1374 matches found
Advisory ROSA-SA-2024-2410
Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...
Advisory ROSA-SA-2024-2407
software: xz 5.2.9 AXIS: ROSA-CHROME packageevrstring: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extrac...
Advisory ROSA-SA-2024-2388
Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-0666 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Due to a failure in length validation provided by an attacker-created RTPS packet, Wireshark is vulnerable by default to a heap buffer overflow an...
Advisory ROSA-SA-2024-2378
software: pcre2 10.36 WASP: ROSA-CHROME packageevrstring: pcre2-10.36-4.src.rpm CVE-ID: CVE-2022-41409 BDU-ID: 2023-05302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2test command of the PCRE2 regular expression library is related to integer overflow. Exploitation of the vulnerability...
Advisory ROSA-SA-2023-2304
software: netty 4.1.13 WASP: ROSA-CHROME packageevrstring: netty-4.1.13-13.src.rpm CVE-ID: CVE-2023-34462 BDU-ID: 2023-05355 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SniHandler component of the Netty networking software tool is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2023-2264
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-4.src.rpm CVE-ID: CVE-2022-2868 BDU-ID: 2023-00296 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to...
Advisory ROSA-SA-2023-2194
Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-4.rv3.src.rpm CVE-ID: CVE-2021-46848 BDU-ID: 2022-06694 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1encodesimpleder function of the Libtasn1 library is related to a single offset error. Exploitation of th...
Advisory ROSA-SA-2023-2129
Software: libksba 1.3.0 OS: rosa-server79 packageevrstring: libksba-1.3.0 CVE-ID: CVE-2022-47629 BDU-ID: 2022-07478 CVE-Crit: HIGH CVE-DESC: A vulnerability in the X.509 LibKSBA certificate function-providing library is related to an integer overflow in the CRL parser. Exploitation of the...
Advisory ROSA-SA-2022-2056
Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2022-2078 BDU-ID: 2022-04090 CVE-Crit: Not Relevant CVE-DESC: A vulnerability in the nftsetdescconcatparse function of the Linux operating systems kernel is related to buffer copying without checki...
Advisory ROSA-SA-2021-2000
Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1985
Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...
Advisory ROSA-SA-2021-1980
Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...
Advisory ROSA-SA-2021-1971
Software: snort 2.9.16 OS: Cobalt 7.9 CVE-ID: CVE-2021-1223 CVE-Crit: HIGH CVE-DESC: Several Cisco products are affected by a vulnerability in the Snort discovery engine that could allow an unauthenticated remote attacker to bypass the configured file policy for HTTP. The vulnerability is related...
Advisory ROSA-SA-2021-1967
Software: samba 4.10.16 OS: Cobalt 7.9 CVE-ID: CVE-2020-10745 CVE-Crit: HIGH CVE-DESC: In all versions of Samba prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4, a flaw has been discovered in the way NetBios is handled over TCP / IP. This flaw allows a remote attacker to cause excessive CP...
Advisory ROSA-SA-2021-1964
Software: rsync 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-15994 CVE-Crit: CRITICAL CVE-DESC: rsync 3.1.3-development before 10/24-2017 incorrectly handles outdated checksums, making it easy for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch is widely used...
Advisory ROSA-SA-2021-1954
Software: postfix 2.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-10140 CVE-Crit: HIGH CVE-DESC: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 may allow local users to gain privileges using undocumented features in Berkeley DB 2. x and later related to reading...
Advisory ROSA-SA-2021-1936
Software: opensc 0.19.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-15945 CVE-Crit: MEDIUM CVE-DESC: OpenSC before 0.20.0-rc1 has out-of-bounds access to ASN.1 bit string in decodebitstring in libopensc / asn1.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15946 CVE-Crit: MEDIUM CVE-DESC: OpenSC...
Advisory ROSA-SA-2021-1935
Software: openldap 2.4.44 OS: Cobalt 7.9 CVE-ID: CVE-2017-14159 CVE-Crit: MEDIUM CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account t...
Advisory ROSA-SA-2021-1926
Software: nasm 2.10.07 OS: Cobalt 7.9 CVE-ID: CVE-2018-1000667 CVE-Crit: MEDIUM CVE-DESC: NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains nasm memory corruption crash while processing a created file due to assemblyfile inname, independentptr function at asm / nasm.c: 482...
Advisory ROSA-SA-2021-1843
Software: git 1.8.3.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-7545 CVE-Crit: CRITICAL CVE-DESC: 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict allowed protocols, which could all...
Advisory ROSA-SA-2021-1839
Software: gdb 7.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-1010180 CVE-Crit: HIGH CVE-DESC: GNU gdb All versions are affected by: Buffer overflow - accessing a limited amount of memory. Consequences are: denial of service, memory disclosure, and possible code execution. Component: The gdb core module...
Advisory ROSA-SA-2021-1813
Software: clamav 0.102.4 OS: Cobalt 7.9 CVE-ID: CVE-2021-1386 CVE-Crit: HIGH CVE-DESC: A vulnerability in the Dynamic Link Library DLL loading mechanism in Cisco Advanced Malware Protection AMP for Windows Connector endpoints, ClamAV for Windows, and Immunet could allow an authenticated local...
Advisory ROSA-SA-2025-3069
Software: freeglut 3.0.0 OS: ROSA Virtualization 3.0 unaffected versions = freeglut-3.0.0.0-9.rv30 affected versions freeglut-3.0.0.0-9.rv30 CVE-ID: CVE-2024-24258 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GlutAddSubMenu function of the MuPDF PDF viewer is related to a memory leak...
Advisory ROSA-SA-2024-2386
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3-12.0.1.rv3.3.x8664.rpm CVE-ID: CVE-2020-10745 BDU-ID: 2021-01741 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Samba networking software package is associated with uncontrolled resource consumption. Exploitation ...
Advisory ROSA-SA-2023-2282
Software: dmidecode 3.5 WASP: ROSA-CHROME packageevrstring: dmidecode-3.5-2.src.rpm CVE-ID: CVE-2023-30630 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dmidecode before version 3.5 allows -dump-bin to overwrite the local file. This has security implications because, for example, it is quite possible to...
Advisory ROSA-SA-2023-2177
Software: libcacard 2.5.2 OS: ROSA-CHROME packageevrstring: libcacard-2.5.2-6.src.rpm CVE-ID: CVE-2017-6414 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory leak in the vcardapdunew function in the card7816.c file in libcacard before version 2.5.3 allows local guest OS users to cause a denial of...
Advisory ROSA-SA-2023-2150
Software: libtar 1.2.20 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.20 CVE-ID: CVE-2021-33643 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc0 for the gnulonglink variable, resulti...
Advisory ROSA-SA-2023-2149
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 packageevrstring: 3.26.0 CVE-ID: CVE-2019-19645 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Alter.c in SQLite before 3.30.1 allows attackers to trigger infinite recursion using certain types of self-referential views in conjunction with ALTER TABLE...
Advisory ROSA-SA-2023-2085
Software: xrdp 0.9.21 OS: rosa-server79 packageevrstring: xrdp-0.9.21 CVE-ID: CVE-2022-23477 BDU-ID: 2022-07224 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerabili...
Advisory ROSA-SA-2021-1977
Software: sssd 1.16.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-16883 CVE-Crit: MEDIUM CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the "alloweduids" configuration parameter. If sensitive information was stored in a user's directory, it...
Advisory ROSA-SA-2021-1937
Software: openslp 2.0.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-4912 CVE-Crit: HIGH CVE-DESC: The xrealloc function in xlspxmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service dereferencing a null pointer and crashing through a large number of created packets, causing a memory...
Advisory ROSA-SA-2021-1932
Software: ntp 4.2.6p5 OS: Cobalt 7.9 CVE-ID: CVE-2015-5146 CVE-Crit: MEDIUM CVE-DESC: ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer trusted to perform remote configuration to cau...
Advisory ROSA-SA-2021-1849
Software: grub2 2.02 OS: Cobalt 7.9 CVE-ID: CVE-2020-15706 CVE-Crit: MEDIUM CVE-DESC: GRUB2 contains a race condition in grubscriptfunctioncreate leading to a post-release exploitation vulnerability that can be triggered by overriding a function when the same function is already executing, leadin...
Advisory ROSA-SA-2021-1846
Software: gnome-shell 3.28.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-17489 CVE-Crit: MEDIUM CVE-DESC: A problem was found in some GNOME gnome-shell configurations through 3.36.4. When logging out of an account, the password field in the login dialog box reappears, but the password is still displayed. If...
Advisory ROSA-SA-2025-2898
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...
Advisory ROSA-SA-2025-2660
Software: tcpdump 4.99.4 OS: ROSA-CHROME packageevrstring: tcpdump-4.99.4-2 CVE-ID: CVE-2018-16301 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in tcpdump: buffer overflow on processing command line arguments. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerabilit...
Advisory ROSA-SA-2025-2585
software: xorgxrdp 0.10.2 OS: ROSA-CHROME packageevrstring: xorgxrdp-0.10.2-1 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts...
Advisory ROSA-SA-2025-2584
software: xrdp 0.10.1 OS: ROSA-CHROME packageevrstring: xrdp-0.10.1-2 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts governed ...
Advisory ROSA-SA-2024-2497
Software: python-urllib3 1.24.2 OS: ROSA Virtualization 2.1 packageevrstring: python-urllib3-1.24.2-8.rv3 CVE-ID: CVE-2020-26137 BDU-ID: 2021-05230 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the urllib3 module method of the Python programming language interpreter is related to insufficient...
Advisory ROSA-SA-2024-2460
software: gnuplot 5.4.10 OS: ROSA-CHROME packageevrstring: gnuplot-5.4.10-1 CVE-ID: CVE-2020-25412 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: comline in command.c in gnuplot causes writes outside the memory buffer from strncpy, which may lead to arbitrary code execution. CVE-STATUS: Fixed CVE-REV...
Advisory ROSA-SA-2024-2453
Software: e2fsprogs 1.46.6 WASP: ROSA-CHROME packageevrstring: e2fsprogs-1.46.6-1 CVE-ID: CVE-2022-1304 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read/write vulnerability outside the allocated area has been detected in e2fsprogs. This issue leads to a segmentation error and possible execution of...
Advisory ROSA-SA-2024-2435
software: vim 9.0.2130 WASP: ROSA-CHROME packageevrstring: vim-9.0.2130-1 CVE-ID: CVE-2023-46246 BDU-ID: 2023-07250 CVE-Crit: LOW CVE-DESC.: A vulnerability in the gagrowinner function of the vim text editor, protocol for software Unix is caused by an integer overflow. Exploitation of the...
Advisory ROSA-SA-2024-2346
Software: gstreamer1-plugins-bad-free 1.10.4 OS: rosa-server79 packageevrstring: gstreamer1-plugins-bad-free-1.10.4-4.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...
Advisory ROSA-SA-2023-2281
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-51.0.1.rv3.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability cou...
Advisory ROSA-SA-2023-2256
Software: libmysofa 1.3.1 OS: ROSA-CHROME packageevrstring: libmysofa-1.3.1-1.src.rpm CVE-ID: CVE-2020-36148 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Improper handling of input to theverifyAttribute function in the libmysofa 0.5-1.1 library will result in dereferencing a null pointer and a...
Advisory ROSA-SA-2023-2247
software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-23169 BDU-ID: 2021-04603 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the copyIntoFrameBuffer function of the OpenEXR wide dynamic range luminance image storage software is related to writing beyo...
Advisory ROSA-SA-2023-2165
Software: nss 3.53.1 OS: rosa-server79 packageevrstring: 3.53.1-7.res7 CVE-ID: CVE-2023-0767 BDU-ID: 2023-01270 CVE-Crit: HIGH CVE-DESC: A vulnerability in Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird email client browsers is related to improper limiting of operations within the...
Advisory ROSA-SA-2021-1994
Software: vorbis-tools 1.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9638 CVE-Crit: MEDIUM CVE-DESC: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service division-by-zero error and crash via a WAV file with the number of channels set to zero. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1831
Software: evolution-data-server 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-14928 CVE-Crit: MEDIUM CVE-DESC: From evolution-data-server eds to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a "start TLS" response, eds reads additional data and...
Advisory ROSA-SA-2024-2433
software: emacs 28.1 WASP: ROSA-CHROME packageevrstring: emacs-28.1-5 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir paramet...