVE-2021-20201 BDU-ID: 2022-05884 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SPICE remote virtual desktop rendering system is associated with significantly less resource consumption at the clie...

5.3CVSS6.8AI score0.02703EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/03/26 11:41 a.m.•36 views

Advisory ROSA-SA-2024-2381

Software: rsyslog 8.1911.0 OS: ROSA Virtualization 2.1 packageevrstring: rsyslog-8.1911.0-6.0.1.rv3 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing beyond buffer boundaries ...

8.1CVSS7.6AI score0.03821EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/20 10:26 a.m.•36 views

Advisory ROSA-SA-2024-2357

software: libvpx 1.10.0 OS: ROSA-CHROME packageevrstring: libvpx-1.10.0-4.src.rpm CVE-ID: CVE-2023-40474 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The MXF file demultiplexer in GStreamer plugins has encountered a heap buffer overflow bug when processing distorted uncompressed video files. This iss...

8.8CVSS8.6AI score0.49013EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/12/05 10:33 a.m.•36 views

Advisory ROSA-SA-2023-2301

Software: gzip 1.9 OS: ROSA Virtualization 2.1 packageevrstring: gzip-1.9-13.rv3.src.rpm CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker...

8.8CVSS7.2AI score0.04271EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/31 2:38 p.m.•36 views

Advisory ROSA-SA-2023-2286

Software: dhcp 4.3.6 OS: ROSA Virtualization 2.1 packageevrstring: dhcp-4.3.6-49.0.1.rv3.src.rpm CVE-ID: CVE-2022-2929 BDU-ID: None CVE-Crit: N/A CVE-DESC.: In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, a system with access to a DHCP server that sends DHCP packets created to...

6.5CVSS6.7AI score0.0062EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/22 6:19 a.m.•36 views

Advisory ROSA-SA-2023-2273

software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-1.src.rpm CVE-ID: CVE-2021-46784 BDU-ID: 2022-04051 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server's implementation of the Gopher network protocol is associated with the use of assert or a similar operator...

8.6CVSS7.2AI score0.0362EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/21 2:46 p.m.•36 views

Advisory ROSA-SA-2023-2251

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-2813 BDU-ID: 2019-03456 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Server: DDL component of the MySQL Server database management system is related to a lack of service data protection...

7.1CVSS6.3AI score0.03716EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/10 9:32 a.m.•36 views

Advisory ROSA-SA-2023-2242

Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-2.rv3.src.rpm CVE-ID: CVE-2023-20900 BDU-ID: 2023-05064 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to the ability to bypass the SAML token signature...

7.5CVSS6.9AI score0.01193EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/09/12 11:49 a.m.•36 views

Advisory ROSA-SA-2023-2232

Software: firefox 102.14.0 OS: rosa-server79 packageevrstring: firefox-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text directio...

9.8CVSS8.8AI score0.13694EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/09/05 9:31 a.m.•36 views

Advisory ROSA-SA-2023-2227

software: buildah 1.30.0 AXIS: ROSA-CHROME packageevrstring: buildah-1.30.0-2.src.rpm CVE-ID: CVE-2022-27651 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There was a bug in the build that caused containers to incorrectly start with non-empty default permissions. A bug was discovered in Moby Docker...

7.1CVSS6.7AI score0.01225EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 6:18 p.m.•36 views

Advisory ROSA-SA-2021-1991

Software: unzip 6.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9913 CVE-Crit: MEDIUM CVE-DESC: Buffer overflow in listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service failure using vectors associated with the compression method. CVE-STATUS: default CVE-REV:...

7.8CVSS7.9AI score0.30469EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 6:14 p.m.•36 views

Advisory ROSA-SA-2021-1984

Software: tar 1.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-12015. CVE-Crit: HIGH CVE-DESC: In Perl before 5.26.2, the Archive :: Tar module allows remote attackers to bypass the directory traversal protection mechanism and overwrite arbitrary files via an archive file containing a symbolic link and a...

7.5CVSS7.8AI score0.07343EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:41 p.m.•36 views

Advisory ROSA-SA-2021-1948

Software: pcsc-lite 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2016-10109 CVE-Crit: HIGH CVE-DESC: Post-release exploitation vulnerability in pcsc-lite before 1.8.20 allows remote attackers to cause a denial of service failure with a command that uses "cardList" after the descriptor has been released using...

7.5CVSS7.2AI score0.04042EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:20 p.m.•36 views

Advisory ROSA-SA-2021-1899

Software: libvirt 4.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-25637 CVE-Crit: MEDIUM CVE-DESC: A double free memory issue has been detected in libvirt APIs in versions prior to 6.8.0 responsible for querying information about network interfaces of a running QEMU domain. This flaw affects the polkit...

7.2CVSS6.7AI score0.00529EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:16 p.m.•36 views

Advisory ROSA-SA-2021-1884

Software: libpng 1.5.13 OS: Cobalt 7.9 CVE-ID: CVE-2013-7353 CVE-Crit: HIGH CVE-DESC: Integer overflow in pngsetunknownchunks function in libpng / pngset.c in libpng before 1.5.14beta08 allows context-sensitive attackers to cause a denial of service segmentation error and crash via a crafted imag...

10CVSS9.6AI score0.06431EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 4:45 p.m.•36 views

Advisory ROSA-SA-2021-1842

Software: giflib 4.1.6 OS: Cobalt 7.9 CVE-ID: CVE-2015-7555 CVE-Crit: MEDIUM CVE-DESC: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service program crash via the created image and logical screen width fields in a GIF file. CVE-STATUS:...

7.1CVSS7.4AI score0.02227EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 4:35 p.m.•36 views

Advisory ROSA-SA-2021-1817

Software: cups-filters 1.0.35 OS: Cobalt 7.9 CVE-ID: CVE-2013-6473 CVE-Crit: MEDIUM CVE-DESC: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 through 1.0.47 allow remote attackers to execute arbitrary code across a large 1 page or 2 lines in a URF file...

8.3CVSS8.8AI score0.03429EPSS
Exploits3
Rosalinux
Rosalinux
•added 2025/01/27 8:27 a.m.•35 views

Advisory ROSA-SA-2025-2573

Software: qbittorrent 4.6.7 OS: ROSA-CHROME packageevrstring: qbittorrent-4.6.7-1 CVE-ID: CVE-2024-51774 BDU-ID: 2024-09433 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cross-platform BitTorrent client qBittorrent is related to improper SSL/TLS certificate authentication. Exploitation of the...

8.1CVSS6.7AI score0.03295EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/09/25 9:36 a.m.•35 views

Advisory ROSA-SA-2024-2477

software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...

9.3CVSS7.1AI score0.85944EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/05/07 7:39 a.m.•35 views

Advisory ROSA-SA-2024-2414

software: upx 4.2.1 OS: ROSA-CHROME packageevrstring: upx-4.2.1-1 CVE-ID: CVE-2023-23456 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack in the file ptmt.cpp. This thread allows an attacker to cause a denial of service interrupt using...

5.5CVSS7.6AI score0.0039EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/05/02 7:56 a.m.•35 views

Advisory ROSA-SA-2024-2410

Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...

5.5CVSS7.3AI score0.00236EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/23 12:16 p.m.•35 views

Advisory ROSA-SA-2024-2407

software: xz 5.2.9 AXIS: ROSA-CHROME packageevrstring: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extrac...

10CVSS9.6AI score0.85974EPSS
Exploits40
Rosalinux
Rosalinux
•added 2024/03/26 10:40 a.m.•35 views

Advisory ROSA-SA-2024-2378

software: pcre2 10.36 WASP: ROSA-CHROME packageevrstring: pcre2-10.36-4.src.rpm CVE-ID: CVE-2022-41409 BDU-ID: 2023-05302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2test command of the PCRE2 regular expression library is related to integer overflow. Exploitation of the vulnerability...

7.5CVSS6.8AI score0.00962EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/03/07 10:1 a.m.•35 views

Advisory ROSA-SA-2023-2129

Software: libksba 1.3.0 OS: rosa-server79 packageevrstring: libksba-1.3.0 CVE-ID: CVE-2022-47629 BDU-ID: 2022-07478 CVE-Crit: HIGH CVE-DESC: A vulnerability in the X.509 LibKSBA certificate function-providing library is related to an integer overflow in the CRL parser. Exploitation of the...

9.8CVSS9.8AI score0.0155EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 6:21 p.m.•35 views

Advisory ROSA-SA-2021-2000

Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...

8.8CVSS9.1AI score0.04157EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:15 p.m.•35 views

Advisory ROSA-SA-2021-1985

Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...

9.8CVSS7.2AI score0.05342EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:12 p.m.•35 views

Advisory ROSA-SA-2021-1980

Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...

7.8CVSS6.5AI score0.01066EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 6:7 p.m.•35 views

Advisory ROSA-SA-2021-1967

Software: samba 4.10.16 OS: Cobalt 7.9 CVE-ID: CVE-2020-10745 CVE-Crit: HIGH CVE-DESC: In all versions of Samba prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4, a flaw has been discovered in the way NetBios is handled over TCP / IP. This flaw allows a remote attacker to cause excessive CP...

10CVSS7.8AI score0.99512EPSS
Exploits75
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•35 views

Advisory ROSA-SA-2021-1964

Software: rsync 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-15994 CVE-Crit: CRITICAL CVE-DESC: rsync 3.1.3-development before 10/24-2017 incorrectly handles outdated checksums, making it easy for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch is widely used...

9.8CVSS8.2AI score0.06337EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:36 p.m.•35 views

Advisory ROSA-SA-2021-1936

Software: opensc 0.19.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-15945 CVE-Crit: MEDIUM CVE-DESC: OpenSC before 0.20.0-rc1 has out-of-bounds access to ASN.1 bit string in decodebitstring in libopensc / asn1.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15946 CVE-Crit: MEDIUM CVE-DESC: OpenSC...

7.5CVSS7.5AI score0.02198EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 5:32 p.m.•35 views

Advisory ROSA-SA-2021-1926

Software: nasm 2.10.07 OS: Cobalt 7.9 CVE-ID: CVE-2018-1000667 CVE-Crit: MEDIUM CVE-DESC: NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains nasm memory corruption crash while processing a created file due to assemblyfile inname, independentptr function at asm / nasm.c: 482...

7.8CVSS7.1AI score0.05166EPSS
Exploits9
Total number of security vulnerabilities1374