1374 matches found
Advisory ROSA-SA-2024-2417
Software: faad2 2.8.8 OS: ROSA Virtualization 2.1 packageevrstring: faad2-2.8.8-6.0.1.rv3 CVE-ID: CVE-2021-32272 BDU-ID: 2022-01810 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the stszin function of the mp4read.c component of the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related t...
Advisory ROSA-SA-2024-2406
software: gcc 11.4.0 OS: ROSA-CHROME packageevrstring: gcc-11.4.0-10 CVE-ID: CVE-2023-4039 BDU-ID: 2023-05920 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the stack protection feature of the GNU Compiler Collection GCC stack for various programming languages involves a breach of the data...
Advisory ROSA-SA-2024-2341
Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-148.0.1.rv3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding...
Advisory ROSA-SA-2023-2306
Software: hivex 1.3.18 OS: ROSA Virtualization 2.1 packageevrstring: hivex-1.3.18-23.rv3.src.rpm CVE-ID: CVE-2021-3622 BDU-ID: 2021-04419 CVE-Crit: LOW CVE-DESC.: A vulnerability in the getchildren function of the getchildren library for retrieving the contents of Windows hivex registry branches ...
Advisory ROSA-SA-2023-2305
software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...
Advisory ROSA-SA-2023-2260
software: upx 4.0.2 OS: ROSA-CHROME packageevrstring: upx-4.0.2-1.src.rpm CVE-ID: CVE-2019-20805 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: plxelf.cpp in UPX before version 3.96 has an integer overflow during unpacking via created values in the PTDYNAMIC segment. CVE-STATUS: Fixed CVE-REV: To close...
Advisory ROSA-SA-2023-2255
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-32088 BDU-ID: 2022-04064 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Exectimetracker::getloops/Filesorttracker::reportuse/filesort function of the MariaDB database management system is...
Advisory ROSA-SA-2023-2240
software: pcs 0.10.7 WASP: ROSA-CHROME packageevrstring: pcs-0.10.7-3.src.rpm CVE-ID: CVE-2022-2735 BDU-ID: 2022-05554 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the corosync/pacemaker PCS configuration utility is related to flaws in the authentication procedure. Exploitation of the vulnerabili...
Advisory ROSA-SA-2023-2235
Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5-1.src.rpm CVE-ID: CVE-2023-22742 BDU-ID: 2023-00574 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libssh2 library of the C Libgit2 implementation of Git methods is related to cryptographic signature verification errors...
Advisory ROSA-SA-2023-2218
software: multipath-tools 0.8.9 WASP: ROSA-CHROME packageevrstring: multipath-tools-0.8.9-3.src.rpm CVE-ID: CVE-2022-41973 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: multipath-tools 0.7.7 to 0.9.x to 0.9.2 allows local users to gain root access as used in conjunction with CVE-2022-41974. Local users...
Advisory ROSA-SA-2023-2202
Software: python 3.6.8 OS: rosa-server79 packageevrstring: python-3.6.8-19.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...
Advisory ROSA-SA-2023-2112
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87 CVE-ID: CVE-2022-28733 BDU-ID: 2022-03372 CVE-Crit: HIGH CVE-DESC: A vulnerability in the grubnetrecvip4packets function of the Grub operating systems bootloader program is related to integer overflow. Exploitation of the...
Advisory ROSA-SA-2021-1960
Software: quagga 0.99.22.4 OS: Cobalt 7.9 CVE-ID: CVE-2016-1245 CVE-Crit: CRITICAL CVE-DESC: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffers from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The main reason was that the BUFSIZ was...
Advisory ROSA-SA-2021-1907
Software: libzip 0.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-2331 CVE-Crit: HIGH CVE-DESC: An integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6. 7 and other products,...
Advisory ROSA-SA-2021-1841
Software: ghostscript 9.25 OS: Cobalt 7.9 CVE-ID: CVE-2018-19478 CVE-Crit: MEDIUM CVE-DESC: In Artifex Ghostscript before 9.26, a carefully crafted PDF file can run extremely long calculations when parsing the file. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-14373 CVE-Crit: MEDIUM...
Advisory ROSA-SA-2025-2629
software: jackson-databind 2.9.9.3 OS: ROSA-CHROME packageevrstring: jackson-databind-2.9.9.9.3 CVE-ID: CVE-2019-14540 BDU-ID: 2019-04085 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FasterXML com.zaxxer.hikari.HikariConfig function of the Java library for grammar parsing JSON files...
Advisory ROSA-SA-2025-2581
software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-4 CVE-ID: CVE-2024-1454 BDU-ID: 2024-03243 CVE-Crit: LOW CVE-DESC.: A vulnerability in the AuthentIC driver of the OpenSC smart card software toolkit and libraries is related to memory usage after it has been freed...
Advisory ROSA-SA-2024-2486
Software: postgresql15 15.7 OS: rosa-server79 packageevrstring: postgresql15-15.7-1PGDG.res7 CVE-ID: CVE-2023-39418 BDU-ID: 2023-04768 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to access delimitation flaws. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2442
software: usbredir 0.8.0 OS: ROSA-CHROME packageevrstring: usbredir-0.8.0-4 CVE-ID: CVE-2021-3700 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A post-release exploit vulnerability was discovered in usbredir in usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs when...
Advisory ROSA-SA-2024-2394
Software: spice 0.14.3 OS: ROSA Virtualization 2.1 packageevrstring: spice-0.14.3-4.rv3 CVE-ID: CVE-2021-20201 BDU-ID: 2022-05884 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SPICE remote virtual desktop rendering system is associated with significantly less resource consumption at the clie...
Advisory ROSA-SA-2024-2381
Software: rsyslog 8.1911.0 OS: ROSA Virtualization 2.1 packageevrstring: rsyslog-8.1911.0-6.0.1.rv3 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing beyond buffer boundaries ...
Advisory ROSA-SA-2024-2357
software: libvpx 1.10.0 OS: ROSA-CHROME packageevrstring: libvpx-1.10.0-4.src.rpm CVE-ID: CVE-2023-40474 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The MXF file demultiplexer in GStreamer plugins has encountered a heap buffer overflow bug when processing distorted uncompressed video files. This iss...
Advisory ROSA-SA-2023-2301
Software: gzip 1.9 OS: ROSA Virtualization 2.1 packageevrstring: gzip-1.9-13.rv3.src.rpm CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2023-2286
Software: dhcp 4.3.6 OS: ROSA Virtualization 2.1 packageevrstring: dhcp-4.3.6-49.0.1.rv3.src.rpm CVE-ID: CVE-2022-2929 BDU-ID: None CVE-Crit: N/A CVE-DESC.: In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, a system with access to a DHCP server that sends DHCP packets created to...
Advisory ROSA-SA-2023-2273
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-1.src.rpm CVE-ID: CVE-2021-46784 BDU-ID: 2022-04051 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server's implementation of the Gopher network protocol is associated with the use of assert or a similar operator...
Advisory ROSA-SA-2023-2251
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-2813 BDU-ID: 2019-03456 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Server: DDL component of the MySQL Server database management system is related to a lack of service data protection...
Advisory ROSA-SA-2023-2242
Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-2.rv3.src.rpm CVE-ID: CVE-2023-20900 BDU-ID: 2023-05064 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to the ability to bypass the SAML token signature...
Advisory ROSA-SA-2023-2232
Software: firefox 102.14.0 OS: rosa-server79 packageevrstring: firefox-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text directio...
Advisory ROSA-SA-2023-2227
software: buildah 1.30.0 AXIS: ROSA-CHROME packageevrstring: buildah-1.30.0-2.src.rpm CVE-ID: CVE-2022-27651 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There was a bug in the build that caused containers to incorrectly start with non-empty default permissions. A bug was discovered in Moby Docker...
Advisory ROSA-SA-2021-1991
Software: unzip 6.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9913 CVE-Crit: MEDIUM CVE-DESC: Buffer overflow in listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service failure using vectors associated with the compression method. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1984
Software: tar 1.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-12015. CVE-Crit: HIGH CVE-DESC: In Perl before 5.26.2, the Archive :: Tar module allows remote attackers to bypass the directory traversal protection mechanism and overwrite arbitrary files via an archive file containing a symbolic link and a...
Advisory ROSA-SA-2021-1948
Software: pcsc-lite 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2016-10109 CVE-Crit: HIGH CVE-DESC: Post-release exploitation vulnerability in pcsc-lite before 1.8.20 allows remote attackers to cause a denial of service failure with a command that uses "cardList" after the descriptor has been released using...
Advisory ROSA-SA-2021-1899
Software: libvirt 4.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-25637 CVE-Crit: MEDIUM CVE-DESC: A double free memory issue has been detected in libvirt APIs in versions prior to 6.8.0 responsible for querying information about network interfaces of a running QEMU domain. This flaw affects the polkit...
Advisory ROSA-SA-2021-1884
Software: libpng 1.5.13 OS: Cobalt 7.9 CVE-ID: CVE-2013-7353 CVE-Crit: HIGH CVE-DESC: Integer overflow in pngsetunknownchunks function in libpng / pngset.c in libpng before 1.5.14beta08 allows context-sensitive attackers to cause a denial of service segmentation error and crash via a crafted imag...
Advisory ROSA-SA-2021-1842
Software: giflib 4.1.6 OS: Cobalt 7.9 CVE-ID: CVE-2015-7555 CVE-Crit: MEDIUM CVE-DESC: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service program crash via the created image and logical screen width fields in a GIF file. CVE-STATUS:...
Advisory ROSA-SA-2021-1817
Software: cups-filters 1.0.35 OS: Cobalt 7.9 CVE-ID: CVE-2013-6473 CVE-Crit: MEDIUM CVE-DESC: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 through 1.0.47 allow remote attackers to execute arbitrary code across a large 1 page or 2 lines in a URF file...
Advisory ROSA-SA-2025-2573
Software: qbittorrent 4.6.7 OS: ROSA-CHROME packageevrstring: qbittorrent-4.6.7-1 CVE-ID: CVE-2024-51774 BDU-ID: 2024-09433 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cross-platform BitTorrent client qBittorrent is related to improper SSL/TLS certificate authentication. Exploitation of the...
Advisory ROSA-SA-2024-2477
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...
Advisory ROSA-SA-2024-2414
software: upx 4.2.1 OS: ROSA-CHROME packageevrstring: upx-4.2.1-1 CVE-ID: CVE-2023-23456 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack in the file ptmt.cpp. This thread allows an attacker to cause a denial of service interrupt using...
Advisory ROSA-SA-2024-2410
Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...
Advisory ROSA-SA-2024-2407
software: xz 5.2.9 AXIS: ROSA-CHROME packageevrstring: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extrac...
Advisory ROSA-SA-2024-2378
software: pcre2 10.36 WASP: ROSA-CHROME packageevrstring: pcre2-10.36-4.src.rpm CVE-ID: CVE-2022-41409 BDU-ID: 2023-05302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2test command of the PCRE2 regular expression library is related to integer overflow. Exploitation of the vulnerability...
Advisory ROSA-SA-2023-2129
Software: libksba 1.3.0 OS: rosa-server79 packageevrstring: libksba-1.3.0 CVE-ID: CVE-2022-47629 BDU-ID: 2022-07478 CVE-Crit: HIGH CVE-DESC: A vulnerability in the X.509 LibKSBA certificate function-providing library is related to an integer overflow in the CRL parser. Exploitation of the...
Advisory ROSA-SA-2021-2000
Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1985
Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...
Advisory ROSA-SA-2021-1980
Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...
Advisory ROSA-SA-2021-1967
Software: samba 4.10.16 OS: Cobalt 7.9 CVE-ID: CVE-2020-10745 CVE-Crit: HIGH CVE-DESC: In all versions of Samba prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4, a flaw has been discovered in the way NetBios is handled over TCP / IP. This flaw allows a remote attacker to cause excessive CP...
Advisory ROSA-SA-2021-1964
Software: rsync 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-15994 CVE-Crit: CRITICAL CVE-DESC: rsync 3.1.3-development before 10/24-2017 incorrectly handles outdated checksums, making it easy for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch is widely used...
Advisory ROSA-SA-2021-1936
Software: opensc 0.19.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-15945 CVE-Crit: MEDIUM CVE-DESC: OpenSC before 0.20.0-rc1 has out-of-bounds access to ASN.1 bit string in decodebitstring in libopensc / asn1.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15946 CVE-Crit: MEDIUM CVE-DESC: OpenSC...
Advisory ROSA-SA-2021-1926
Software: nasm 2.10.07 OS: Cobalt 7.9 CVE-ID: CVE-2018-1000667 CVE-Crit: MEDIUM CVE-DESC: NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains nasm memory corruption crash while processing a created file due to assemblyfile inname, independentptr function at asm / nasm.c: 482...