1374 matches found
Advisory ROSA-SA-2023-2314
Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14779 BDU-ID: 2020-05051 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Serialization component of the Java SE, Java SE Embedded software platforms is related t...
Advisory ROSA-SA-2023-2300
Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-106.0.3.rv3.src.rpm CVE-ID: CVE-2020-14372 BDU-ID: 2022-00326 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Secure Boot protocol implementation of the Grub2 operating system boot loader is related to an incorrect...
Advisory ROSA-SA-2023-2246
Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-5.rv3.src.rpm CVE-ID: CVE-2021-3672 BDU-ID: 2022-00342 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SI library for DNS c-ares asynchronous queries is associated with failure to take measures to protect the...
Advisory ROSA-SA-2023-2205
Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.rv3.src.rpm CVE-ID: CVE-2021-23177 BDU-ID: 2022-01463 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability...
Advisory ROSA-SA-2023-2190
Software: c-ares 1.10.0 OS: rosa-server79 packageevrstring: 1.10.0-3.res7.1 CVE-ID: CVE-2023-32067 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: This problem occurs due to a 0-byte UDP payload that can cause a denial of service. CVE-STATUS: Fixed CVE-REV: To close, run the yum update c-ares command...
Advisory ROSA-SA-2023-2181
Software: Grafana 6.7.4 OS: ROSA Virtualization 2.1 packageevrstring: grafana-6.7.4-3.rv3.src.rpm CVE-ID: CVE-2023-3128 BDU-ID: 2023-03343 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of...
Advisory ROSA-SA-2021-2006
Software: zziplib 0.13.62 OS: Cobalt 7.9 CVE-ID: CVE-2017-5977 CVE-Crit: MEDIUM CVE-DESC: The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1965
Software: rsyslog 8.24.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-12588 CVE-Crit: CRITICAL CVE-DESC: zmq3 input and output modules in rsyslog prior to version 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with undefined impact. CVE-STATUS: default CVE-RE...
Advisory ROSA-SA-2021-1925
Software: mutt 1.5.21 OS: Cobalt 7.9 CVE-ID: CVE-2018-14349 CVE-Crit: CRITICAL CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-14350 CVE-Crit:...
Advisory ROSA-SA-2021-1872
Software: libgxps 0.3.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-10733 CVE-Crit: MEDIUM CVE-DESC: There is a heap-based buffer overflow in the ftfontfacehash function of the gxps-fonts.c file in libgxps before version 0.3.0. The input created will result in a remote denial of service attack. CVE-STATUS:...
Advisory ROSA-SA-2021-1856
Software: irssi 0.8.15 OS: Cobalt 7.9 CVE-ID: CVE-2017-15227 CVE-Crit: HIGH CVE-DESC: Irssi before 1.0.5 may erroneously fail to remove destroyed channels from the request list when waiting for channel synchronization, resulting in post-release usage conditions on subsequent status updates...
Advisory ROSA-SA-2025-3082
Software: httpd 2.4.6 OS: rosa-server79 unaffected versions = httpd-2.4.6-99.0.7.res7.1 affected versions httpd-2.4.6-99.0.7.res7.1 CVE-ID: CVE-2024-47252 BDU-ID: 2025-08958 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modssl function of the Apache HTTP Server web server is related to a failu...
Advisory ROSA-SA-2025-3077
Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 unaffected versions = libssh-0.9.6-15.rv30 affected versions libssh-0.9.6-15.rv30 CVE-ID: CVE-2025-5318 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside of buffer...
Advisory ROSA-SA-2025-2756
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-5.8.rv3 CVE-ID: CVE-2022-3204 BDU-ID: 2023-03846 CVE-Crit: HIGH CVE-DESC.: Unbound's DNS server vulnerability involves uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acti...
Advisory ROSA-SA-2025-2734
SOFTWARE: 389-ds-base 1.4.3.23. OS: ROSA Virtualization 3.0 packageevrstring: 389-ds-base-1.4.3.23-14.rv30 CVE-ID: CVE-2021-4091 BDU-ID: 2022-05559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the 389 Directory Server's implementation of the 389 Directory Server lookup function is related to the...
Advisory ROSA-SA-2025-2709
Software: libX11 1.6.8 OS: ROSA Virtualization 3.0 packageevrstring: libX11-1.6.8-6.0.1 CVE-ID: CVE-2021-31535 BDU-ID: 2021-02747 CVE-Crit: LOW CVE-DESC.: A vulnerability in the XLookupColor function of the libX11 library is related to insufficient input validation. Exploitation of the...
Advisory ROSA-SA-2025-2674
software: libssh 0.9.8 OS: ROSA-CHROME packageevrstring: libssh-0.9.8-1 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and...
Advisory ROSA-SA-2025-2591
software: postfix 3.5.25 OS: ROSA-CHROME packageevrstring: postfix-3.5.25-1 CVE-ID: CVE-2023-51764 BDU-ID: 2024-00106 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the smtpd daemon of the Postfix mail server is related to insufficient data authentication when processing string endings other tha...
Advisory ROSA-SA-2024-2514
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.1.P2.res7.16 CVE-ID: CVE-2024-1737 BDU-ID: 2024-05964 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attack...
Advisory ROSA-SA-2024-2484
Software: postgresql13 13.15 OS: rosa-server79 packageevrstring: postgresql13-13.15-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2478
software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...
Advisory ROSA-SA-2024-2459
Software: systemd 239 OS: ROSA Virtualization 2.1 packageevrstring: systemd-239 CVE-ID: CVE-2018-21029 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: systemd accepts any certificate signed by a trusted certificate authority for DNS Over TLS. No server name indication SNI is sent, and there is no...
Advisory ROSA-SA-2024-2447
software: cairo 1.16.0 WASP: ROSA-CHROME packageevrstring: cairo-1.16.0-5 CVE-ID: CVE-2019-6461 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an assertion problem in the cairoarcindirection function in the cairo-arc.c file. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update...
Advisory ROSA-SA-2024-2444
Software: xdg-utils 1.1.3 OS: ROSA-CHROME packageevrstring: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially send...
Advisory ROSA-SA-2024-2374
Software: protobuf-c 1.3.0 OS: ROSA Virtualization 2.1 packageevrstring: protobuf-c-1.3.0-8.rv3 CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow...
Advisory ROSA-SA-2024-2337
software: flatpak 1.14.4 AXIS: ROSA-CHROME packageevrstring: flatpak-1.14.4-1.src.rpm CVE-ID: CVE-2023-28100 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: If the Flatpak application runs on a Linux virtual console, such as /dev/tty1, it can copy text from the virtual console and paste it into a comman...
Advisory ROSA-SA-2023-2318
software: ghostscript 9.54.0 OS: ROSA-CHROME packageevrstring: ghostscript-9.54.0-9.src.rpm CVE-ID: CVE-2023-36664 BDU-ID: 2023-03466 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the Ghostscript document processing, conversion, and generation software suite due to failure to take measures ...
Advisory ROSA-SA-2023-2307
Software: jasper 2.0.14-5 OS: ROSA Virtualization 2.1 packageevrstring: jasper-2.0.14-5.rv3.src.rpm CVE-ID: CVE-2020-27828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Special input provided by an attacker in jasper could cause an arbitrary write outside of the allowed range. This could potentially...
Advisory ROSA-SA-2023-2290
Software: fribidi 1.0.4 OS: ROSA Virtualization 2.1 packageevrstring: fribidi-1.0.4-9.rv3.src.rpm CVE-ID: CVE-2022-25308 BDU-ID: 2022-02659 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the GNU FriBidi library is caused by a buffer overflow on the stack. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2233
Software: thunderbird 102.14.0 OS: rosa-server79 packageevrstring: thunderbird-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text...
Advisory ROSA-SA-2023-2219
software: tor 0.4.6.10 OS: ROSA-CHROME packageevrstring: tor-0.4.6.10-2.src.rpm CVE-ID: CVE-2023-23589 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The SafeSocks option in Tor before version 0.4.7.13 has a logic error that can use the insecure SOCKS4 protocol, but not the secure SOCKS4a protocol, aka...
Advisory ROSA-SA-2023-2200
Software: openblas 0.3.3 OS: ROSA Virtualization 2.1 packageevrstring: openblas-0.3.3-5.rv3.1.src.rpm CVE-ID: CVE-2021-4048 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An out-of-bounds read vulnerability was discovered in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack before version...
Advisory ROSA-SA-2023-2153
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: 1.20.4-23 CVE-ID: CVE-2023-1393 BDU-ID: None CVE-Crit: HIGH CVE-DESC: Use-After-Free can result in elevated local privileges. If a client explicitly destroys a linker overlay window also known as COW, Xserver will leave a dangli...
Advisory ROSA-SA-2021-1945
Software: pango 1.42.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-17365 CVE-Crit: HIGH CVE-DESC: Incorrect directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier could allow an authorized user to potentially enable privilege escalation via local access. The...
Advisory ROSA-SA-2021-1806
Software: aspell 0.60.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-20433 CVE-Crit: CRITICAL CVE-DESC: libaspell.a in GNU Aspell before 0.60.8 has a buffer reread for a string ending with one byte '\ 0' if the encoding is set to ucs-2 or ucs-4 outside the application. , as shown by the ASPELLCONF environme...
Advisory ROSA-SA-2026-3297
CVE-ID: CVE-2024-41817 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The vulnerability in the AppImage version of ImageMagick relates to the use of an empty path during the installation of environment variables MAGICKCONFIGUREPATH and LDLIBRARYPATH. This allows attackers to execute arbitrary code by...
Advisory ROSA-SA-2026-3227
software: qemu 7.2.22 OS: ROSA-CHROME unaffected versions = qemu-7.2.22-1 affected versions qemu-7.2.22-1 CVE-ID: CVE-2023-3019 BDU-ID: 2024-04883 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability...
Advisory ROSA-SA-2026-3144
Software: flac 1.3.2 OS: ROSA Virtualization 3.1 unaffected versions = flac-1.3.2-9.rv31.1 affected versions flac-1.3.2-9.rv31.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...
Advisory ROSA-SA-2025-2856
Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.0 packageevrstring: modauthopenidc-2.4.9.4-7.rv30 CVE-ID: CVE-2024-24814 BDU-ID: 2024-02794 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for Apache 2.x HTTP server Modauthopenidc is associated...
Advisory ROSA-SA-2025-2787
Software: postgresql15 15.12 OS: rosa-server79 packageevrstring: postgresql15-15.12-1PGDG.res7 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer du...
Advisory ROSA-SA-2025-2716
Software: perl 5.26.3 OS: ROSA Virtualization 3.0 packageevrstring: perl-5.26.3 CVE-ID: CVE-2020-10878 BDU-ID: 2020-04040 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PLregkindOPn == NOTHING parameter of the Perl programming language interpreter is related to integer overflow. Exploitation of...
Advisory ROSA-SA-2025-2665
software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...
Advisory ROSA-SA-2025-2652
software: libebml 1.4.4 OS: ROSA-CHROME packageevrstring: libebml-1.4.4 CVE-ID: CVE-2023-52339 BDU-ID: 2024-02535 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the MemIOCallback.cpp file of the C++ libebml library is related to integer overflow. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2025-2637
software: glibc 2.33 AXIS: ROSA-CHROME packageevrstring: glibc-2.33-10.git1a2009.2 CVE-ID: CVE-2023-4806 BDU-ID: 2024-00852 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the GNU C library glibc is related to memory usage after it has been freed. Exploitation of the...
Advisory ROSA-SA-2025-2624
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-6 CVE-ID: CVE-2024-25062 BDU-ID: 2024-01415 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to memory usage after it is...
Advisory ROSA-SA-2024-2530
Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...
Advisory ROSA-SA-2024-2525
Software: nghttp2 1.33.0 OS: rosa-server79 packageevrstring: nghttp2-1.33.0-1.3.res7 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established...
Advisory ROSA-SA-2024-2509
Software: freeradius 3.0.13 OS: rosa-server79 packageevrstring: freeradius-3.0.13-15.0.1.res7 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through...
Advisory ROSA-SA-2024-2448
Software: pcre2 10.32 OS: ROSA Virtualization 2.1 packageevrstring: pcre2-10.32 CVE-ID: CVE-2022-1587 BDU-ID: 2023-02635 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2jitcompile.c function of the PCRE2 regular expression library is related to reading outside of the allowed data buffer...
Advisory ROSA-SA-2024-2431
Software: lua 5.3.4 OS: ROSA Virtualization 2.1 packageevrstring: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in luaresume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...