1374 matches found
Advisory ROSA-SA-2024-2468
software: patch 2.7.6 OS: ROSA-CHROME packageevrstring: patch-2.7.6-5 CVE-ID: CVE-2018-6951 BDU-ID: 2023-01652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the intuitdifftype function of the pch.c component of the Patch edit transfer program is related to pointer dereferencing errors. Exploitatio...
Advisory ROSA-SA-2024-2437
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1 CVE-ID: CVE-2022-29458 BDU-ID: 2023-00296 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the convertstrings function of the convertstrings component of the tinfo/readentry.c component of the Ncurses terminal I/O...
Advisory ROSA-SA-2024-2415
software: hwloc 2.7.1 OS: ROSA-CHROME packageevrstring: hwloc-2.7.1-2 CVE-ID: CVE-2022-47022 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem discovered in open-mpi hwloc allows attackers to cause denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. CVE-STATUS:...
Advisory ROSA-SA-2024-2414
software: upx 4.2.1 OS: ROSA-CHROME packageevrstring: upx-4.2.1-1 CVE-ID: CVE-2023-23456 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack in the file ptmt.cpp. This thread allows an attacker to cause a denial of service interrupt using...
Advisory ROSA-SA-2024-2388
Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-0666 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Due to a failure in length validation provided by an attacker-created RTPS packet, Wireshark is vulnerable by default to a heap buffer overflow an...
Advisory ROSA-SA-2024-2386
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3-12.0.1.rv3.3.x8664.rpm CVE-ID: CVE-2020-10745 BDU-ID: 2021-01741 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Samba networking software package is associated with uncontrolled resource consumption. Exploitation ...
Advisory ROSA-SA-2023-2304
software: netty 4.1.13 WASP: ROSA-CHROME packageevrstring: netty-4.1.13-13.src.rpm CVE-ID: CVE-2023-34462 BDU-ID: 2023-05355 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SniHandler component of the Netty networking software tool is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2023-2264
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-4.src.rpm CVE-ID: CVE-2022-2868 BDU-ID: 2023-00296 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to...
Advisory ROSA-SA-2023-2194
Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-4.rv3.src.rpm CVE-ID: CVE-2021-46848 BDU-ID: 2022-06694 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1encodesimpleder function of the Libtasn1 library is related to a single offset error. Exploitation of th...
Advisory ROSA-SA-2022-2056
Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2022-2078 BDU-ID: 2022-04090 CVE-Crit: Not Relevant CVE-DESC: A vulnerability in the nftsetdescconcatparse function of the Linux operating systems kernel is related to buffer copying without checki...
Advisory ROSA-SA-2021-1971
Software: snort 2.9.16 OS: Cobalt 7.9 CVE-ID: CVE-2021-1223 CVE-Crit: HIGH CVE-DESC: Several Cisco products are affected by a vulnerability in the Snort discovery engine that could allow an unauthenticated remote attacker to bypass the configured file policy for HTTP. The vulnerability is related...
Advisory ROSA-SA-2021-1935
Software: openldap 2.4.44 OS: Cobalt 7.9 CVE-ID: CVE-2017-14159 CVE-Crit: MEDIUM CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account t...
Advisory ROSA-SA-2021-1926
Software: nasm 2.10.07 OS: Cobalt 7.9 CVE-ID: CVE-2018-1000667 CVE-Crit: MEDIUM CVE-DESC: NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains nasm memory corruption crash while processing a created file due to assemblyfile inname, independentptr function at asm / nasm.c: 482...
Advisory ROSA-SA-2021-1846
Software: gnome-shell 3.28.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-17489 CVE-Crit: MEDIUM CVE-DESC: A problem was found in some GNOME gnome-shell configurations through 3.36.4. When logging out of an account, the password field in the login dialog box reappears, but the password is still displayed. If...
Advisory ROSA-SA-2021-1843
Software: git 1.8.3.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-7545 CVE-Crit: CRITICAL CVE-DESC: 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict allowed protocols, which could all...
Advisory ROSA-SA-2021-1839
Software: gdb 7.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-1010180 CVE-Crit: HIGH CVE-DESC: GNU gdb All versions are affected by: Buffer overflow - accessing a limited amount of memory. Consequences are: denial of service, memory disclosure, and possible code execution. Component: The gdb core module...
Advisory ROSA-SA-2021-1813
Software: clamav 0.102.4 OS: Cobalt 7.9 CVE-ID: CVE-2021-1386 CVE-Crit: HIGH CVE-DESC: A vulnerability in the Dynamic Link Library DLL loading mechanism in Cisco Advanced Malware Protection AMP for Windows Connector endpoints, ClamAV for Windows, and Immunet could allow an authenticated local...
Advisory ROSA-SA-2025-2625
software: postgresql 12.17 WASP: ROSA-CHROME packageevrstring: postgresql-12.17-2 CVE-ID: CVE-2024-0985 BDU-ID: 2024-01121 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the REFRESH MATERIALIZED VIEW CONCURRENTLY function of the PostgreSQL database management system involves privilege management...
Advisory ROSA-SA-2025-2584
software: xrdp 0.10.1 OS: ROSA-CHROME packageevrstring: xrdp-0.10.1-2 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts governed ...
Advisory ROSA-SA-2024-2497
Software: python-urllib3 1.24.2 OS: ROSA Virtualization 2.1 packageevrstring: python-urllib3-1.24.2-8.rv3 CVE-ID: CVE-2020-26137 BDU-ID: 2021-05230 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the urllib3 module method of the Python programming language interpreter is related to insufficient...
Advisory ROSA-SA-2024-2460
software: gnuplot 5.4.10 OS: ROSA-CHROME packageevrstring: gnuplot-5.4.10-1 CVE-ID: CVE-2020-25412 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: comline in command.c in gnuplot causes writes outside the memory buffer from strncpy, which may lead to arbitrary code execution. CVE-STATUS: Fixed CVE-REV...
Advisory ROSA-SA-2024-2454
software: dom4j 2.0.3 AXIS: ROSA-CHROME packageevrstring: dom4j-2.0.3-1 CVE-ID: CVE-2018-1000632 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The dom4j version contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute, which could lead to an attacker forging XM...
Advisory ROSA-SA-2023-2282
Software: dmidecode 3.5 WASP: ROSA-CHROME packageevrstring: dmidecode-3.5-2.src.rpm CVE-ID: CVE-2023-30630 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dmidecode before version 3.5 allows -dump-bin to overwrite the local file. This has security implications because, for example, it is quite possible to...
Advisory ROSA-SA-2023-2247
software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-23169 BDU-ID: 2021-04603 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the copyIntoFrameBuffer function of the OpenEXR wide dynamic range luminance image storage software is related to writing beyo...
Advisory ROSA-SA-2023-2177
Software: libcacard 2.5.2 OS: ROSA-CHROME packageevrstring: libcacard-2.5.2-6.src.rpm CVE-ID: CVE-2017-6414 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory leak in the vcardapdunew function in the card7816.c file in libcacard before version 2.5.3 allows local guest OS users to cause a denial of...
Advisory ROSA-SA-2023-2165
Software: nss 3.53.1 OS: rosa-server79 packageevrstring: 3.53.1-7.res7 CVE-ID: CVE-2023-0767 BDU-ID: 2023-01270 CVE-Crit: HIGH CVE-DESC: A vulnerability in Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird email client browsers is related to improper limiting of operations within the...
Advisory ROSA-SA-2023-2149
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 packageevrstring: 3.26.0 CVE-ID: CVE-2019-19645 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Alter.c in SQLite before 3.30.1 allows attackers to trigger infinite recursion using certain types of self-referential views in conjunction with ALTER TABLE...
Advisory ROSA-SA-2023-2085
Software: xrdp 0.9.21 OS: rosa-server79 packageevrstring: xrdp-0.9.21 CVE-ID: CVE-2022-23477 BDU-ID: 2022-07224 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerabili...
Advisory ROSA-SA-2021-1994
Software: vorbis-tools 1.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9638 CVE-Crit: MEDIUM CVE-DESC: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service division-by-zero error and crash via a WAV file with the number of channels set to zero. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1977
Software: sssd 1.16.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-16883 CVE-Crit: MEDIUM CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the "alloweduids" configuration parameter. If sensitive information was stored in a user's directory, it...
Advisory ROSA-SA-2021-1954
Software: postfix 2.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-10140 CVE-Crit: HIGH CVE-DESC: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 may allow local users to gain privileges using undocumented features in Berkeley DB 2. x and later related to reading...
Advisory ROSA-SA-2021-1951
Software: pidgin 2.10.11 OS: Cobalt 7.9 CVE-ID: CVE-2016-1000030 CVE-Crit: CRITICAL CVE-DESC: Pidgin version 2.11.0 contains a vulnerability in X.509 certificate import, specifically due to improper validation of return values from gnutlsx509crtinit and gnutlsx509crtimport , which could lead to...
Advisory ROSA-SA-2021-1937
Software: openslp 2.0.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-4912 CVE-Crit: HIGH CVE-DESC: The xrealloc function in xlspxmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service dereferencing a null pointer and crashing through a large number of created packets, causing a memory...
Advisory ROSA-SA-2021-1932
Software: ntp 4.2.6p5 OS: Cobalt 7.9 CVE-ID: CVE-2015-5146 CVE-Crit: MEDIUM CVE-DESC: ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer trusted to perform remote configuration to cau...
Advisory ROSA-SA-2021-1849
Software: grub2 2.02 OS: Cobalt 7.9 CVE-ID: CVE-2020-15706 CVE-Crit: MEDIUM CVE-DESC: GRUB2 contains a race condition in grubscriptfunctioncreate leading to a post-release exploitation vulnerability that can be triggered by overriding a function when the same function is already executing, leadin...
Advisory ROSA-SA-2025-2898
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...
Advisory ROSA-SA-2025-2660
Software: tcpdump 4.99.4 OS: ROSA-CHROME packageevrstring: tcpdump-4.99.4-2 CVE-ID: CVE-2018-16301 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in tcpdump: buffer overflow on processing command line arguments. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerabilit...
Advisory ROSA-SA-2025-2585
software: xorgxrdp 0.10.2 OS: ROSA-CHROME packageevrstring: xorgxrdp-0.10.2-1 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts...
Advisory ROSA-SA-2024-2506
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-5.rv3 CVE-ID: CVE-2020-28493 BDU-ID: 2022-05230 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python programming language interpreter html-template tool jinja2 is related to incorrect resource...
Advisory ROSA-SA-2024-2453
Software: e2fsprogs 1.46.6 WASP: ROSA-CHROME packageevrstring: e2fsprogs-1.46.6-1 CVE-ID: CVE-2022-1304 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read/write vulnerability outside the allocated area has been detected in e2fsprogs. This issue leads to a segmentation error and possible execution of...
Advisory ROSA-SA-2024-2435
software: vim 9.0.2130 WASP: ROSA-CHROME packageevrstring: vim-9.0.2130-1 CVE-ID: CVE-2023-46246 BDU-ID: 2023-07250 CVE-Crit: LOW CVE-DESC.: A vulnerability in the gagrowinner function of the vim text editor, protocol for software Unix is caused by an integer overflow. Exploitation of the...
Advisory ROSA-SA-2024-2433
software: emacs 28.1 WASP: ROSA-CHROME packageevrstring: emacs-28.1-5 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir paramet...
Advisory ROSA-SA-2024-2373
Software: pixman 0.38.4 OS: ROSA Virtualization 2.1 packageevrstring: pixman-0.38.4.src.rpm CVE-ID: CVE-2022-44638 BDU-ID: 2022-06667 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rasterizeedges8 function of the Pixman library is related to the ability to write beyond buffer boundaries in...
Advisory ROSA-SA-2024-2346
Software: gstreamer1-plugins-bad-free 1.10.4 OS: rosa-server79 packageevrstring: gstreamer1-plugins-bad-free-1.10.4-4.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...
Advisory ROSA-SA-2023-2314
Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14779 BDU-ID: 2020-05051 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Serialization component of the Java SE, Java SE Embedded software platforms is related t...
Advisory ROSA-SA-2023-2300
Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-106.0.3.rv3.src.rpm CVE-ID: CVE-2020-14372 BDU-ID: 2022-00326 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Secure Boot protocol implementation of the Grub2 operating system boot loader is related to an incorrect...
Advisory ROSA-SA-2023-2281
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-51.0.1.rv3.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability cou...
Advisory ROSA-SA-2023-2256
Software: libmysofa 1.3.1 OS: ROSA-CHROME packageevrstring: libmysofa-1.3.1-1.src.rpm CVE-ID: CVE-2020-36148 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Improper handling of input to theverifyAttribute function in the libmysofa 0.5-1.1 library will result in dereferencing a null pointer and a...
Advisory ROSA-SA-2023-2205
Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.rv3.src.rpm CVE-ID: CVE-2021-23177 BDU-ID: 2022-01463 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability...
Advisory ROSA-SA-2023-2190
Software: c-ares 1.10.0 OS: rosa-server79 packageevrstring: 1.10.0-3.res7.1 CVE-ID: CVE-2023-32067 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: This problem occurs due to a 0-byte UDP payload that can cause a denial of service. CVE-STATUS: Fixed CVE-REV: To close, run the yum update c-ares command...