Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2024/05/02 7:56 a.m.•35 views

Advisory ROSA-SA-2024-2410

Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...

5.5CVSS7.3AI score0.00236EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/04/23 12:16 p.m.•35 views

Advisory ROSA-SA-2024-2407

software: xz 5.2.9 AXIS: ROSA-CHROME packageevrstring: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extrac...

10CVSS9.6AI score0.85974EPSS
Exploits40
Rosalinux
Rosalinux
•added 2024/04/02 7:22 a.m.•35 views

Advisory ROSA-SA-2024-2388

Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-0666 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Due to a failure in length validation provided by an attacker-created RTPS packet, Wireshark is vulnerable by default to a heap buffer overflow an...

7.5CVSS8.2AI score0.0462EPSS
Exploits10
Rosalinux
Rosalinux
•added 2024/03/26 10:40 a.m.•35 views

Advisory ROSA-SA-2024-2378

software: pcre2 10.36 WASP: ROSA-CHROME packageevrstring: pcre2-10.36-4.src.rpm CVE-ID: CVE-2022-41409 BDU-ID: 2023-05302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2test command of the PCRE2 regular expression library is related to integer overflow. Exploitation of the vulnerability...

7.5CVSS6.8AI score0.00962EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/12/12 12:18 p.m.•35 views

Advisory ROSA-SA-2023-2304

software: netty 4.1.13 WASP: ROSA-CHROME packageevrstring: netty-4.1.13-13.src.rpm CVE-ID: CVE-2023-34462 BDU-ID: 2023-05355 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SniHandler component of the Netty networking software tool is associated with uncontrolled resource consumption...

6.5CVSS7AI score0.02459EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/10/22 5:35 a.m.•35 views

Advisory ROSA-SA-2023-2264

software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-4.src.rpm CVE-ID: CVE-2022-2868 BDU-ID: 2023-00296 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to...

8.8CVSS7AI score0.01237EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/07/18 11:28 a.m.•35 views

Advisory ROSA-SA-2023-2194

Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-4.rv3.src.rpm CVE-ID: CVE-2021-46848 BDU-ID: 2022-06694 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1encodesimpleder function of the Libtasn1 library is related to a single offset error. Exploitation of th...

9.1CVSS6.6AI score0.02062EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/03/07 10:1 a.m.•35 views

Advisory ROSA-SA-2023-2129

Software: libksba 1.3.0 OS: rosa-server79 packageevrstring: libksba-1.3.0 CVE-ID: CVE-2022-47629 BDU-ID: 2022-07478 CVE-Crit: HIGH CVE-DESC: A vulnerability in the X.509 LibKSBA certificate function-providing library is related to an integer overflow in the CRL parser. Exploitation of the...

9.8CVSS9.8AI score0.0155EPSS
Exploits2
Rosalinux
Rosalinux
•added 2022/12/06 10:20 a.m.•35 views

Advisory ROSA-SA-2022-2056

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2022-2078 BDU-ID: 2022-04090 CVE-Crit: Not Relevant CVE-DESC: A vulnerability in the nftsetdescconcatparse function of the Linux operating systems kernel is related to buffer copying without checki...

5.5CVSS7.2AI score0.01013EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:21 p.m.•35 views

Advisory ROSA-SA-2021-2000

Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...

8.8CVSS9.1AI score0.04157EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:15 p.m.•35 views

Advisory ROSA-SA-2021-1985

Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...

9.8CVSS7.2AI score0.05342EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:12 p.m.•35 views

Advisory ROSA-SA-2021-1980

Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...

7.8CVSS6.5AI score0.01066EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 6:8 p.m.•35 views

Advisory ROSA-SA-2021-1971

Software: snort 2.9.16 OS: Cobalt 7.9 CVE-ID: CVE-2021-1223 CVE-Crit: HIGH CVE-DESC: Several Cisco products are affected by a vulnerability in the Snort discovery engine that could allow an unauthenticated remote attacker to bypass the configured file policy for HTTP. The vulnerability is related...

7.5CVSS6.6AI score0.02005EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:7 p.m.•35 views

Advisory ROSA-SA-2021-1967

Software: samba 4.10.16 OS: Cobalt 7.9 CVE-ID: CVE-2020-10745 CVE-Crit: HIGH CVE-DESC: In all versions of Samba prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4, a flaw has been discovered in the way NetBios is handled over TCP / IP. This flaw allows a remote attacker to cause excessive CP...

10CVSS7.8AI score0.99512EPSS
Exploits75
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•35 views

Advisory ROSA-SA-2021-1964

Software: rsync 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-15994 CVE-Crit: CRITICAL CVE-DESC: rsync 3.1.3-development before 10/24-2017 incorrectly handles outdated checksums, making it easy for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch is widely used...

9.8CVSS8.2AI score0.06337EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:59 p.m.•35 views

Advisory ROSA-SA-2021-1954

Software: postfix 2.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-10140 CVE-Crit: HIGH CVE-DESC: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 may allow local users to gain privileges using undocumented features in Berkeley DB 2. x and later related to reading...

7.8CVSS7.7AI score0.00567EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:36 p.m.•35 views

Advisory ROSA-SA-2021-1936

Software: opensc 0.19.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-15945 CVE-Crit: MEDIUM CVE-DESC: OpenSC before 0.20.0-rc1 has out-of-bounds access to ASN.1 bit string in decodebitstring in libopensc / asn1.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15946 CVE-Crit: MEDIUM CVE-DESC: OpenSC...

7.5CVSS7.5AI score0.02198EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 5:36 p.m.•35 views

Advisory ROSA-SA-2021-1935

Software: openldap 2.4.44 OS: Cobalt 7.9 CVE-ID: CVE-2017-14159 CVE-Crit: MEDIUM CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account t...

7.5CVSS8.1AI score0.84224EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 5:32 p.m.•35 views

Advisory ROSA-SA-2021-1926

Software: nasm 2.10.07 OS: Cobalt 7.9 CVE-ID: CVE-2018-1000667 CVE-Crit: MEDIUM CVE-DESC: NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains nasm memory corruption crash while processing a created file due to assemblyfile inname, independentptr function at asm / nasm.c: 482...

7.8CVSS7.1AI score0.05166EPSS
Exploits9
Rosalinux
Rosalinux
•added 2021/07/02 4:45 p.m.•35 views

Advisory ROSA-SA-2021-1843

Software: git 1.8.3.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-7545 CVE-Crit: CRITICAL CVE-DESC: 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict allowed protocols, which could all...

9.8CVSS8.1AI score0.88644EPSS
Exploits9
Rosalinux
Rosalinux
•added 2021/07/02 4:44 p.m.•35 views

Advisory ROSA-SA-2021-1839

Software: gdb 7.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-1010180 CVE-Crit: HIGH CVE-DESC: GNU gdb All versions are affected by: Buffer overflow - accessing a limited amount of memory. Consequences are: denial of service, memory disclosure, and possible code execution. Component: The gdb core module...

7.8CVSS7.8AI score0.02628EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:34 p.m.•35 views

Advisory ROSA-SA-2021-1813

Software: clamav 0.102.4 OS: Cobalt 7.9 CVE-ID: CVE-2021-1386 CVE-Crit: HIGH CVE-DESC: A vulnerability in the Dynamic Link Library DLL loading mechanism in Cisco Advanced Malware Protection AMP for Windows Connector endpoints, ClamAV for Windows, and Immunet could allow an authenticated local...

7.8CVSS7.8AI score0.03155EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/11/10 6:21 a.m.•34 views

Advisory ROSA-SA-2025-3069

Software: freeglut 3.0.0 OS: ROSA Virtualization 3.0 unaffected versions = freeglut-3.0.0.0-9.rv30 affected versions freeglut-3.0.0.0-9.rv30 CVE-ID: CVE-2024-24258 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GlutAddSubMenu function of the MuPDF PDF viewer is related to a memory leak...

7.5CVSS6.8AI score0.01147EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/04/02 7:1 a.m.•34 views

Advisory ROSA-SA-2024-2386

Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3-12.0.1.rv3.3.x8664.rpm CVE-ID: CVE-2020-10745 BDU-ID: 2021-01741 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Samba networking software package is associated with uncontrolled resource consumption. Exploitation ...

7.8CVSS6.9AI score0.03874EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/24 2:17 p.m.•34 views

Advisory ROSA-SA-2023-2282

Software: dmidecode 3.5 WASP: ROSA-CHROME packageevrstring: dmidecode-3.5-2.src.rpm CVE-ID: CVE-2023-30630 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dmidecode before version 3.5 allows -dump-bin to overwrite the local file. This has security implications because, for example, it is quite possible to...

7.1CVSS7AI score0.00523EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/07/04 12:37 p.m.•34 views

Advisory ROSA-SA-2023-2177

Software: libcacard 2.5.2 OS: ROSA-CHROME packageevrstring: libcacard-2.5.2-6.src.rpm CVE-ID: CVE-2017-6414 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory leak in the vcardapdunew function in the card7816.c file in libcacard before version 2.5.3 allows local guest OS users to cause a denial of...

6.5CVSS6.5AI score0.00444EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/04/11 2:6 p.m.•34 views

Advisory ROSA-SA-2023-2150

Software: libtar 1.2.20 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.20 CVE-ID: CVE-2021-33643 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc0 for the gnulonglink variable, resulti...

9.1CVSS8.5AI score0.01438EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/04/11 1:56 p.m.•34 views

Advisory ROSA-SA-2023-2149

Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 packageevrstring: 3.26.0 CVE-ID: CVE-2019-19645 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Alter.c in SQLite before 3.30.1 allows attackers to trigger infinite recursion using certain types of self-referential views in conjunction with ALTER TABLE...

9.8CVSS8.2AI score0.17981EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/02/02 8:13 a.m.•34 views

Advisory ROSA-SA-2023-2085

Software: xrdp 0.9.21 OS: rosa-server79 packageevrstring: xrdp-0.9.21 CVE-ID: CVE-2022-23477 BDU-ID: 2022-07224 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerabili...

9.8CVSS9.3AI score0.00847EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:10 p.m.•34 views

Advisory ROSA-SA-2021-1977

Software: sssd 1.16.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-16883 CVE-Crit: MEDIUM CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the "alloweduids" configuration parameter. If sensitive information was stored in a user's directory, it...

5.5CVSS5.6AI score0.00696EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:36 p.m.•34 views

Advisory ROSA-SA-2021-1937

Software: openslp 2.0.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-4912 CVE-Crit: HIGH CVE-DESC: The xrealloc function in xlspxmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service dereferencing a null pointer and crashing through a large number of created packets, causing a memory...

9.8CVSS7.3AI score0.12463EPSS
Exploits5
Rosalinux
Rosalinux
•added 2021/07/02 5:35 p.m.•34 views

Advisory ROSA-SA-2021-1932

Software: ntp 4.2.6p5 OS: Cobalt 7.9 CVE-ID: CVE-2015-5146 CVE-Crit: MEDIUM CVE-DESC: ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer trusted to perform remote configuration to cau...

7.1CVSS7.3AI score0.08948EPSS
Exploits3
Rosalinux
Rosalinux
•added 2021/07/02 5:1 p.m.•34 views

Advisory ROSA-SA-2021-1849

Software: grub2 2.02 OS: Cobalt 7.9 CVE-ID: CVE-2020-15706 CVE-Crit: MEDIUM CVE-DESC: GRUB2 contains a race condition in grubscriptfunctioncreate leading to a post-release exploitation vulnerability that can be triggered by overriding a function when the same function is already executing, leadin...

8.2CVSS8.4AI score0.01738EPSS
Exploits1
Rosalinux
Rosalinux
•added 2021/07/02 4:56 p.m.•34 views

Advisory ROSA-SA-2021-1846

Software: gnome-shell 3.28.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-17489 CVE-Crit: MEDIUM CVE-DESC: A problem was found in some GNOME gnome-shell configurations through 3.36.4. When logging out of an account, the password field in the login dialog box reappears, but the password is still displayed. If...

4.3CVSS7.1AI score0.00553EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/06/23 7:23 a.m.•33 views

Advisory ROSA-SA-2025-2898

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...

10CVSS9.2AI score0.96275EPSS
Exploits15
Rosalinux
Rosalinux
•added 2025/01/28 7:33 p.m.•33 views

Advisory ROSA-SA-2025-2660

Software: tcpdump 4.99.4 OS: ROSA-CHROME packageevrstring: tcpdump-4.99.4-2 CVE-ID: CVE-2018-16301 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in tcpdump: buffer overflow on processing command line arguments. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerabilit...

7.8CVSS7.8AI score0.03071EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/27 10:49 a.m.•33 views

Advisory ROSA-SA-2025-2585

software: xorgxrdp 0.10.2 OS: ROSA-CHROME packageevrstring: xorgxrdp-0.10.2-1 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts...

9.8CVSS9.6AI score0.00607EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/27 10:49 a.m.•33 views

Advisory ROSA-SA-2025-2584

software: xrdp 0.10.1 OS: ROSA-CHROME packageevrstring: xrdp-0.10.1-2 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts governed ...

9.8CVSS9.6AI score0.00607EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 10:9 p.m.•33 views

Advisory ROSA-SA-2024-2497

Software: python-urllib3 1.24.2 OS: ROSA Virtualization 2.1 packageevrstring: python-urllib3-1.24.2-8.rv3 CVE-ID: CVE-2020-26137 BDU-ID: 2021-05230 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the urllib3 module method of the Python programming language interpreter is related to insufficient...

8.1CVSS5.5AI score0.02269EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/07/31 9:50 a.m.•33 views

Advisory ROSA-SA-2024-2460

software: gnuplot 5.4.10 OS: ROSA-CHROME packageevrstring: gnuplot-5.4.10-1 CVE-ID: CVE-2020-25412 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: comline in command.c in gnuplot causes writes outside the memory buffer from strncpy, which may lead to arbitrary code execution. CVE-STATUS: Fixed CVE-REV...

9.8CVSS7.5AI score0.02528EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/07/15 10:14 a.m.•33 views

Advisory ROSA-SA-2024-2453

Software: e2fsprogs 1.46.6 WASP: ROSA-CHROME packageevrstring: e2fsprogs-1.46.6-1 CVE-ID: CVE-2022-1304 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read/write vulnerability outside the allocated area has been detected in e2fsprogs. This issue leads to a segmentation error and possible execution of...

7.8CVSS7.5AI score0.01382EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/06/27 10:16 a.m.•33 views

Advisory ROSA-SA-2024-2435

software: vim 9.0.2130 WASP: ROSA-CHROME packageevrstring: vim-9.0.2130-1 CVE-ID: CVE-2023-46246 BDU-ID: 2023-07250 CVE-Crit: LOW CVE-DESC.: A vulnerability in the gagrowinner function of the vim text editor, protocol for software Unix is caused by an integer overflow. Exploitation of the...

5.5CVSS6.7AI score0.00366EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/02/20 8:36 a.m.•33 views

Advisory ROSA-SA-2024-2346

Software: gstreamer1-plugins-bad-free 1.10.4 OS: rosa-server79 packageevrstring: gstreamer1-plugins-bad-free-1.10.4-4.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...

8.8CVSS7AI score0.01744EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/24 2:9 p.m.•33 views

Advisory ROSA-SA-2023-2281

Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-51.0.1.rv3.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability cou...

7.2CVSS6.9AI score0.00579EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/21 4:3 p.m.•33 views

Advisory ROSA-SA-2023-2256

Software: libmysofa 1.3.1 OS: ROSA-CHROME packageevrstring: libmysofa-1.3.1-1.src.rpm CVE-ID: CVE-2020-36148 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Improper handling of input to theverifyAttribute function in the libmysofa 0.5-1.1 library will result in dereferencing a null pointer and a...

9.8CVSS8.2AI score0.02255EPSS
Exploits6
Rosalinux
Rosalinux
•added 2023/10/17 12:52 p.m.•33 views

Advisory ROSA-SA-2023-2247

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-23169 BDU-ID: 2021-04603 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the copyIntoFrameBuffer function of the OpenEXR wide dynamic range luminance image storage software is related to writing beyo...

8.8CVSS6.3AI score0.02291EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/05/28 9:4 a.m.•33 views

Advisory ROSA-SA-2023-2165

Software: nss 3.53.1 OS: rosa-server79 packageevrstring: 3.53.1-7.res7 CVE-ID: CVE-2023-0767 BDU-ID: 2023-01270 CVE-Crit: HIGH CVE-DESC: A vulnerability in Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird email client browsers is related to improper limiting of operations within the...

8.8CVSS9AI score0.00817EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:19 p.m.•33 views

Advisory ROSA-SA-2021-1994

Software: vorbis-tools 1.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9638 CVE-Crit: MEDIUM CVE-DESC: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service division-by-zero error and crash via a WAV file with the number of channels set to zero. CVE-STATUS: default CVE-REV:...

5.5CVSS5.6AI score0.03793EPSS
Exploits6
Rosalinux
Rosalinux
•added 2021/07/02 4:39 p.m.•33 views

Advisory ROSA-SA-2021-1831

Software: evolution-data-server 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-14928 CVE-Crit: MEDIUM CVE-DESC: From evolution-data-server eds to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a "start TLS" response, eds reads additional data and...

5.9CVSS6.8AI score0.02808EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/06/17 9:5 a.m.•32 views

Advisory ROSA-SA-2024-2433

software: emacs 28.1 WASP: ROSA-CHROME packageevrstring: emacs-28.1-5 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir paramet...

9.8CVSS7.9AI score0.01639EPSS
Exploits0
Total number of security vulnerabilities1374