1374 matches found
Advisory ROSA-SA-2025-2702
Software: ipmitool 1.8.18 OS: ROSA Virtualization 3.0 packageevrstring: ipmitool-1.8.18 CVE-ID: CVE-2020-5208 BDU-ID: 2020-03947 CVE-Crit: HIGH CVE-DESC.: An implementation vulnerability in multiple functions readfruarea, readfruareasection, ipmispdprintfru, ipmigetsessioninfo,...
Advisory ROSA-SA-2025-2701
Software: gzip 1.9 OS: ROSA Virtualization 3.0 packageevrstring: gzip-1.9 CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker acting remotely to...
Advisory ROSA-SA-2025-2706
Software: libksba 1.3.5 OS: ROSA Virtualization 3.0 packageevrstring: libksba-1.3.5-9 CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X.509 certificate function-providing library LibKSBA is related to an integer overflow in the CRL parser. Exploitation of...
Advisory ROSA-SA-2025-2708
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9 CVE-ID: CVE-2018-18557 BDU-ID: 2019-00884 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the JBIGDecode function "tifjbig.c" of the LibTIFF library for viewing, editing, and converting TIFF files involves bugs th...
Advisory ROSA-SA-2025-2712
Software: lz4 1.8.3 OS: ROSA Virtualization 3.0 packageevrstring: lz4-1.8.3-3.0.1 CVE-ID: CVE-2021-3520 BDU-ID: 2021-05259 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the memmove function of the LZ4 lossless data compression algorithm is related to an operation exceeding the allowable data buffe...
Advisory ROSA-SA-2025-2704
Software: libarchive 3.3.2003 OS: ROSA Virtualization 3.0 packageevrstring: libarchive-3.3.2003 CVE-ID: CVE-2022-36227 BDU-ID: 2022-07496 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the calloc function of the libarchive archiving library is related to pointer dereferencing errors...
Advisory ROSA-SA-2025-2711
Software: libxslt 1.1.32 OS: ROSA Virtualization 3.0 packageevrstring: libxslt-1.1.32 CVE-ID: CVE-2019-11068 BDU-ID: 2019-04263 CVE-Crit: CRITICAL. CVE-DESC.: An XSLT C vulnerability in the libxslt library is related to access control flaws. Exploitation of the vulnerability could allow an attack...
Advisory ROSA-SA-2025-2709
Software: libX11 1.6.8 OS: ROSA Virtualization 3.0 packageevrstring: libX11-1.6.8-6.0.1 CVE-ID: CVE-2021-31535 BDU-ID: 2021-02747 CVE-Crit: LOW CVE-DESC.: A vulnerability in the XLookupColor function of the libX11 library is related to insufficient input validation. Exploitation of the...
Advisory ROSA-SA-2025-2707
Software: libtasn1 4.13 OS: ROSA Virtualization 3.0 packageevrstring: libtasn1-4.13 CVE-ID: CVE-2021-46848 BDU-ID: 2022-06694 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1encodesimpleder function of the Libtasn1 library is related to a single offset error. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2025-2710
Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1 CVE-ID: CVE-2021-3518 BDU-ID: 2021-05283 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xinclude.c component of the Libxml2 library is related to memory usage after it has been freed. Exploitation of th...
Advisory ROSA-SA-2025-2703
Software: jbig2dec 0.16 OS: ROSA Virtualization 3.0 packageevrstring: jbig2dec-0.16 CVE-ID: CVE-2020-12268 BDU-ID: 2022-05687 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the jbig2imagecompose function of the jbig2imagecompose component of the jbig2image.c decoder of the JBIG2 Jbig2dec image...
Advisory ROSA-SA-2025-2705
Software: libjpeg-turbo 1.5.2003 OS: ROSA Virtualization 3.0 packageevrstring: libjpeg-turbo-1.5.2003 CVE-ID: CVE-2020-17541 BDU-ID: 2023-07622 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the Libjpeg-turbo image manipulation library is related to writing beyond buffer boundaries. Exploitatio...
Advisory ROSA-SA-2025-2700
Software: dnsmasq 2.79 OS: ROSA Virtualization 3.0 packageevrstring: dnsmasq-2.79-31 CVE-ID: CVE-2020-25681 BDU-ID: 2021-01117 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sortrrset function dnssec.c of the dnsmasq DNS server is related to a buffer overflow in dynamic memory. Exploitation of...
Advisory ROSA-SA-2025-2698
Software: perl-CPAN 2.18 OS: ROSA Virtualization 3.0 packageevrstring: perl-CPAN-2.18-397.0.1 CVE-ID: CVE-2023-31484 BDU-ID: 2023-03871 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CPAN.pm component of the Perl programming language is related to errors in the TLS certificate authentication...
Advisory ROSA-SA-2025-2699
Software: perl-HTTP-Tiny 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-HTTP-Tiny-0.074-2 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authentication...
Advisory ROSA-SA-2025-2696
Software: systemd 239 OS: ROSA Virtualization 3.0 packageevrstring: systemd-239-78.0.1 CVE-ID: CVE-2019-3843 BDU-ID: 2022-00318 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the systemd service initialization and management subsystem is related to improper privilege assignment. Exploitation of...
Advisory ROSA-SA-2025-2697
Software: tomcat 9.0.62 OS: ROSA Virtualization 3.0 packageevrstring: tomcat-9.0.62-30.0.2 CVE-ID: CVE-2022-29885 BDU-ID: 2022-03434 CVE-Crit: HIGH CVE-DESC.: An implementation vulnerability in the EncryptInterceptor class of the Apache Tomcat application server is related to incomplete program...
Advisory ROSA-SA-2025-2695
Software: shim 15.6 OS: ROSA Virtualization 3.0 packageevrstring: shim-15.6 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2694
Software: samba 4.17.12 OS: ROSA Virtualization 3.0 packageevrstring: samba-4.17.12 CVE-ID: CVE-2022-38023 BDU-ID: 2022-06830 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Netlogon Remote Protocol MS-NRPC implementation of Windows operating systems is due to errors in security settings...
Advisory ROSA-SA-2025-2692
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 packageevrstring: gnutls-3.6.16-8 CVE-ID: CVE-2021-20231 BDU-ID: 2022-00206 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the keyshare extension of the GnuTLS transport layer security library is related to memory usage after it has been freed...
Advisory ROSA-SA-2025-2691
Software: dnsmasq 2.79 OS: ROSA Virtualization 3.0 packageevrstring: dnsmasq-2.79-31 CVE-ID: CVE-2020-25682 BDU-ID: 2021-01118 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the extractname function rfc1035.c of the dnsmasq DNS server is related to a buffer overflow in dynamic memory. Exploitation ...
Advisory ROSA-SA-2025-2693
Software: pcre2 10.34 OS: ROSA Virtualization 3.0 packageevrstring: pcre2-10.34-9.0.3 CVE-ID: CVE-2022-1586 BDU-ID: 2022-03770 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the compilexclassmatchingpath function of the PCRE2 library is related to reading data beyond buffer boundaries in memory...
Advisory ROSA-SA-2025-2688
Software: perl 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-0.074-2 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authentication procedure. Exploitatio...
Advisory ROSA-SA-2025-2689
Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...
Advisory ROSA-SA-2025-2690
Software: zabbix 6.0.12 OS: ROSA Virtualization 3.0 packageevrstring: zabbix-6.0.12-1.0.1 CVE-ID: CVE-2023-32724 BDU-ID: 2024-06936 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System is related to improper assignment of permissions for a critical resource...
Advisory ROSA-SA-2025-2687
Software: pango 1.42.4 OS: ROSA Virtualization 3.0 packageevrstring: pango-1.42.4-8 CVE-ID: CVE-2019-1010238 BDU-ID: 2019-02871 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the pangolog2visgetembeddinglevels function of the Pango library is related to an operation exceeding buffer boundaries...
Advisory ROSA-SA-2025-2685
Software: nettle 3.4.1 OS: ROSA Virtualization 3.0 packageevrstring: nettle-3.4.1-7 CVE-ID: CVE-2021-20305 BDU-ID: 2021-02748 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the signature verification functions GOST DSA, EDDSA, and ECDSA of the Nettle library is related to flaws in the cryptographic...
Advisory ROSA-SA-2025-2683
Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-148.0.3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2682
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-11.0.1 CVE-ID: CVE-2019-14813 BDU-ID: 2019-03227 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the setsystemparams procedure of the PostScript Ghostscript file format conversion program is related to...
Advisory ROSA-SA-2025-2686
Software: openldap 2.4.46 OS: ROSA Virtualization 3.0 packageevrstring: openldap-2.4.46-18.0.1 CVE-ID: CVE-2022-29155 BDU-ID: 2022-03203 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the OpenLDAP protocol implementation is related to failure to take measures to protect the SQL query structure...
Advisory ROSA-SA-2025-2681
Software: fuse 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: fuse-2.9.7-16.0.1 CVE-ID: CVE-2018-10906 BDU-ID: 2019-00421 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the fusermount module of the file system driver for UNIX-like operating systems FUSE is related to a restriction bypass wh...
Advisory ROSA-SA-2025-2680
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2023-27533 BDU-ID: 2023-02107 CVE-Crit: LOW CVE-DESC.: A vulnerability in the curl program line utility is related to communication using the TELNET protocol, which could allow an attacker to pass a...
Advisory ROSA-SA-2025-2684
Software: libwebp 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: libwebp-1.0.0.0-8.0.1 CVE-ID: CVE-2018-25011 BDU-ID: 2021-03099 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to a buffer overflow in the "heap"...
Advisory ROSA-SA-2025-2679
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent PUT an...
Advisory ROSA-SA-2025-2677
software: qt4 4.8.7 OS: ROSA-CHROME packageevrstring: qt4-4.8.7-18 CVE-ID: CVE-2023-32763 BDU-ID: 2023-03802 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the QTextLayout component of the Qt cross-platform software development framework is related to buffer copying without input validation...
Advisory ROSA-SA-2025-2676
software: python3 3.8.13 WASP: ROSA-CHROME packageevrstring: python3-3.8.13-6 CVE-ID: CVE-2020-10735 BDU-ID: 2022-05599 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Python programming language interpreter is related to errors in the conversion of int and str data types. Exploitation of the...
Advisory ROSA-SA-2025-2674
software: libssh 0.9.8 OS: ROSA-CHROME packageevrstring: libssh-0.9.8-1 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and...
Advisory ROSA-SA-2025-2675
software: libssh2 1.10.0 OS: ROSA-CHROME packageevrstring: libssh2-1.10.0-3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process...
Advisory ROSA-SA-2025-2673
software: curl 8.5.0 WASP: ROSA-CHROME packageevrstring: curl-8.5.0-1 CVE-ID: CVE-2023-46218 BDU-ID: 2024-02420 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the cURL command-line utility is related to the installation of "supercookie files" in Curl, which are then passed back to more sources...
Advisory ROSA-SA-2025-2672
software: rxvt 2.7.10 OS: ROSA-CHROME packageevrstring: rxvt-2.7.10 CVE-ID: CVE-2021-33477 BDU-ID: 2021-04892 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Eterm, Mrxyt, Rxyt, Rxyt-unicode software is related to improper processing of certain control sequences. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2671
software: shapelib 1.5.0 AXIS: ROSA-CHROME packageevrstring: shapelib-1.5.0-2 CVE-ID: CVE-2022-0699 BDU-ID: 2022-06588 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the implementation of the malloc function of the shapelib library is related to double memory freeing. Exploitation of the...
Advisory ROSA-SA-2025-2670
software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.7 CVE-ID: CVE-2024-21626 BDU-ID: 2024-00973 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Runc isolated container launch tool is related to a flaw in the controlled area delimitations of the system. Exploitation of the vulnerabili...
Advisory ROSA-SA-2025-2669
software: python3 3.8.13 WASP: ROSA-CHROME packageevrstring: python3-3.8.13 CVE-ID: CVE-2015-20107 BDU-ID: 2022-03962 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the mailcap module of the Python programming language interpreter is related to insufficient validation of arguments passed to a...
Advisory ROSA-SA-2025-2668
software: sox 14.4.2 OS: ROSA-CHROME packageevrstring: sox-14.4.2-6 CVE-ID: CVE-2022-31650 BDU-ID: 2023-01722 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lsxaiffstartwrite function of the aiff.c component of the Sound eXchange audio editor is related to insufficient comparison. Exploitation ...
Advisory ROSA-SA-2025-2667
software: sqlite 3.41.2 OS: ROSA-CHROME packageevrstring: sqlite-3.41.2-2 CVE-ID: CVE-2023-7104 BDU-ID: 2024-00480 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sessionReadRecord function of the ext/session/sqlite3session.c file of the SQLite database management system is related to a buffer...
Advisory ROSA-SA-2025-2666
software: postgresql 15.4 WASP: ROSA-CHROME packageevrstring: postgresql-15.4 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...
Advisory ROSA-SA-2025-2665
software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16 CVE-ID: CVE-2023-5868 BDU-ID: 2023-07905 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the lack of service data protection in function calls with aggregation...
Advisory ROSA-SA-2025-2664
software: openvswitch 2.17.8 OS: ROSA-CHROME packageevrstring: openvswitch-2.17.8 CVE-ID: CVE-2023-5366 BDU-ID: 2024-03244 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Open vSwitch OvS software tiered switch is related to insufficient data authentication. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2663
Software: sysstat 12.7.2 OS: ROSA-CHROME packageevrstring: sysstat-12.7.2 CVE-ID: CVE-2023-33204 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in sysstat allows an attacker to perform multiplication with integer overflow due to an incomplete fix for vulnerability CVE-2022-39377...
Advisory ROSA-SA-2025-2662
software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...