1374 matches found
Advisory ROSA-SA-2025-2812
Software: mariadb 10.5.27 OS: ROSA Virtualization 3.0 packageevrstring: mariadb-10.5.27-1.rv30 CVE-ID: CVE-2023-22084 BDU-ID: 2023-06913 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to insufficient input validation...
Advisory ROSA-SA-2025-2811
Software: microcodectl 20250211 OS: ROSA Virtualization 3.0 packageevrstring: microcodectl-20250211-1.rv30 CVE-ID: CVE-2023-34440 BDU-ID: 2025-02776 CVE-Crit: MEDIUM. CVE-DESC.: A firmware vulnerability in the UEFI firmware of Intel processors is related to input validation flaws. Exploitation of...
Advisory ROSA-SA-2025-2809
Software: libsndfile 1.0.28 OS: ROSA Virtualization 3.0 packageevrstring: libsndfile-1.0.28-16.rv30 CVE-ID: CVE-2022-33065 BDU-ID: 2025-03968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aureadheader function of the src/au.c component of the Libsndfile audio file reading and writing library...
Advisory ROSA-SA-2025-2808
Software: libreswan 4.12 OS: ROSA Virtualization 3.0 packageevrstring: libreswan-4.12-2.rv30.4 CVE-ID: CVE-2024-2357 BDU-ID: 2024-03242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the VPN protocol library using "IPsec" libreswan is related to the use of the PreSharedKey secret to create an AUTH...
Advisory ROSA-SA-2025-2807
Software: less 530 OS: ROSA Virtualization 3.0 packageevrstring: less-530-3.rv30 CVE-ID: CVE-2022-48624 BDU-ID: 2024-04438 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the closealtfile filename.c function for UNIX-like Less text terminals is related to the skipping of Shellquote calls for...
Advisory ROSA-SA-2025-2810
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-19.rv30 CVE-ID: CVE-2024-56171 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in libxml2: use-after-free in xmlschemas.c. CVE-STATUS: Vulnerability resolved. CVE-REV: To close the vulnerability, run the...
Advisory ROSA-SA-2025-2806
Software: krb5 1.18.2 OS: ROSA Virtualization 3.0 packageevrstring: krb5-1.18.2-31.0.1.rv30 CVE-ID: CVE-2024-37370 BDU-ID: 2024-07016 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the implementation of the Kerberos network authentication protocol is associated with a change to the public Extra Cou...
Advisory ROSA-SA-2025-2805
Software: iperf3 3.5 OS: ROSA Virtualization 3.0 packageevrstring: iperf3-3.5-11.rv30 CVE-ID: CVE-2024-53580 BDU-ID: 2024-11145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to improper handling of test parameters passed to the server in jso...
Advisory ROSA-SA-2025-2803
Software: harfbuzz 1.7.5 OS: ROSA Virtualization 3.0 packageevrstring: harfbuzz-1.7.5-4.rv30 CVE-ID: CVE-2023-25193 BDU-ID: 2023-06149 CVE-Crit: HIGH CVE-DESC.: Vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is related to unrestricted resource...
Advisory ROSA-SA-2025-2802
Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-156.0.3.rv30 CVE-ID: CVE-2023-4692 BDU-ID: 2023-06822 CVE-Crit: LOW CVE-DESC.: A vulnerability in the fs/ntfs.c component of the Grub2 operating systems boot loader is related to a buffer overflow in dynamic memory...
Advisory ROSA-SA-2025-2801
Software: gtk3 3.22.30 OS: ROSA Virtualization 3.0 packageevrstring: gtk3-3.22.30-12.rv30 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...
Advisory ROSA-SA-2025-2800
Software: gmp 6.1.2 OS: ROSA Virtualization 3.0 packageevrstring: gmp-6.1.2-11.rv30 CVE-ID: CVE-2021-43618 BDU-ID: 2022-05776 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the mpz/inpraw.c component of the GMP arithmetic operations library on 32-bit platforms is related to integer overflow...
Advisory ROSA-SA-2025-2799
Software: gdk-pixbuf2 2.36.12 OS: ROSA Virtualization 3.0 packageevrstring: gdk-pixbuf2-2.36.12-6.0.1.rv30 CVE-ID: CVE-2022-48622 BDU-ID: 2024-06670 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GdkPixbuf image loading library is related to a heap memory corruption in aniloadchunk. Exploitatio...
Advisory ROSA-SA-2025-2798
Software: flatpak 1.10.8 OS: ROSA Virtualization 3.0 packageevrstring: flatpak-1.10.8-2.rv30 CVE-ID: CVE-2023-28100 BDU-ID: 2024-04881 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ioctl component of the Flatpak application and environment management tool is related to copying text from the...
Advisory ROSA-SA-2025-2804
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...
Advisory ROSA-SA-2025-2797
Software: expat 2.2.5 OS: ROSA Virtualization 3.0 packageevrstring: expat-2.2.5-16.0.1.rv30 CVE-ID: CVE-2022-23990 BDU-ID: 2022-00999 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the doProlog function of the Expat library is related to integer overflow. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2796
Software: emacs 26.1 OS: ROSA Virtualization 3.0 packageevrstring: emacs-26.1-13.rv30 CVE-ID: CVE-2024-30203 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In Emacs, a vulnerability in Gnus allows embedded MIME content to be treated as trusted. CVE-STATUS: The vulnerability has been resolved CVE-REV: T...
Advisory ROSA-SA-2025-2795
Software: dnsmasq 2.79 OS: ROSA Virtualization 3.0 packageevrstring: dnsmasq-2.79-33.0.1.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...
Advisory ROSA-SA-2025-2794
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 packageevrstring: cups-2.2.6-62.rv30 CVE-ID: CVE-2024-47175 BDU-ID: 2024-07645 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ppdCreatePPDFromIPP2 function of the CUPS print server libppd library is related to failure to take measures to...
Advisory ROSA-SA-2025-2793
Software: bubblewrap 0.4.0 OS: ROSA Virtualization 3.0 packageevrstring: bubblewrap-0.4.0-2.rv30 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...
Advisory ROSA-SA-2025-2792
Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 3.0 packageevrstring: bind-dyndb-ldap-11.6-5.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the...
Advisory ROSA-SA-2025-2791
Software: bind 9.11.36 OS: ROSA Virtualization 3.0 packageevrstring: bind-9.11.36-16.rv30.4 CVE-ID: CVE-2022-3094 BDU-ID: 2023-00580 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the named component of the DNS BIND server is related to the ability to use memory after it has been freed. Exploitatio...
Advisory ROSA-SA-2025-2789
Software: java-11-openjdk 11.0.25.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.25.0.9-1.0.1.res7 CVE-ID: CVE-2024-21208 BDU-ID: 2024-11501 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Diagnostics components of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM f...
Advisory ROSA-SA-2025-2790
Software: java-1.8.0-openjdk 1.8.0.432.b06 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.432.b06-1.0.1.res7 CVE-ID: CVE-2024-21208 BDU-ID: 2024-11501 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Diagnostics components of Oracle GraalVM Enterprise Edition virtual machines, Oracle...
Advisory ROSA-SA-2025-2788
Software: postgresql 9.2.24 OS: rosa-server79 packageevrstring: postgresql-9.2.24-9.0.4.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, arraysubscripthandler functions of the PostgreSQL database management system is related...
Advisory ROSA-SA-2025-2787
Software: postgresql15 15.12 OS: rosa-server79 packageevrstring: postgresql15-15.12-1PGDG.res7 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer du...
Advisory ROSA-SA-2025-2786
software: kernel-6.1 6.1.128 OS: ROSA-CHROME packageevrstring: kernel-6.1-generic-6.1.128-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating system kernel is related to memory usage after it has been...
Advisory ROSA-SA-2025-2785
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 3.0 packageevrstring: xmlrpc-c-1.51.0-10.0.1.rv30 CVE-ID: CVE-2023-52425 BDU-ID: 2024-01514 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XML parser library libexpat is associated with uncontrolled resource consumption. Exploitation of the...
Advisory ROSA-SA-2025-2784
Software: libXpm 3.5.12 OS: ROSA Virtualization 3.0 packageevrstring: libXpm-3.5.12-11.rv30 CVE-ID: CVE-2023-43788 BDU-ID: 2023-06887 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XpmCreateXpmImageFromBuffer function of the X Pixmap Image File XPM libXpm library is related to reading data...
Advisory ROSA-SA-2025-2783
Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 packageevrstring: libssh-0.9.6-14.rv30 CVE-ID: CVE-2023-6004 BDU-ID: 2024-00199 CVE-Crit: LOW CVE-DESC.: A vulnerability in the ProxyCommand/ProxyJump component of the libssh library is related to improper code generation controls. Exploitation o...
Advisory ROSA-SA-2025-2782
Software: c-ares 1.13.0 OS: ROSA Virtualization 3.0 packageevrstring: c-ares-1.13.0-11.rv30 CVE-ID: CVE-2024-25629 BDU-ID: 2024-01708 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the aresreadline function of the C-ares asynchronous DNS query library is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2781
Software: cairo 1.15.12 OS: ROSA Virtualization 2.1 packageevrstring: cairo-1.15.12-6.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...
Advisory ROSA-SA-2025-2780
Software: pixman 0.38.4 OS: ROSA Virtualization 2.1 packageevrstring: pixman-0.38.4-4.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...
Advisory ROSA-SA-2025-2779
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-10.20180224.0.1.rv3 CVE-ID: CVE-2021-39537 BDU-ID: 2023-07626 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nccaptoinfo function of the captoinfo.c component of the Ncurses terminal I/O control library involve...
Advisory ROSA-SA-2025-2778
Software: xmlrpc 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-3.1.3-1.0.1.1.rv3 CVE-ID: CVE-2019-17570 BDU-ID: 2020-01960 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library is related to ...
Advisory ROSA-SA-2025-2777
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-c-1.51.0-10.rv3 CVE-ID: CVE-2021-46143 BDU-ID: 2022-01052 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the doProlog function of the xmlparse.c file of the Expat library is related to integer overflow. Exploitation of t...
Advisory ROSA-SA-2025-2776
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...
Advisory ROSA-SA-2025-2775
Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...
Advisory ROSA-SA-2025-2774
Software: kernel kernel OS: ROSA Virtualization 3.0 packageevrstring: kernel-kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2024-1086 BDU-ID: 2024-01187 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nftverdictinit function in the net/netfilter/nftablesapi.c module of the Linux operating system...
Advisory ROSA-SA-2025-2773
Software: zabbix 6.0.34 OS: ROSA Virtualization 3.0 packageevrstring: zabbix-6.0.34-2.rv30 CVE-ID: CVE-2024-22114 BDU-ID: 2025-00959 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System is related to improper saving of permissions. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2025-2772
Software: python-urllib3 1.25.10 OS: ROSA Virtualization 3.0 packageevrstring: python-urllib3-1.25.10-5.rv30 CVE-ID: CVE-2021-33503 BDU-ID: 2022-00586 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP client for Python urllib3 is related to uncontrolled resource consumption. Exploitation of t...
Advisory ROSA-SA-2025-2770
Software: python-jwcrypto 0.5.0 OS: ROSA Virtualization 3.0 packageevrstring: python-jwcrypto-0.5.0-2.rv30 CVE-ID: CVE-2024-28102 BDU-ID: 2024-01978 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the deserialize JavaScript library function for Jwcrypto is associated with uncontrolled resource...
Advisory ROSA-SA-2025-2769
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 3.0 packageevrstring: python-jinja2-2.10.1-5.rv30 CVE-ID: CVE-2024-22195 BDU-ID: 2024-00884 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xmlattr filter of the Jinja2 templating engine for the Python programming language is related to a...
Advisory ROSA-SA-2025-2771
Software: python-setuptools 39.2.0 OS: ROSA Virtualization 3.0 packageevrstring: python-setuptools-39.2.0-8.0.1.rv30 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is...
Advisory ROSA-SA-2025-2768
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 3.0 packageevrstring: python-jinja2-2.10.1-6.rv30 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...
Advisory ROSA-SA-2025-2767
Software: libsoup 2.62.3 OS: ROSA Virtualization 3.0 packageevrstring: libsoup-2.62.3-7.rv30 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-2766
Software: rsync 3.1.3 OS: ROSA Virtualization 3.0 packageevrstring: rsync-3.1.3-20.rv30 CVE-ID: CVE-2024-12085 BDU-ID: 2025-00376 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2765
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-6.rv3 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...
Advisory ROSA-SA-2025-2764
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-7.rv3 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-2763
Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3-20.rv3 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory...