1374 matches found
Advisory ROSA-SA-2025-2559
Software: krb5 1.15.1 OS: rosa-server79 packageevrstring: krb5-1.15.1-55.0.7.res7 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through capture-replay o...
Advisory ROSA-SA-2025-2558
Software: libsoup 2.62.2 OS: rosa-server79 packageevrstring: libsoup-2.62.2-2.0.1.res7 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in GNOME libsoup allows HTTP request smuggling attack due to ignoring '\0' characters at the end of header names. CVE-STATUS: The...
Advisory ROSA-SA-2025-2557
Software: giflib 4.1.6 OS: rosa-server79 packageevrstring: giflib-4.1.6-9.0.1.1.res7 CVE-ID: CVE-2023-48161 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer Overflow vulnerability in GifLib allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function. CVE-STATUS: The...
Advisory ROSA-SA-2025-2556
Software: cups-filters 1.0.35 OS: rosa-server79 packageevrstring: cups-filters-1.0.35-29.0.2.res7 CVE-ID: CVE-2024-47176 BDU-ID: 2024-07643 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cups-browsed daemon of the CUPS print server is associated with the use of dangerous methods or functions...
Advisory ROSA-SA-2025-2555
Software: cups 1.6.3 OS: rosa-server79 packageevrstring: cups-1.6.3-52.res7 CVE-ID: CVE-2023-32360 BDU-ID: 2023-07653 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authentication procedure. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2025-2554
Software: libcaca 0.99 OS: rosa-server79 packageevrstring: libcaca-0.99-0.40.beta20.res7 CVE-ID: CVE-2018-20545 BDU-ID: 2019-01073 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the loadimage src/common-image.c function of the libcaca graphics library involves an integer overflow. Exploitation of t...
Advisory ROSA-SA-2025-2553
Software: rsync 3.1.2 OS: rosa-server79 packageevrstring: rsync-3.1.2-12.0.1.res7 CVE-ID: CVE-2017-16548 BDU-ID: 2021-01395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the receivexattr function in xattrs.c of the Rsync file transfer and synchronization utility is related to the lack of a check f...
Advisory ROSA-SA-2025-2552
Software: perl 5.16.3 OS: rosa-server79 packageevrstring: perl-5.16.3-299.0.2.res7 CVE-ID: CVE-2015-8853 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Perl allows an attacker to cause a denial of service via crafted utf-8 data. CVE-STATUS: The vulnerability has been resolved. CVE-RE...
Advisory ROSA-SA-2025-2551
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.6.res7 CVE-ID: CVE-2018-20685 BDU-ID: 2019-00773 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is caused by errors in the validation of the scp.c directory name in the scp clien...
Advisory ROSA-SA-2025-2550
Software: openldap 2.4.44 OS: rosa-server79 packageevrstring: openldap-2.4.44-25.0.2.res7 CVE-ID: CVE-2019-13057 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in OpenLDAP allows a server administrator with rootDN privileges to request authorization as another user from a different...
Advisory ROSA-SA-2025-2549
Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.3.res7 CVE-ID: CVE-2018-19478 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Artifex Ghostscript allows an attacker to run a lengthy calculation when processing a PDF file. CVE-STATUS: The vulnerabili...
Advisory ROSA-SA-2024-2548
software: kubernetes 1.25.16 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.16-1 CVE-ID: CVE-2023-5528 BDU-ID: 2023-07938 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient input...
Advisory ROSA-SA-2024-2547
software: virglrenderer 0.8.1 OS: ROSA-CHROME packageevrstring: virglrenderer-0.8.1-4 CVE-ID: CVE-2020-8002 BDU-ID: 2023-00917 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vrendrenderer.c component of the Virglrenderer virtual OpenGL renderer is related to pointer dereferencing errors...
Advisory ROSA-SA-2024-2546
software: tinyxml 2.6.2 OS: ROSA-CHROME packageevrstring: tinyxml-2.6.2-8 CVE-ID: CVE-2021-42260 BDU-ID: 2022-06895 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TiXmlParsingData::Stamp function of the tinyxmlParser.cpp component of the TinyXML XML parser is related to the execution of a loop...
Advisory ROSA-SA-2024-2544
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-6 CVE-ID: CVE-2020-13943 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An HTTP/2 vulnerability in Apache Tomcat allows an attacker to access unwanted resources. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close t...
Advisory ROSA-SA-2024-2543
software: trousers 0.3.14 WASP: ROSA-CHROME packageevrstring: trousers-0.3.14-5 CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in TrouSerS: Vulnerability to create system.data files when running the tcsd daemon with root privileges. CVE-STATUS: The vulnerability has...
Advisory ROSA-SA-2024-2542
Software: vorbis-tools 1.4.2 OS: ROSA-CHROME packageevrstring: vorbis-tools-1.4.2-3 CVE-ID: CVE-2023-43361 BDU-ID: 2024-02625 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Vorbis-tools package is related to the ability to write beyond buffer boundaries in memory when converting wav files to og...
Advisory ROSA-SA-2024-2540
software: wavpack 5.3.0 OS: ROSA-CHROME packageevrstring: wavpack-5.3.0-3 CVE-ID: CVE-2020-35738 BDU-ID: 2021-00777 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the WavpackPackSamples function of the packutils.c component of the WavPack audio codec is related to an operation exceeding the allowed...
Advisory ROSA-SA-2024-2541
software: tcl 8.6.13 WASP: ROSA-CHROME packageevrstring: tcl-8.6.13-1 CVE-ID: CVE-2021-35331 BDU-ID: 2022-01774 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nmakehlp.c component of the Tcl programming language is related to insufficient format string handling. Exploitation of the...
Advisory ROSA-SA-2024-2539
software: zabbix5.0 5.0.40 WASP: ROSA-CHROME packageevrstring: zabbix5.0-5.0.40-1 CVE-ID: CVE-2023-32721 BDU-ID: 2023-06803 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System interface is related to insufficient input validation when processing the URL field of th...
Advisory ROSA-SA-2024-2538
software: libgsf 1.14.53 WASP: ROSA-CHROME packageevrstring: libgsf-1.14.53-1 CVE-ID: CVE-2024-42415 BDU-ID: 2024-08625 CVE-Crit: HIGH CVE-DESC.: A vulnerability in The GNOME Project's structured file library libgsf involves a dynamic memory-based integer overflow when processing the sector...
Advisory ROSA-SA-2024-2537
Software: openjpeg2 2.4.0 OS: ROSA-CHROME packageevrstring: openjpeg2-2.4.0-3 CVE-ID: CVE-2022-1122 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The opj2decompress program in openjpeg2 has discovered a flaw in the way it handles an input directory with a large number of files. When the program fails ...
Advisory ROSA-SA-2024-2536
software: re2c 3.1 AXIS: ROSA-CHROME packageevrstring: re2c-3.1-1 CVE-ID: CVE-2022-23901 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: The re2c 2.2 stack overflow is due to infinite recursion issues in src/dfa/deadrules.cc. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update re2c...
Advisory ROSA-SA-2024-2535
software: cacti 1.2.25 AXIS: ROSA-CHROME packageevrstring: cacti-1.2.25-2 CVE-ID: CVE-2023-46490 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A SQL injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in managers.php. CVE-STATU...
Advisory ROSA-SA-2024-2534
software: zchunk 1.2.2 OS: ROSA-CHROME packageevrstring: zchunk-1.2.2.2-2 CVE-ID: CVE-2023-46228 BDU-ID: 2023-07324 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c components of the RPM zchunk file size reduction software...
Advisory ROSA-SA-2024-2533
Software: imlib2 1.4.9 OS: rosa-server79 packageevrstring: imlib2-1.4.9-1.res7 CVE-ID: CVE-2014-9762 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: imlib2 allows remote attackers to cause a denial of service segmentation error using a GIF image without a color map. CVE-STATUS: Fixed CVE-REV: Run the yum...
Advisory ROSA-SA-2024-2532
Software: ansible 2.9.18 OS: rosa-server79 packageevrstring: ansible-2.9.18-1.res7 CVE-ID: CVE-2021-20228 BDU-ID: 2021-03706 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Ansible configuration management system is related to information disclosure. Exploitation of the vulnerability could all...
Advisory ROSA-SA-2024-2531
Software: python-idna 2.4 OS: rosa-server79 packageevrstring: python-idna-2.4-1.0.1.res7 CVE-ID: CVE-2024-3651 BDU-ID: 2024-04211 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the idna.encode function of the Internationalized Domain of Names in Applications IDNA is associated with uncontrolled...
Advisory ROSA-SA-2024-2530
Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...
Advisory ROSA-SA-2024-2529
Software: libtommath 0.42.0 OS: rosa-server79 packageevrstring: libtommath-0.42.0-6.res7 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to integer overflow. Exploitation of the vulnerability coul...
Advisory ROSA-SA-2024-2528
Software: libspf2 1.2.11 OS: rosa-server79 packageevrstring: libspf2-1.2.11-11.20210922git4915c308.res7 CVE-ID: CVE-2021-20314 BDU-ID: 2021-04420 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SPF protocol library libspf2 is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2527
Software: clamav 0.103.11 OS: rosa-server79 packageevrstring: clamav-0.103.11-1.res7 CVE-ID: CVE-2023-20197 BDU-ID: 2023-04766 CVE-Crit: HIGH CVE-DESC.: A vulnerability in ClamAV's file system image parser for Hierarchical File System Plus HFS+ is related to incorrect resource scrubbing or freein...
Advisory ROSA-SA-2024-2526
Software: NetworkManager-libreswan 1.2.4 OS: rosa-server79 packageevrstring: NetworkManager-libreswan-1.2.4-2.0.1.res7 CVE-ID: CVE-2024-9050 BDU-ID: 2024-09459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libreswan client plugin of the NetworkManager network connection management program is...
Advisory ROSA-SA-2024-2525
Software: nghttp2 1.33.0 OS: rosa-server79 packageevrstring: nghttp2-1.33.0-1.3.res7 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established...
Advisory ROSA-SA-2024-2524
Software: monit 5.30.0 OS: rosa-server79 packageevrstring: monit-5.30.0-2.res7 CVE-ID: CVE-2022-26563 BDU-ID: 2023-05304 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PAMcheckPasswd function of the Monit process, program, file and directory management and monitoring utility is related to flaws...
Advisory ROSA-SA-2024-2523
Software: xrdp 0.9.25 OS: rosa-server79 packageevrstring: xrdp-0.9.25-2.0.1.res7 CVE-ID: CVE-2023-40184 BDU-ID: 2023-07659 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the authstartsession function of the XRDP server is related to the bypassing of session restrictions. Exploitation of the...
Advisory ROSA-SA-2024-2522
Software: libebml 1.3.9 OS: rosa-server79 packageevrstring: libebml-1.3.9-2.res7 CVE-ID: CVE-2023-52339 BDU-ID: 2024-02535 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the MemIOCallback.cpp file of the C++ libebml library is related to integer overflow. Exploitation of the vulnerability could all...
Advisory ROSA-SA-2024-2521
Software: device-mapper-multipath 0.4.9 OS: rosa-server79 packageevrstring: device-mapper-multipath-0.4.9-136 CVE-ID: CVE-2022-41974 BDU-ID: 2022-06669 CVE-Crit: HIGH CVE-DESC.: A vulnerability in multipath-tools multipath-tools driver management software is related to privilege management errors...
Advisory ROSA-SA-2024-2520
Software: device-mapper-multipath 0.8.4 OS: ROSA Virtualization 2.1 packageevrstring: device-mapper-multipath-0.8.4-22 CVE-ID: CVE-2022-41974 BDU-ID: 2022-06669 CVE-Crit: HIGH CVE-DESC.: A vulnerability in multipath-tools multipath-tools driver management software is related to privilege manageme...
Advisory ROSA-SA-2024-2519
software: log4j12 1.2.17 OS: ROSA-CHROME packageevrstring: log4j12-1.2.17-26 CVE-ID: CVE-2019-17571 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: Log4j 1.2 includes a SocketServer class that is vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in...
Advisory ROSA-SA-2024-2518
software: memcached 1.6.22 OS: ROSA-CHROME packageevrstring: memcached-1.6.22-1 CVE-ID: CVE-2023-46852 BDU-ID: 2023-08094 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the proxyruncoroutine function protoproxy.c of the memcached data caching software tool is related to an operation exceeding buffe...
Advisory ROSA-SA-2024-2517
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-3 CVE-ID: CVE-2019-16275 BDU-ID: 2019-04775 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Wi-Fi WPA Supplicant secure access component is related to a flaw in the input validation mechanism. Exploitation of the...
Advisory ROSA-SA-2024-2516
software: libssh 0.9.7 OS: ROSA-CHROME packageevrstring: libssh-0.9.7-1 CVE-ID: CVE-2023-1667 BDU-ID: 2023-03857 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the LibSSH client authentication library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker...
Advisory ROSA-SA-2024-2515
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: httpd-2.4.6-99.0.5.res7.1 CVE-ID: CVE-2021-26690 BDU-ID: 2021-03681 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2514
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.1.P2.res7.16 CVE-ID: CVE-2024-1737 BDU-ID: 2024-05964 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attack...
Advisory ROSA-SA-2024-2513
Software: python-setuptools 0.9.8 OS: rosa-server79 packageevrstring: python-setuptools-0.9.8-7.0.1.res7 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is related to functions...
Advisory ROSA-SA-2024-2512
Software: python3-setuptools 39.2.0 OS: rosa-server79 packageevrstring: python3-setuptools-39.2.0-10.0.3.res7 CVE-ID: CVE-2024-37891 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...
Advisory ROSA-SA-2024-2511
Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: LOW CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...
Advisory ROSA-SA-2024-2510
Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...
Advisory ROSA-SA-2024-2509
Software: freeradius 3.0.13 OS: rosa-server79 packageevrstring: freeradius-3.0.13-15.0.1.res7 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through...