1374 matches found
Advisory ROSA-SA-2025-2762
Software: python-jinja2 2.7.2 OS: rosa-server79 packageevrstring: python-jinja2-2.7.2-4.0.1.res7 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the jinja html templating tool is related to the failure to neutralize special element...
Advisory ROSA-SA-2025-2761
Software: raptor2 2.0.9 OS: rosa-server79 packageevrstring: raptor2-2.0.9-3.0.1.res7 CVE-ID: CVE-2024-57823 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: An integer overflow vulnerability was discovered in the Raptor RDF Syntax Library when normalizing URIs using the turtle parser in the...
Advisory ROSA-SA-2025-2759
Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.5.res7.13 CVE-ID: CVE-2023-46846 BDU-ID: 2023-08063 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Squid proxy server chunked decoder is related to the server interpreting fragmented encoding syntax. Exploitation of...
Advisory ROSA-SA-2025-2760
Software: doxygen 1.8.5 OS: rosa-server79 packageevrstring: doxygen-1.8.5-4.0.1.res7 CVE-ID: CVE-2020-11022 BDU-ID: 2020-05190 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the jQuery library is associated with a failure to take measures to protect the structure of a web page. Exploitation of th...
Advisory ROSA-SA-2025-2758
Software: libsoup 2.62.2 OS: rosa-server79 packageevrstring: libsoup-2.62.2-2.0.3.res7 CVE-ID: CVE-2024-52531 BDU-ID: 2025-00232 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the soupheaderparseparamliststrict function of the GNOME GUI libsoup library is related to a buffer overflow in dynamic...
Advisory ROSA-SA-2025-2757
Software: rsync 3.1.2 OS: rosa-server79 packageevrstring: rsync-3.1.2-12.0.2.res7 CVE-ID: CVE-2024-12085 BDU-ID: 2025-00376 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation exceeding buffer boundaries ...
Advisory ROSA-SA-2025-2754
Software: PackageKit 1.1.12 OS: ROSA Virtualization 2.1 packageevrstring: PackageKit-1.1.12-7.0.1.rv3 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...
Advisory ROSA-SA-2025-2753
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-12.0.1.rv3 CVE-ID: CVE-2020-25659 BDU-ID: 2022-05647 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the python-cryptography package of the Python programming language interpreter is related to RSA key management...
Advisory ROSA-SA-2025-2749
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-8.0.1.rv3.1 CVE-ID: CVE-2023-5981 BDU-ID: 2024-01500 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GnuTLS transport layer security library is related to information disclosure via a mismatch. Exploitation of...
Advisory ROSA-SA-2025-2752
Software: opensc 0.20.0 OS: ROSA Virtualization 2.1 packageevrstring: opensc-0.20.0-8.rv3 CVE-ID: CVE-2023-2977 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in OpenSC causes a buffer overflow in the pkcs15 cardoshaveverifyrcpackage function, allowing an attacker to cause a processing...
Advisory ROSA-SA-2025-2751
Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-18.rv3.2 CVE-ID: CVE-2023-39615 BDU-ID: 2023-05968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlsax2startelement function of the libxml2 library is caused by a buffer overflow. Exploitation of the...
Advisory ROSA-SA-2025-2750
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-33.rv3 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-2756
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-5.8.rv3 CVE-ID: CVE-2022-3204 BDU-ID: 2023-03846 CVE-Crit: HIGH CVE-DESC.: Unbound's DNS server vulnerability involves uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acti...
Advisory ROSA-SA-2025-2755
Software: pam 1.3.1 OS: ROSA Virtualization 2.1 packageevrstring: pam-1.3.1-36.rv3 CVE-ID: CVE-2024-10041 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in PAM allows an attacker to access sensitive information stored in memory through the execution of a victim program by sending...
Advisory ROSA-SA-2025-2748
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...
Advisory ROSA-SA-2025-2746
Software: python3x-urllib3 1.25.10 OS: ROSA Virtualization 3.0 packageevrstring: python3x-urllib3-1.25.10-5.rv30 CVE-ID: CVE-2021-33503 BDU-ID: 2022-00586 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP client for Python urllib3 is related to uncontrolled resource consumption. Exploitation ...
Advisory ROSA-SA-2025-2747
Software: wget 1.19.5 OS: ROSA Virtualization 3.0 packageevrstring: wget-1.19.5-12.0.1.rv30 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the userinfo URI component of the GNU Wget download manager is related to insecure behavior in which data that shoul...
Advisory ROSA-SA-2025-2740
Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.1 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...
Advisory ROSA-SA-2025-2742
Software: postgresql 13.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql-13.16-1.rv30 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to null pointer dereferencing due to...
Advisory ROSA-SA-2025-2738
Software: libndp 1.7 OS: ROSA Virtualization 3.0 packageevrstring: libndp-1.7-7.rv30 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2736
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-13.0.1.rv30 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document...
Advisory ROSA-SA-2025-2734
SOFTWARE: 389-ds-base 1.4.3.23. OS: ROSA Virtualization 3.0 packageevrstring: 389-ds-base-1.4.3.23-14.rv30 CVE-ID: CVE-2021-4091 BDU-ID: 2022-05559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the 389 Directory Server's implementation of the 389 Directory Server lookup function is related to the...
Advisory ROSA-SA-2025-2735
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 packageevrstring: cups-2.2.6-60.rv30 CVE-ID: CVE-2023-32360 BDU-ID: 2023-07653 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authentication procedure. Exploitation of the vulnerability could allow a...
Advisory ROSA-SA-2025-2744
Software: python-idna 2.5 OS: ROSA Virtualization 3.0 packageevrstring: python-idna-2.5-7.0.2.rv30 CVE-ID: CVE-2024-3651 BDU-ID: 2024-04211 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the idna.encode function of the Internationalized Domain Names in Applications IDNA is associated with...
Advisory ROSA-SA-2025-2743
Software: postgresql14 14.13 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.13-2PGDG.0.1.rv30 CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access...
Advisory ROSA-SA-2025-2739
Software: libvpx 1.7.0 OS: ROSA Virtualization 3.0 packageevrstring: libvpx-1.7.0-11.rv30 CVE-ID: CVE-2023-5217 BDU-ID: 2023-06157 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the VP8 format encoding function of the libvpx library of the Google Chrome browser is related to a buffer overflow ...
Advisory ROSA-SA-2025-2737
Software: iperf3 3.5 OS: ROSA Virtualization 3.0 packageevrstring: iperf3-3.5-10.rv30 CVE-ID: CVE-2023-7250 BDU-ID: 2024-03238 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to allowed input lists. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2745
Software: python3x-idna 2.10 OS: ROSA Virtualization 3.0 packageevrstring: python3x-idna-2.10-4.rv30 CVE-ID: CVE-2024-3651 BDU-ID: 2024-04211 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the idna.encode function of the Internationalized Domain Names in Applications IDNA is associated with...
Advisory ROSA-SA-2025-2741
Software: orc 0.4.28 OS: ROSA Virtualization 3.0 packageevrstring: orc-0.4.28-4.rv30 CVE-ID: CVE-2024-40897 BDU-ID: 2024-06669 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the orcparse.c file of the library for compiling and executing programs that operate on GStreamer ORC data arrays is relate...
Advisory ROSA-SA-2025-2733
Software: unbound 1.16.2 OS: ROSA Virtualization 3.0 packageevrstring: unbound-1.16.2-5.8.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...
Advisory ROSA-SA-2025-2730
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.2.rv30 CVE-ID: CVE-2024-0727 BDU-ID: 2024-01337 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PKCS12parse, PKCS12unpackp7data, PKCS12unpackp7encdata, PKCS12unpackauthsafes, and PKCS12newpass functions ...
Advisory ROSA-SA-2025-2729
Software: opensc 0.20.0 OS: ROSA Virtualization 3.0 packageevrstring: opensc-0.20.0-8.rv30 CVE-ID: CVE-2023-2977 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in OpenSC causes a buffer overflow in the pkcs15 cardoshaveverifyrcpackage function, allowing an attacker to cause a processing...
Advisory ROSA-SA-2025-2728
Software: opencryptoki 3.21.0 OS: ROSA Virtualization 3.0 packageevrstring: opencryptoki-3.21.0-10.rv30 CVE-ID: CVE-2024-0914 BDU-ID: 2024-02839 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the opencryptoki package is related to the processing of RSA PKCS1 augmented ciphertexts. Exploitation of...
Advisory ROSA-SA-2025-2727
Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.0 packageevrstring: modauthopenidc-2.4.9.4-6.rv30 CVE-ID: CVE-2024-24814 BDU-ID: 2024-02794 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for Apache 2.x HTTP server Modauthopenidc is associated...
Advisory ROSA-SA-2025-2731
Software: PackageKit 1.1.12 OS: ROSA Virtualization 3.0 packageevrstring: PackageKit-1.1.12-7.0.1.rv30 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...
Advisory ROSA-SA-2025-2732
Software: pam 1.3.1 OS: ROSA Virtualization 3.0 packageevrstring: pam-1.3.1-36.0.1.rv30 CVE-ID: CVE-2024-10041 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in PAM allows an attacker to access sensitive information stored in memory through the execution of a victim program by sending...
Advisory ROSA-SA-2025-2722
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-34.0.2.rv30.2 CVE-ID: CVE-2023-28322 BDU-ID: 2023-02895 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libcurl library is related to errors in sending POST and PUT HTTP requests using the same descriptor. Exploitati...
Advisory ROSA-SA-2025-2724
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 packageevrstring: gnutls-3.6.16-8.0.1.rv30.1 CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the implementation of the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...
Advisory ROSA-SA-2025-2726
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1.rv30.2 CVE-ID: CVE-2022-49043 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Use-after-free vulnerability in libxml2. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerability, run the comman...
Advisory ROSA-SA-2025-2725
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-33.rv30 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-2723
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-15.0.2.rv30 CVE-ID: CVE-2024-46951 BDU-ID: 2024-09419 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the psi/zcolor.c component of the Ghostscript document processing, conversion, and generation software suite...
Advisory ROSA-SA-2025-2714
Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 packageevrstring: openssh-8.0p1-19.0.1 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool ...
Advisory ROSA-SA-2025-2713
Software: openblas 2000.3.15 OS: ROSA Virtualization 3.0 packageevrstring: openblas-2000.3.15 CVE-ID: CVE-2021-4048 BDU-ID: 2021-05061 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Microsoft Visio vector graphics, diagram and flowchart editor is related to memory usage after memory has be...
Advisory ROSA-SA-2025-2719
Software: sudo 1.9.5p2 OS: ROSA Virtualization 3.0 packageevrstring: sudo-1.9.5p2-1 CVE-ID: CVE-2021-3156 BDU-ID: 2021-00364 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parseargs function of the Sudo system administration program is related to a buffer overflow in dynamic memory. Exploitatio...
Advisory ROSA-SA-2025-2718
Software: sqlite 3.26.0 OS: ROSA Virtualization 3.0 packageevrstring: sqlite-3.26.0-19 CVE-ID: CVE-2019-8457 BDU-ID: 2019-03785 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the rtreenode function of the SQLite database management system is related to a read operation exceeding buffer...
Advisory ROSA-SA-2025-2715
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1.1k-12.0.1 CVE-ID: CVE-2022-1292 BDU-ID: 2022-03181 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library's crehash script implementation is related to failure to take measures to neutralize shell...
Advisory ROSA-SA-2025-2720
Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 packageevrstring: vim-8.0.1763 CVE-ID: CVE-2019-12735 BDU-ID: 2019-03251 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getchar.c library of the Vim text editor is related to the lack of filtering of the "!source" command, which allows arbitrar...
Advisory ROSA-SA-2025-2721
Software: zlib 1.2.11 OS: ROSA Virtualization 3.0 packageevrstring: zlib-1.2.11 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of...
Advisory ROSA-SA-2025-2717
Software: rsyslog 8.2102.0 OS: ROSA Virtualization 3.0 packageevrstring: rsyslog-8.2102.0 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writes beyond buffer boundaries in memory...
Advisory ROSA-SA-2025-2716
Software: perl 5.26.3 OS: ROSA Virtualization 3.0 packageevrstring: perl-5.26.3 CVE-ID: CVE-2020-10878 BDU-ID: 2020-04040 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PLregkindOPn == NOTHING parameter of the Perl programming language interpreter is related to integer overflow. Exploitation of...