1374 matches found
Advisory ROSA-SA-2025-2661
software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3 CVE-ID: CVE-2023-47100 BDU-ID: 2023-08382 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Sparseunipropstring function of the regcomp.c file of the Perl programming language interpreter is related to an operation exceeding...
Advisory ROSA-SA-2025-2660
Software: tcpdump 4.99.4 OS: ROSA-CHROME packageevrstring: tcpdump-4.99.4-2 CVE-ID: CVE-2018-16301 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in tcpdump: buffer overflow on processing command line arguments. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerabilit...
Advisory ROSA-SA-2025-2659
software: openslp 2.0.0 WASP: ROSA-CHROME packageevrstring: openslp-2.0.0 CVE-ID: CVE-2016-4912 BDU-ID: None CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in OpenSLP allows remote attackers to cause a denial of service via a large number of specially crafted packets. CVE-STATUS: The vulnerability...
Advisory ROSA-SA-2025-2658
software: tidy 5.7.28 WASP: ROSA-CHROME packageevrstring: tidy-5.7.28-2 CVE-ID: CVE-2021-33391 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in HTML Tidy's HTACG allows an attacker to execute arbitrary code via the -g option of the CleanNode function in gdoc.c. CVE-STATUS: The...
Advisory ROSA-SA-2025-2657
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0 CVE-ID: CVE-2022-4645 BDU-ID: 2023-05401 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility tools/tiffcp.c:948 of the libtiff library involves reading beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2656
Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5 CVE-ID: CVE-2024-24575 BDU-ID: 2024-01378 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/libgit2/revparse.c component of the C Libgit2 implementation of Git methods is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2025-2654
software: unifdef 2.12 WASP: ROSA-CHROME packageevrstring: unifdef-2.12-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...
Advisory ROSA-SA-2025-2655
Software: webkit4 2.44.1 OS: ROSA-CHROME packageevrstring: webkit4-2.44.1-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...
Advisory ROSA-SA-2025-2653
software: libbacktrace 1.0 WASP: ROSA-CHROME packageevrstring: libbacktrace-1.0-1.gitcdb64b.3 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error...
Advisory ROSA-SA-2025-2652
software: libebml 1.4.4 OS: ROSA-CHROME packageevrstring: libebml-1.4.4 CVE-ID: CVE-2023-52339 BDU-ID: 2024-02535 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the MemIOCallback.cpp file of the C++ libebml library is related to integer overflow. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2025-2651
software: libde265 1.0.14 OS: ROSA-CHROME packageevrstring: libde265-1.0.14 CVE-ID: CVE-2023-4965 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in phpipam allows a remote attacker to perform an open redirect via the Header Handler component. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2025-2650
Software: webmin 2.105 WASP: ROSA-CHROME packageevrstring: webmin-2.105-1 CVE-ID: CVE-2022-3844 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Webmin allows basic client-side scripting to be run via the xterm/index.cgi function. CVE-STATUS: The vulnerability has been resolved CVE-REV...
Advisory ROSA-SA-2025-2649
software: jasper 2.0.32 WASP: ROSA-CHROME packageevrstring: jasper-2.0.32 CVE-ID: CVE-2023-51257 BDU-ID: 2024-00902 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the jasimagedecode function of the JasPer library set's JPC encoder is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2025-2648
software: ghostscript 9.54.0 OS: ROSA-CHROME packageevrstring: ghostscript-9.54.0 CVE-ID: CVE-2023-43115 BDU-ID: 2023-06329 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the gdevijs.c component of the Ghostscript document processing software suite is related to incorrect code generation...
Advisory ROSA-SA-2025-2647
software: fuseiso 20070708 WASP: ROSA-CHROME packageevrstring: fuseiso-20070708-12 CVE-ID: CVE-2015-8836 BDU-ID: 2016-00922 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the isofsrealreadzf isofs.c function of the FuseISO disk image mount software tool is caused by an integer overflow...
Advisory ROSA-SA-2025-2646
software: python2 2.7.18 WASP: ROSA-CHROME packageevrstring: python2-2.7.18-7 CVE-ID: CVE-2022-0391 BDU-ID: 2022-02302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the urllib.parse module of the Python programming language interpreter is related to the non-neutralization of CRLF sequences...
Advisory ROSA-SA-2025-2645
software: binutils 2.38 WASP: ROSA-CHROME packageevrstring: binutils-2.38-4 CVE-ID: CVE-2023-1972 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Buffer overflow vulnerability in bfdselfslurpversiontables in bfd/self.c could cause loss of availability. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2025-2644
Software: fonttools 4.28.5 WASP: ROSA-CHROME packageevrstring: fonttools-4.28.5 CVE-ID: CVE-2023-45139 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An XML External Entity Injection XXE vulnerability in the fontTools library allows an attacker to access arbitrary files or execute web requests. CVE-STATU...
Advisory ROSA-SA-2025-2643
software: dcmtk 3.6.6 OS: ROSA-CHROME packageevrstring: dcmtk-3.6.6 CVE-ID: CVE-2022-2119 BDU-ID: 2023-03840 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the DICOM DCMTK format library is related to flaws in the directory path name restriction. Exploitation of the vulnerability allows an...
Advisory ROSA-SA-2025-2642
software: audiofile 0.3.6 OS: ROSA-CHROME packageevrstring: audiofile-0.3.6 CVE-ID: CVE-2020-18781 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow vulnerability in audiofile could cause a denial of service via a specially crafted wav file. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2641
Software: qemu 7.2.7 OS: ROSA-CHROME packageevrstring: qemu-7.2.7-1 CVE-ID: CVE-2023-3301 BDU-ID: 2024-04418 CVE-Crit: LOW CVE-DESC.: A vulnerability in the virtio-net interface of the QEMU hardware emulator is related to the asynchronous nature of the shutdown allowing a race scenario...
Advisory ROSA-SA-2025-2640
software: newmoon 33.3.0 WASP: ROSA-CHROME packageevrstring: newmoon-33.3.0 CVE-ID: CVE-2024-9396 BDU-ID: 2024-09265 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to an operation exceeding buffer boundaries in memor...
Advisory ROSA-SA-2025-2639
software: faad2 2.11.1 OS: ROSA-CHROME packageevrstring: faad2-2.11.1-1 CVE-ID: CVE-2023-38858 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Buffer overflow vulnerability in infaad2 allows a remote attacker to execute arbitrary code via the mp4info function. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2638
software: heimdal 7.8.0 WASP: ROSA-CHROME packageevrstring: heimdal-7.8.0-2 CVE-ID: CVE-2022-45142 BDU-ID: 2023-02156 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Kerberos5 heimdal protocol implementation is related to incorrect validation of the integrity check value. Exploitation of the...
Advisory ROSA-SA-2025-2637
software: glibc 2.33 AXIS: ROSA-CHROME packageevrstring: glibc-2.33-10.git1a2009.2 CVE-ID: CVE-2023-4806 BDU-ID: 2024-00852 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the GNU C library glibc is related to memory usage after it has been freed. Exploitation of the...
Advisory ROSA-SA-2025-2636
software: audiofile 0.3.6 OS: ROSA-CHROME packageevrstring: audiofile-0.3.6 CVE-ID: CVE-2015-7747 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow vulnerability in audiofile allows an attacker to cause a denial of service or execute arbitrary code through a specially crafted audio file...
Advisory ROSA-SA-2025-2635
software: ncurses 6.2 WASP: ROSA-CHROME packageevrstring: ncurses-6.2 CVE-ID: CVE-2023-29491 BDU-ID: 2023-05772 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the ncurses terminal I/O control library is related to the ability to write beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2634
Software: OpenImageIO 2.2.20.0 OS: ROSA-CHROME packageevrstring: OpenImageIO-2.2.20.0-6 CVE-ID: CVE-2023-36183 BDU-ID: 2023-07656 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the readimg function of the OpenImageIO image processing library involves buffer copying without input validation...
Advisory ROSA-SA-2025-2633
software: mosquitto 2.0.15 WASP: ROSA-CHROME packageevrstring: mosquitto-2.0.15 CVE-ID: CVE-2023-0809 BDU-ID: 2024-04210 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CONNECT component of the Eclipse Mosquitto message broker is related to memory allocation based on an unreliable value of lar...
Advisory ROSA-SA-2025-2632
software: yt-dlp 2023.07.06 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.07.06-2 CVE-ID: CVE-2023-40581 BDU-ID: 2023-06330 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the yt-dlp audio and video download utility due to failure to take measures to neutralize special elements. Exploitatio...
Advisory ROSA-SA-2025-2631
software: libheif 1.12.0 WASP: ROSA-CHROME packageevrstring: libheif-1.12.0-4 CVE-ID: CVE-2021-36410 BDU-ID: 2023-01688 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the putepelhvfallback function of the fallback-motion.cc component of the h.265 Libde265 video codec implementation is related to...
Advisory ROSA-SA-2025-2630
software: libde265 1.0.14 OS: ROSA-CHROME packageevrstring: libde265-1.0.14-1 CVE-ID: CVE-2021-36410 BDU-ID: 2023-01688 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the putepelhvfallback function of the fallback-motion.cc component of the h.265 Libde265 video codec implementation is related to...
Advisory ROSA-SA-2025-2629
software: jackson-databind 2.9.9.3 OS: ROSA-CHROME packageevrstring: jackson-databind-2.9.9.9.3 CVE-ID: CVE-2019-14540 BDU-ID: 2019-04085 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FasterXML com.zaxxer.hikari.HikariConfig function of the Java library for grammar parsing JSON files...
Advisory ROSA-SA-2025-2628
Software: libvncserver 0.9.13 OS: ROSA-CHROME packageevrstring: libvncserver-0.9.13-2 CVE-ID: CVE-2020-29260 BDU-ID: 2024-06666 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rfbClientCleanup function of the libvncclient component of the libvncclient cross-platform LibVNCServer library is relat...
Advisory ROSA-SA-2025-2627
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-6 CVE-ID: CVE-2023-3576 BDU-ID: 2023-05973 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility of the LibTIFF library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2626
software: leptonica 1.82.0 WASP: ROSA-CHROME packageevrstring: leptonica-1.82.0-1 CVE-ID: CVE-2020-36277 BDU-ID: 2021-05306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Leptonica image processing library involves the implementation of an incorrect control flow. Exploitation of the...
Advisory ROSA-SA-2025-2625
software: postgresql 12.17 WASP: ROSA-CHROME packageevrstring: postgresql-12.17-2 CVE-ID: CVE-2024-0985 BDU-ID: 2024-01121 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the REFRESH MATERIALIZED VIEW CONCURRENTLY function of the PostgreSQL database management system involves privilege management...
Advisory ROSA-SA-2025-2624
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-6 CVE-ID: CVE-2024-25062 BDU-ID: 2024-01415 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to memory usage after it is...
Advisory ROSA-SA-2025-2623
software: ghostscript10 10.02.1 OS: ROSA-CHROME packageevrstring: ghostscript10-10.02.1-3 CVE-ID: CVE-2024-29506 BDU-ID: 2024-05558 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the pdfiapplyfilter function of the Ghostscript document processing, conversion, and generation software suite is...
Advisory ROSA-SA-2025-2622
software: ghostscript 9.54.0 OS: ROSA-CHROME packageevrstring: ghostscript-9.54.0-11 CVE-ID: CVE-2023-38559 BDU-ID: 2023-07662 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the devnpcxwriterle function of the base/gdevdevdevn.c component of the Ghostscript document processing software suite...
Advisory ROSA-SA-2025-2621
software: xerces-j2 2.12.0 WASP: ROSA-CHROME packageevrstring: xerces-j2-2.12.0-4 CVE-ID: CVE-2022-23437 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Xerces Java XercesJ XML parser causes it to hang in an infinite loop when processing specially crafted XML documents...
Advisory ROSA-SA-2025-2620
software: lua 5.3.6 WASP: ROSA-CHROME packageevrstring: lua-5.3.6-1 CVE-ID: CVE-2020-15945 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Lua: Vulnerability segmentation fault due to incorrect update of oldpc value during function control return. CVE-STATUS: Vulnerability resolved CVE-REV: To close the...
Advisory ROSA-SA-2025-2618
software: libid3tag 0.15.1b WASP: ROSA-CHROME packageevrstring: libid3tag-0.15.1b-24 CVE-ID: CVE-2017-11550 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libid3tag allows remote attackers to cause a denial of service via a special mp3 file. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2617
software: openssl 1.1.1w OS: ROSA-CHROME packageevrstring: openssl-1.1.1.1w-3 CVE-ID: CVE-2023-5678 BDU-ID: 2023-08615 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DHgeneratekey function of the OpenSSL library is related to the generation of excessively long X9.42 DH keys. Exploitation of t...
Advisory ROSA-SA-2025-2616
software: opusfile 0.12 WASP: ROSA-CHROME packageevrstring: opusfile-0.12-3 CVE-ID: CVE-2022-47021 BDU-ID: 2023-00624 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the opgetdata and opopen1 opusfile.c functions in the xiph of the opusfile stream decoder library is related to null pointer...
Advisory ROSA-SA-2025-2615
Software: wireshark 4.0.12 OS: ROSA-CHROME packageevrstring: wireshark-4.0.12-1 CVE-ID: CVE-2023-6174 BDU-ID: 2023-08355 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH dissector of the Wireshark computer network traffic analyzer is related to insufficient cleaning of special elements in the...
Advisory ROSA-SA-2025-2614
software: yt-dlp 2023.09.24 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.09.24-1 CVE-ID: CVE-2023-46121 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in yt-dlp allows an attacker to perform a MITM attack and gain access to a cookie. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2025-2613
software: avahi 0.8 WASP: ROSA-CHROME packageevrstring: avahi-0.8-12.git35bb1b.3 CVE-ID: CVE-2021-3468 BDU-ID: 2022-05709 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the clientwork function of the Avahi LAN service discovery system is related to the execution of a loop with an unreachable exi...
Advisory ROSA-SA-2025-2611
software: coreutils 8.32 OS: ROSA-CHROME packageevrstring: coreutils-8.32-5 CVE-ID: CVE-2024-0684 BDU-ID: 2024-00722 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the linebytessplit function src/split.c of the GNU Core Utilities GNU Coreutils suite of system utilities is related to a buffer...
Advisory ROSA-SA-2025-2610
software: vim 9.1.0104 WASP: ROSA-CHROME packageevrstring: vim-9.1.0104-1 CVE-ID: CVE-2024-22667 BDU-ID: 2024-02840 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Didsetlangmap function of the vim text editor involves calling sprintf to write to an error buffer that is passed to option callba...