Lucene search
K
RosalinuxMost viewed

1374 matches found

Rosalinux
Rosalinux
•added 2023/12/19 12:8 p.m.•32 views

Advisory ROSA-SA-2023-2314

Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14779 BDU-ID: 2020-05051 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Serialization component of the Java SE, Java SE Embedded software platforms is related t...

4.3CVSS8.7AI score0.04238EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/12/05 10:31 a.m.•32 views

Advisory ROSA-SA-2023-2300

Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-106.0.3.rv3.src.rpm CVE-ID: CVE-2020-14372 BDU-ID: 2022-00326 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Secure Boot protocol implementation of the Grub2 operating system boot loader is related to an incorrect...

8.2CVSS8.7AI score0.01738EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/10/17 12:6 p.m.•32 views

Advisory ROSA-SA-2023-2246

Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-5.rv3.src.rpm CVE-ID: CVE-2021-3672 BDU-ID: 2022-00342 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SI library for DNS c-ares asynchronous queries is associated with failure to take measures to protect the...

8.6CVSS9.1AI score0.02617EPSS
Exploits2
Rosalinux
Rosalinux
•added 2023/08/01 1:7 p.m.•32 views

Advisory ROSA-SA-2023-2205

Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.rv3.src.rpm CVE-ID: CVE-2021-23177 BDU-ID: 2022-01463 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability...

9.8CVSS7.8AI score0.01936EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/18 11:12 a.m.•32 views

Advisory ROSA-SA-2023-2190

Software: c-ares 1.10.0 OS: rosa-server79 packageevrstring: 1.10.0-3.res7.1 CVE-ID: CVE-2023-32067 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: This problem occurs due to a 0-byte UDP payload that can cause a denial of service. CVE-STATUS: Fixed CVE-REV: To close, run the yum update c-ares command...

7.5CVSS6.8AI score0.01577EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/07/04 1:37 p.m.•32 views

Advisory ROSA-SA-2023-2181

Software: Grafana 6.7.4 OS: ROSA Virtualization 2.1 packageevrstring: grafana-6.7.4-3.rv3.src.rpm CVE-ID: CVE-2023-3128 BDU-ID: 2023-03343 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of...

9.8CVSS7.3AI score0.04094EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 6:22 p.m.•32 views

Advisory ROSA-SA-2021-2006

Software: zziplib 0.13.62 OS: Cobalt 7.9 CVE-ID: CVE-2017-5977 CVE-Crit: MEDIUM CVE-DESC: The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file. CVE-STATUS: default CVE-REV:...

5.5CVSS5.8AI score0.02078EPSS
Exploits8
Rosalinux
Rosalinux
•added 2021/07/02 6:4 p.m.•32 views

Advisory ROSA-SA-2021-1965

Software: rsyslog 8.24.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-12588 CVE-Crit: CRITICAL CVE-DESC: zmq3 input and output modules in rsyslog prior to version 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with undefined impact. CVE-STATUS: default CVE-RE...

9.8CVSS9.1AI score0.02834EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:31 p.m.•32 views

Advisory ROSA-SA-2021-1925

Software: mutt 1.5.21 OS: Cobalt 7.9 CVE-ID: CVE-2018-14349 CVE-Crit: CRITICAL CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-14350 CVE-Crit:...

9.8CVSS8.1AI score0.0502EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:14 p.m.•32 views

Advisory ROSA-SA-2021-1872

Software: libgxps 0.3.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-10733 CVE-Crit: MEDIUM CVE-DESC: There is a heap-based buffer overflow in the ftfontfacehash function of the gxps-fonts.c file in libgxps before version 0.3.0. The input created will result in a remote denial of service attack. CVE-STATUS:...

6.5CVSS7.5AI score0.0227EPSS
Exploits2
Rosalinux
Rosalinux
•added 2021/07/02 5:7 p.m.•32 views

Advisory ROSA-SA-2021-1856

Software: irssi 0.8.15 OS: Cobalt 7.9 CVE-ID: CVE-2017-15227 CVE-Crit: HIGH CVE-DESC: Irssi before 1.0.5 may erroneously fail to remove destroyed channels from the request list when waiting for channel synchronization, resulting in post-release usage conditions on subsequent status updates...

9.8CVSS8.8AI score0.0336EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/12/02 1:16 p.m.•31 views

Advisory ROSA-SA-2025-3082

Software: httpd 2.4.6 OS: rosa-server79 unaffected versions = httpd-2.4.6-99.0.7.res7.1 affected versions httpd-2.4.6-99.0.7.res7.1 CVE-ID: CVE-2024-47252 BDU-ID: 2025-08958 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modssl function of the Apache HTTP Server web server is related to a failu...

7.5CVSS7.1AI score0.00669EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/11/10 6:23 a.m.•31 views

Advisory ROSA-SA-2025-3077

Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 unaffected versions = libssh-0.9.6-15.rv30 affected versions libssh-0.9.6-15.rv30 CVE-ID: CVE-2025-5318 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside of buffer...

8.1CVSS8.3AI score0.93305EPSS
Exploits6
Rosalinux
Rosalinux
•added 2025/03/01 9:41 p.m.•31 views

Advisory ROSA-SA-2025-2756

Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-5.8.rv3 CVE-ID: CVE-2022-3204 BDU-ID: 2023-03846 CVE-Crit: HIGH CVE-DESC.: Unbound's DNS server vulnerability involves uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acti...

8CVSS7.8AI score0.99995EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/03/01 9:32 p.m.•31 views

Advisory ROSA-SA-2025-2734

SOFTWARE: 389-ds-base 1.4.3.23. OS: ROSA Virtualization 3.0 packageevrstring: 389-ds-base-1.4.3.23-14.rv30 CVE-ID: CVE-2021-4091 BDU-ID: 2022-05559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the 389 Directory Server's implementation of the 389 Directory Server lookup function is related to the...

7.5CVSS6.7AI score0.02014EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/02/24 12:28 p.m.•31 views

Advisory ROSA-SA-2025-2709

Software: libX11 1.6.8 OS: ROSA Virtualization 3.0 packageevrstring: libX11-1.6.8-6.0.1 CVE-ID: CVE-2021-31535 BDU-ID: 2021-02747 CVE-Crit: LOW CVE-DESC.: A vulnerability in the XLookupColor function of the libX11 library is related to insufficient input validation. Exploitation of the...

9.8CVSS6.9AI score0.10634EPSS
Exploits2
Rosalinux
Rosalinux
•added 2025/01/28 7:59 p.m.•31 views

Advisory ROSA-SA-2025-2674

software: libssh 0.9.8 OS: ROSA-CHROME packageevrstring: libssh-0.9.8-1 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and...

5.9CVSS7.4AI score0.93305EPSS
Exploits4
Rosalinux
Rosalinux
•added 2025/01/27 11:51 a.m.•31 views

Advisory ROSA-SA-2025-2591

software: postfix 3.5.25 OS: ROSA-CHROME packageevrstring: postfix-3.5.25-1 CVE-ID: CVE-2023-51764 BDU-ID: 2024-00106 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the smtpd daemon of the Postfix mail server is related to insufficient data authentication when processing string endings other tha...

5.3CVSS7.2AI score0.02598EPSS
Exploits4
Rosalinux
Rosalinux
•added 2024/10/29 8:37 a.m.•31 views

Advisory ROSA-SA-2024-2514

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.1.P2.res7.16 CVE-ID: CVE-2024-1737 BDU-ID: 2024-05964 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attack...

7.5CVSS7.3AI score0.02114EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/10/03 8:54 p.m.•31 views

Advisory ROSA-SA-2024-2484

Software: postgresql13 13.15 OS: rosa-server79 packageevrstring: postgresql13-13.15-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...

8.8CVSS8.2AI score0.04322EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/09/25 9:38 a.m.•31 views

Advisory ROSA-SA-2024-2478

software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...

6.5CVSS6.7AI score0.01129EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/07/31 9:46 a.m.•31 views

Advisory ROSA-SA-2024-2459

Software: systemd 239 OS: ROSA Virtualization 2.1 packageevrstring: systemd-239 CVE-ID: CVE-2018-21029 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: systemd accepts any certificate signed by a trusted certificate authority for DNS Over TLS. No server name indication SNI is sent, and there is no...

9.8CVSS7.1AI score0.03138EPSS
Exploits5
Rosalinux
Rosalinux
•added 2024/07/09 12:38 p.m.•31 views

Advisory ROSA-SA-2024-2447

software: cairo 1.16.0 WASP: ROSA-CHROME packageevrstring: cairo-1.16.0-5 CVE-ID: CVE-2019-6461 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an assertion problem in the cairoarcindirection function in the cairo-arc.c file. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update...

6.5CVSS6.8AI score0.02142EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/07/01 2:15 p.m.•31 views

Advisory ROSA-SA-2024-2444

Software: xdg-utils 1.1.3 OS: ROSA-CHROME packageevrstring: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially send...

6.5CVSS6.7AI score0.01443EPSS
Exploits1
Rosalinux
Rosalinux
•added 2024/03/19 12:32 p.m.•31 views

Advisory ROSA-SA-2024-2374

Software: protobuf-c 1.3.0 OS: ROSA Virtualization 2.1 packageevrstring: protobuf-c-1.3.0-8.rv3 CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow...

5.5CVSS7.6AI score0.00369EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/02/06 7:45 a.m.•31 views

Advisory ROSA-SA-2024-2337

software: flatpak 1.14.4 AXIS: ROSA-CHROME packageevrstring: flatpak-1.14.4-1.src.rpm CVE-ID: CVE-2023-28100 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: If the Flatpak application runs on a Linux virtual console, such as /dev/tty1, it can copy text from the virtual console and paste it into a comman...

10CVSS8.8AI score0.00887EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/12/26 12:1 p.m.•31 views

Advisory ROSA-SA-2023-2318

software: ghostscript 9.54.0 OS: ROSA-CHROME packageevrstring: ghostscript-9.54.0-9.src.rpm CVE-ID: CVE-2023-36664 BDU-ID: 2023-03466 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the Ghostscript document processing, conversion, and generation software suite due to failure to take measures ...

7.8CVSS7.6AI score0.03236EPSS
Exploits4
Rosalinux
Rosalinux
•added 2023/12/12 12:29 p.m.•31 views

Advisory ROSA-SA-2023-2307

Software: jasper 2.0.14-5 OS: ROSA Virtualization 2.1 packageevrstring: jasper-2.0.14-5.rv3.src.rpm CVE-ID: CVE-2020-27828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Special input provided by an attacker in jasper could cause an arbitrary write outside of the allowed range. This could potentially...

7.8CVSS7.2AI score0.01371EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/11/07 9:58 a.m.•31 views

Advisory ROSA-SA-2023-2290

Software: fribidi 1.0.4 OS: ROSA Virtualization 2.1 packageevrstring: fribidi-1.0.4-9.rv3.src.rpm CVE-ID: CVE-2022-25308 BDU-ID: 2022-02659 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the GNU FriBidi library is caused by a buffer overflow on the stack. Exploitation of the vulnerability could...

7.8CVSS7.8AI score0.00508EPSS
Exploits3
Rosalinux
Rosalinux
•added 2023/09/12 11:49 a.m.•31 views

Advisory ROSA-SA-2023-2233

Software: thunderbird 102.14.0 OS: rosa-server79 packageevrstring: thunderbird-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text...

9.8CVSS8.8AI score0.13694EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/08/22 9:57 a.m.•31 views

Advisory ROSA-SA-2023-2219

software: tor 0.4.6.10 OS: ROSA-CHROME packageevrstring: tor-0.4.6.10-2.src.rpm CVE-ID: CVE-2023-23589 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The SafeSocks option in Tor before version 0.4.7.13 has a logic error that can use the insecure SOCKS4 protocol, but not the secure SOCKS4a protocol, aka...

6.5CVSS6.9AI score0.00832EPSS
Exploits1
Rosalinux
Rosalinux
•added 2023/07/25 10:22 a.m.•31 views

Advisory ROSA-SA-2023-2200

Software: openblas 0.3.3 OS: ROSA Virtualization 2.1 packageevrstring: openblas-0.3.3-5.rv3.1.src.rpm CVE-ID: CVE-2021-4048 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An out-of-bounds read vulnerability was discovered in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack before version...

9.1CVSS7.2AI score0.0262EPSS
Exploits0
Rosalinux
Rosalinux
•added 2023/04/18 11:48 a.m.•31 views

Advisory ROSA-SA-2023-2153

Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: 1.20.4-23 CVE-ID: CVE-2023-1393 BDU-ID: None CVE-Crit: HIGH CVE-DESC: Use-After-Free can result in elevated local privileges. If a client explicitly destroys a linker overlay window also known as COW, Xserver will leave a dangli...

7.8CVSS7.6AI score0.0044EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 5:39 p.m.•31 views

Advisory ROSA-SA-2021-1945

Software: pango 1.42.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-17365 CVE-Crit: HIGH CVE-DESC: Incorrect directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier could allow an authorized user to potentially enable privilege escalation via local access. The...

7.8CVSS7.3AI score0.00379EPSS
Exploits0
Rosalinux
Rosalinux
•added 2021/07/02 4:32 p.m.•31 views

Advisory ROSA-SA-2021-1806

Software: aspell 0.60.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-20433 CVE-Crit: CRITICAL CVE-DESC: libaspell.a in GNU Aspell before 0.60.8 has a buffer reread for a string ending with one byte '\ 0' if the encoding is set to ucs-2 or ucs-4 outside the application. , as shown by the ASPELLCONF environme...

9.1CVSS7.2AI score0.01739EPSS
Exploits0
Rosalinux
Rosalinux
•added 2026/06/01 8:37 a.m.•30 views

Advisory ROSA-SA-2026-3297

CVE-ID: CVE-2024-41817 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The vulnerability in the AppImage version of ImageMagick relates to the use of an empty path during the installation of environment variables MAGICKCONFIGUREPATH and LDLIBRARYPATH. This allows attackers to execute arbitrary code by...

9.8CVSS6.5AI score0.04065EPSS
Exploits14
Rosalinux
Rosalinux
•added 2026/03/22 6:55 p.m.•30 views

Advisory ROSA-SA-2026-3227

software: qemu 7.2.22 OS: ROSA-CHROME unaffected versions = qemu-7.2.22-1 affected versions qemu-7.2.22-1 CVE-ID: CVE-2023-3019 BDU-ID: 2024-04883 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability...

9.8CVSS7.5AI score0.01027EPSS
Exploits4
Rosalinux
Rosalinux
•added 2026/02/16 7:14 a.m.•30 views

Advisory ROSA-SA-2026-3144

Software: flac 1.3.2 OS: ROSA Virtualization 3.1 unaffected versions = flac-1.3.2-9.rv31.1 affected versions flac-1.3.2-9.rv31.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...

7.8CVSS6.2AI score0.00749EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/04/30 7:46 a.m.•30 views

Advisory ROSA-SA-2025-2856

Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.0 packageevrstring: modauthopenidc-2.4.9.4-7.rv30 CVE-ID: CVE-2024-24814 BDU-ID: 2024-02794 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for Apache 2.x HTTP server Modauthopenidc is associated...

7.5CVSS6.9AI score0.01261EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/04/11 9:22 p.m.•30 views

Advisory ROSA-SA-2025-2787

Software: postgresql15 15.12 OS: rosa-server79 packageevrstring: postgresql15-15.12-1PGDG.res7 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer du...

8.8CVSS9.4AI score0.89914EPSS
Exploits11
Rosalinux
Rosalinux
•added 2025/02/24 12:28 p.m.•30 views

Advisory ROSA-SA-2025-2716

Software: perl 5.26.3 OS: ROSA Virtualization 3.0 packageevrstring: perl-5.26.3 CVE-ID: CVE-2020-10878 BDU-ID: 2020-04040 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PLregkindOPn == NOTHING parameter of the Perl programming language interpreter is related to integer overflow. Exploitation of...

8.6CVSS7.6AI score0.04879EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/28 7:41 p.m.•30 views

Advisory ROSA-SA-2025-2665

software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...

7.1CVSS6.6AI score0.02775EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/01/28 7:25 p.m.•30 views

Advisory ROSA-SA-2025-2652

software: libebml 1.4.4 OS: ROSA-CHROME packageevrstring: libebml-1.4.4 CVE-ID: CVE-2023-52339 BDU-ID: 2024-02535 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the MemIOCallback.cpp file of the C++ libebml library is related to integer overflow. Exploitation of the vulnerability could allow an...

6.5CVSS6.7AI score0.01087EPSS
Exploits1
Rosalinux
Rosalinux
•added 2025/01/28 6:45 p.m.•30 views

Advisory ROSA-SA-2025-2637

software: glibc 2.33 AXIS: ROSA-CHROME packageevrstring: glibc-2.33-10.git1a2009.2 CVE-ID: CVE-2023-4806 BDU-ID: 2024-00852 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the GNU C library glibc is related to memory usage after it has been freed. Exploitation of the...

5.9CVSS7.5AI score0.01655EPSS
Exploits0
Rosalinux
Rosalinux
•added 2025/01/28 1:51 p.m.•30 views

Advisory ROSA-SA-2025-2624

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-6 CVE-ID: CVE-2024-25062 BDU-ID: 2024-01415 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to memory usage after it is...

7.5CVSS6.9AI score0.01364EPSS
Exploits3
Rosalinux
Rosalinux
•added 2024/11/26 9:41 a.m.•30 views

Advisory ROSA-SA-2024-2530

Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...

7.5CVSS6.9AI score0.0142EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/11/26 9:5 a.m.•30 views

Advisory ROSA-SA-2024-2525

Software: nghttp2 1.33.0 OS: rosa-server79 packageevrstring: nghttp2-1.33.0-1.3.res7 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established...

7.5CVSS7.9AI score0.99999EPSS
Exploits19
Rosalinux
Rosalinux
•added 2024/10/29 8:27 a.m.•30 views

Advisory ROSA-SA-2024-2509

Software: freeradius 3.0.13 OS: rosa-server79 packageevrstring: freeradius-3.0.13-15.0.1.res7 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through...

9CVSS7.7AI score0.14859EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/07/09 12:46 p.m.•30 views

Advisory ROSA-SA-2024-2448

Software: pcre2 10.32 OS: ROSA Virtualization 2.1 packageevrstring: pcre2-10.32 CVE-ID: CVE-2022-1587 BDU-ID: 2023-02635 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2jitcompile.c function of the PCRE2 regular expression library is related to reading outside of the allowed data buffer...

9.1CVSS7.1AI score0.02574EPSS
Exploits0
Rosalinux
Rosalinux
•added 2024/06/17 8:56 a.m.•30 views

Advisory ROSA-SA-2024-2431

Software: lua 5.3.4 OS: ROSA Virtualization 2.1 packageevrstring: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in luaresume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...

5.5CVSS7AI score0.01136EPSS
Exploits1
Total number of security vulnerabilities1374