1374 matches found
Advisory ROSA-SA-2025-2609
software: shadow-utils 4.10 WASP: ROSA-CHROME packageevrstring: shadow-utils-4.10-7 CVE-ID: CVE-2023-4641 BDU-ID: 2024-02776 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the shadow-utils package involves requesting a password twice and failing to clear the memory buffer. Exploitation of the...
Advisory ROSA-SA-2025-2608
software: pam 1.5.1 OS: ROSA-CHROME packageevrstring: pam-1.5.1-5 CVE-ID: CVE-2024-22365 BDU-ID: 2024-00829 CVE-Crit: LOW CVE-DESC.: A vulnerability in the protectdir pamnamespace.so function of the Linux-PAM authentication module is related to incorrect resource sweep or release. Exploitation of...
Advisory ROSA-SA-2025-2607
software: gnutls 3.8.4 OS: ROSA-CHROME packageevrstring: gnutls-3.8.4-1 CVE-ID: CVE-2024-0553 BDU-ID: 2024-00707 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GnuTLS transport layer cryptographic library is related to a difference in response time when processing an RSA ciphertext in a...
Advisory ROSA-SA-2025-2606
software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-22 CVE-ID: CVE-2023-4692 BDU-ID: 2023-06822 CVE-Crit: LOW CVE-DESC.: A vulnerability in the fs/ntfs.c component of the Grub2 operating systems loader is related to a buffer overflow in dynamic memory. Exploitation of the...
Advisory ROSA-SA-2025-2605
software: libuv 1.44.2 OS: ROSA-CHROME packageevrstring: libuv-1.44.2-2 CVE-ID: CVE-2024-24806 BDU-ID: 2024-02979 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of the libuv asynchronous I/O library is related to insufficient...
Advisory ROSA-SA-2025-2604
software: expat 2.6.2 OS: ROSA-CHROME packageevrstring: expat-2.6.2-1 CVE-ID: CVE-2023-52426 BDU-ID: 2024-04334 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to improper restriction of recursive object references in DTDs. Exploitation of the...
Advisory ROSA-SA-2025-2603
software: dbus 1.12.20 WASP: ROSA-CHROME packageevrstring: dbus-1.12.20-8 CVE-ID: CVE-2022-42010 BDU-ID: 2022-06389 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the D-Bus interprocess communication system is related to the reachability of an assertion in debug assemblies caused by a syntactical...
Advisory ROSA-SA-2025-2602
software: glib2.0 2.72.3 OS: ROSA-CHROME packageevrstring: glib2.0-2.72.3-2 CVE-ID: CVE-2023-32665 BDU-ID: 2023-07655 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Glib library is related to the recovery of invalid data in memory. Exploitation of the vulnerability could allow an attacker to...
Advisory ROSA-SA-2025-2601
software: qt5-qtbase 5.15.10 OS: ROSA-CHROME packageevrstring: qt5-qtbase-5.15.10-3 CVE-ID: CVE-2024-39936 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in HTTP2 in Qt: security decision may be executed too early due to encrypted signal. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2025-2600
software: qt5-qtnetworkauth 5.15.10 WASP: ROSA-CHROME packageevrstring: qt5-qtnetworkauth-5.15.10-2 CVE-ID: CVE-2024-36048 BDU-ID: None CVE-Crit: DATA LOSS. CVE-DESC.: Vulnerability in Qt Network Authorization allows guessing values due to using only time for PRNG initialization. CVE-STATUS: The...
Advisory ROSA-SA-2025-2599
software: binutils 2.38 WASP: ROSA-CHROME packageevrstring: binutils-2.38-5 CVE-ID: CVE-2022-35205 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Binutils allows attackers to perform a denial of service via displaydebugnames. CVE-STATUS: The vulnerability has been resolved CVE-REV: T...
Advisory ROSA-SA-2025-2598
software: glib2.0 2.72.3 OS: ROSA-CHROME packageevrstring: glib2.0-2.72.3-4 CVE-ID: CVE-2023-29499 BDU-ID: 2023-07646 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the isnormal function of the Glib library is associated with uncontrolled resource consumption. Exploitation of the vulnerability coul...
Advisory ROSA-SA-2025-2597
software: packagekit 1.1.13 OS: ROSA-CHROME packageevrstring: packagekit-1.1.13-4 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory. CVE-STATUS: The vulnerability has been resolved. CVE-REV: To close...
Advisory ROSA-SA-2025-2596
software: procps-ng 3.3.17 OS: ROSA-CHROME packageevrstring: procps-ng-3.3.17-4 CVE-ID: CVE-2023-4016 BDU-ID: 2023-07117 CVE-Crit: LOW CVE-DESC.: A vulnerability in the running processes information collection utility ps of the procps-ng command line utility set is related to an operation exceedi...
Advisory ROSA-SA-2025-2595
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-5 CVE-ID: CVE-2024-23638 BDU-ID: 2024-00895 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Squid proxy server is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2025-2594
software: freerdp 2.11.7 OS: ROSA-CHROME packageevrstring: freerdp-2.11.7-1 CVE-ID: CVE-2024-22211 BDU-ID: 2024-00706 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the freerdpbitmapplanarcontextreset function of the FreeRDP RDP client is related to an integer overflow when processing the...
Advisory ROSA-SA-2025-2593
software: qpdf 11.9.1 OS: ROSA-CHROME packageevrstring: qpdf-11.9.1-1 CVE-ID: CVE-2024-24246 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow vulnerability in qpdf allows attackers to cause application crashes via the std::sharedcount function in sharedptrbase.h. CVE-STATUS: The...
Advisory ROSA-SA-2025-2592
software: traceroute 2.1.5 WASP: ROSA-CHROME packageevrstring: traceroute-2.1.5-1 CVE-ID: CVE-2023-46316 BDU-ID: 2023-07542 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the buc Traceroute utility is related to improper handling of lines of code. Exploitation of the vulnerability could allow ...
Advisory ROSA-SA-2025-2591
software: postfix 3.5.25 OS: ROSA-CHROME packageevrstring: postfix-3.5.25-1 CVE-ID: CVE-2023-51764 BDU-ID: 2024-00106 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the smtpd daemon of the Postfix mail server is related to insufficient data authentication when processing string endings other tha...
Advisory ROSA-SA-2025-2590
software: vim 9.1.0754 WASP: ROSA-CHROME packageevrstring: vim-9.1.0754-1 CVE-ID: CVE-2024-41957 BDU-ID: 2024-06478 CVE-Crit: LOW CVE-DESC.: A vulnerability in the tagstackclearentry function of the src/alloc.c file of the vim text editor exists due to a bug in the use of pointers after memory...
Advisory ROSA-SA-2025-2589
software: postgresql 12.20 WASP: ROSA-CHROME packageevrstring: postgresql-12.20-1 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to...
Advisory ROSA-SA-2025-2588
software: assimp 5.0.1 OS: ROSA-CHROME packageevrstring: assimp-5.0.1.1-4 CVE-ID: CVE-2024-40724 BDU-ID: 2024-06186 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the File Handler component of the 3D model import library Open Asset Import Library Assimp is related to a heap buffer overflow...
Advisory ROSA-SA-2025-2587
software: orc 0.4.40 WASP: ROSA-CHROME packageevrstring: orc-0.4.40-1 CVE-ID: CVE-2024-40897 BDU-ID: 2024-06669 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the orcparse.c file of the library for compiling and executing programs that operate on GStreamer ORC data arrays is related to a...
Advisory ROSA-SA-2025-2586
software: nano 8.2 OS: ROSA-CHROME packageevrstring: nano-8.2-3 CVE-ID: CVE-2024-5742 BDU-ID: 2024-06879 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Nano text editor is related to temporary file handling errors. Exploitation of the vulnerability could allow an attacker to impact data integrit...
Advisory ROSA-SA-2025-2584
software: xrdp 0.10.1 OS: ROSA-CHROME packageevrstring: xrdp-0.10.1-2 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts governed ...
Advisory ROSA-SA-2025-2585
software: xorgxrdp 0.10.2 OS: ROSA-CHROME packageevrstring: xorgxrdp-0.10.2-1 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts...
Advisory ROSA-SA-2025-2583
Software: libarchive 3.6.2 OS: ROSA-CHROME packageevrstring: libarchive-3.6.2 CVE-ID: CVE-2024-48957 BDU-ID: 2024-09446 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the executefilteraudio function of the archivereadsupportformatrar.c component of the Libarchive archiving library is related to...
Advisory ROSA-SA-2025-2582
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-8 CVE-ID: CVE-2024-7006 BDU-ID: 2024-06610 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the LibTIFF library involves null pointer dereferencing via tifdirinfo.c. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2025-2581
software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-4 CVE-ID: CVE-2024-1454 BDU-ID: 2024-03243 CVE-Crit: LOW CVE-DESC.: A vulnerability in the AuthentIC driver of the OpenSC smart card software toolkit and libraries is related to memory usage after it has been freed...
Advisory ROSA-SA-2025-2580
software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-2 CVE-ID: CVE-2023-40660 BDU-ID: 2024-02589 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSC smart card software toolkit and libraries is related to the fact that token/card authentication by one process can perform...
Advisory ROSA-SA-2025-2579
software: suricata 6.0.20 WASP: ROSA-CHROME packageevrstring: suricata-6.0.20-2 CVE-ID: CVE-2024-45796 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Suricata allows an attacker to cause a failure in the reassembly of traffic fragments. CVE-STATUS: The vulnerability has been resolved...
Advisory ROSA-SA-2025-2578
software: suricata 6.0.20 WASP: ROSA-CHROME packageevrstring: suricata-6.0.20-1 CVE-ID: CVE-2024-38535 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in Suricata parsing HTTP/2 traffic. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerability, run the command: dnf...
Advisory ROSA-SA-2025-2577
Software: wpasupplicant 2.11 WASP: ROSA-CHROME packageevrstring: wpasupplicant-2.11-3 CVE-ID: CVE-2023-52160 BDU-ID: 2024-01426 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Protected Extensible Authentication Protocol PEAP implementation of the Wi-Fi WPA Supplicant secure access client is...
Advisory ROSA-SA-2025-2576
software: xwayland 23.2.7 WASP: ROSA-CHROME packageevrstring: xwayland-23.2.7-1 CVE-ID: CVE-2024-9632 BDU-ID: 2024-09084 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in dynamic memor...
Advisory ROSA-SA-2025-2575
software: x11-server 1.20.14 OS: ROSA-CHROME packageevrstring: x11-server-1.20.14-11 CVE-ID: CVE-2024-9632 BDU-ID: 2024-09084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in dynamic...
Advisory ROSA-SA-2025-2574
software: libsndfile 1.1.0 OS: ROSA-CHROME packageevrstring: libsndfile-1.1.0-4 CVE-ID: CVE-2024-50612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in libsndfile library: read outside array in oggvorbis.c. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close the...
Advisory ROSA-SA-2025-2573
Software: qbittorrent 4.6.7 OS: ROSA-CHROME packageevrstring: qbittorrent-4.6.7-1 CVE-ID: CVE-2024-51774 BDU-ID: 2024-09433 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cross-platform BitTorrent client qBittorrent is related to improper SSL/TLS certificate authentication. Exploitation of the...
Advisory ROSA-SA-2025-2572
software: squid 5.10 OS: ROSA-CHROME packageevrstring: squid-5.10-1 CVE-ID: CVE-2024-45802 BDU-ID: 2024-08860 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to input processing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cau...
Advisory ROSA-SA-2025-2571
software: ghostscript 9.56.1 OS: ROSA-CHROME packageevrstring: ghostscript-9.56.1-1 CVE-ID: CVE-2024-46956 BDU-ID: 2024-09737 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the psi/zfile.c component of the Ghostscript document processing, conversion, and generation software suite involves reading...
Advisory ROSA-SA-2025-2570
software: php 7.4.33 WASP: ROSA-CHROME packageevrstring: php-7.4.33-11 CVE-ID: CVE-2022-4900 BDU-ID: 2023-02666 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the phpcliserverstartupworkers sapi/cli/phpcliserver.c function of the PHP programming language interpreter is related to an operation...
Advisory ROSA-SA-2025-2569
software: curl 8.7.1 OS: ROSA-CHROME packageevrstring: curl-8.7.1-2 CVE-ID: CVE-2024-9681 BDU-ID: 2024-09106 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability exists in the implementation of the HSTS HTTP Strict Transport Security mechanism of the curl command line utility due to a bug in the...
Advisory ROSA-SA-2025-2568
software: dnsmasq 2.90 WASP: ROSA-CHROME packageevrstring: dnsmasq-2.90-1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted...
Advisory ROSA-SA-2025-2567
software: curl 8.7.1 OS: ROSA-CHROME packageevrstring: curl-8.7.1-1 CVE-ID: CVE-2024-0853 BDU-ID: 2024-01014 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TLS protocol implementation of the cURL command line utility is related to erroneous storage of the session ID as a result of a lack of...
Advisory ROSA-SA-2025-2566
software: x11-server 1.20.14 OS: ROSA-CHROME packageevrstring: x11-server-1.20.14-6 CVE-ID: CVE-2023-6377 BDU-ID: 2024-00457 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the xorg-x11-server package is related to the use of memory after it has been freed when processing Button Action objects...
Advisory ROSA-SA-2025-2565
software: mcpp 2.7.2 OS: ROSA-CHROME packageevrstring: mcpp-2.7.2-14 CVE-ID: CVE-2019-14274 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap-based buffer overflow vulnerability in MCPP in domsg in support.c. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close the vulnerability, run the...
Advisory ROSA-SA-2025-2564
Software: thunderbird 115.9.0 OS: rosa-server79 packageevrstring: thunderbird-115.9.0-1.0.1.res7 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain...
Advisory ROSA-SA-2025-2563
Software: firefox 128.4.0 OS: rosa-server79 packageevrstring: firefox-128.4.0-1.0.1.res7 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special form...
Advisory ROSA-SA-2025-2562
Software: xerces-c 3.1.1 OS: rosa-server79 packageevrstring: xerces-c-3.1.1-10.0.1.res7 CVE-ID: CVE-2023-37536 BDU-ID: 2023-06960 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Heerces C++ library of the BigFix Platform IT Collaborative Management Platform is caused by an integer overflow...
Advisory ROSA-SA-2025-2561
Software: tuned 2.11.0 OS: rosa-server79 packageevrstring: tuned-2.11.0-12.0.1.res7 CVE-ID: CVE-2024-52337 BDU-ID: 2024-10906 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the instancecreate method of the tuned system device monitoring and adaptive tuning program is related to insufficient input...
Advisory ROSA-SA-2025-2560
Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.5.res7.10 CVE-ID: CVE-2024-45802 BDU-ID: 2024-08860 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to input processing errors. Exploitation of the vulnerability could allow an attacker...