1374 matches found
Advisory ROSA-SA-2024-2508
Software: flatpak 1.0.9 OS: rosa-server79 packageevrstring: flatpak-1.0.9-13.0.1.res7 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output elements use...
Advisory ROSA-SA-2024-2506
Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-5.rv3 CVE-ID: CVE-2020-28493 BDU-ID: 2022-05230 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python programming language interpreter html-template tool jinja2 is related to incorrect resource...
Advisory ROSA-SA-2024-2505
SOFTWARE: 389-ds-base 1.4.3.8 OS: ROSA Virtualization 2.1 packageevrstring: 389-ds-base-1.4.3.8-5.0.2.rv3 CVE-ID: CVE-2020-35518 BDU-ID: 2023-02645 CVE-Crit: MEDIUM CVE-DESC.: A 389 Directory Server authentication vulnerability involves information disclosure when verifying the existence of a...
Advisory ROSA-SA-2024-2504
Software: iperf3 3.5 OS: ROSA Virtualization 2.1 packageevrstring: iperf3-3.5-10.rv3 CVE-ID: CVE-2023-38403 BDU-ID: 2023-03980 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to integer overflow during field length processing. Exploitation of...
Advisory ROSA-SA-2024-2503
Software: wget 1.19.5 OS: ROSA Virtualization 2.1 packageevrstring: wget-1.19.5-12.rv3 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the userinfo URI component of the GNU Wget download manager is related to insecure behavior in which data that should hav...
Advisory ROSA-SA-2024-2502
Software: libndp 1.7 OS: ROSA Virtualization 2.1 packageevrstring: libndp-1.7-7.rv3 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2024-2501
Software: postgresql 12.20 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.20-1.rv3 CVE-ID: CVE-2021-32027 BDU-ID: 2021-02776 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to an operation exceeding buffer boundaries during array...
Advisory ROSA-SA-2024-2500
Software: orc 0.4.28 OS: ROSA Virtualization 2.1 packageevrstring: orc-0.4.28-4.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input validation when processing HTML...
Advisory ROSA-SA-2024-2499
Software: python-setuptools 39.2.0 OS: ROSA Virtualization 2.1 packageevrstring: python-setuptools-39.2.0-8.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...
Advisory ROSA-SA-2024-2498
Software: python-jwcrypto 0.5.0 OS: ROSA Virtualization 2.1 packageevrstring: python-jwcrypto-0.5.0-2.rv3 CVE-ID: CVE-2024-28102 BDU-ID: 2024-01978 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the deserialize JavaScript library function for Jwcrypto is associated with uncontrolled resource...
Advisory ROSA-SA-2024-2497
Software: python-urllib3 1.24.2 OS: ROSA Virtualization 2.1 packageevrstring: python-urllib3-1.24.2-8.rv3 CVE-ID: CVE-2020-26137 BDU-ID: 2021-05230 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the urllib3 module method of the Python programming language interpreter is related to insufficient...
Advisory ROSA-SA-2024-2496
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-60.rv3 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2024-2495
Software: libvpx 1.7.0 OS: ROSA Virtualization 2.1 packageevrstring: libvpx-1.7.0-11.rv3 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special form...
Advisory ROSA-SA-2024-2494
Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.1.res7 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document generation softwar...
Advisory ROSA-SA-2024-2493
Software: libndp 1.2 OS: rosa-server79 packageevrstring: libndp-1.2-10.res7 CVE-ID: CVE-2024-5564 BDU-ID: 2024-04337 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a...
Advisory ROSA-SA-2024-2492
Software: krb5 1.15.1 OS: rosa-server79 packageevrstring: krb5-1.15.1-55.res7 CVE-ID: CVE-2022-42898 BDU-ID: 2022-06933 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PAC Privileged Attribute Certificate parameters of the krb5parsepac function of the Heimdal and MIT Kerberos packets of the...
Advisory ROSA-SA-2024-2491
Software: dhcp 4.2.5 OS: rosa-server79 packageevrstring: dhcp-4.2.5-83.res7.2 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and...
Advisory ROSA-SA-2024-2490
Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...
Advisory ROSA-SA-2024-2489
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.16 CVE-ID: CVE-2023-2828 BDU-ID: 2023-07642 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2488
Software: less 458 OS: rosa-server79 packageevrstring: less-458-10.res7 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the filename.c file. Exploitation of...
Advisory ROSA-SA-2024-2487
Software: flatpak 1.0.9 OS: rosa-server79 packageevrstring: flatpak-1.0.9-13.res7 CVE-ID: CVE-2021-41133 BDU-ID: 2022-00259 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to a lack of blocking in the seccomp filter of mount-related...
Advisory ROSA-SA-2024-2486
Software: postgresql15 15.7 OS: rosa-server79 packageevrstring: postgresql15-15.7-1PGDG.res7 CVE-ID: CVE-2023-39418 BDU-ID: 2023-04768 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to access delimitation flaws. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2485
Software: postgresql14 14.12 OS: rosa-server79 packageevrstring: postgresql14-14.12-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2484
Software: postgresql13 13.15 OS: rosa-server79 packageevrstring: postgresql13-13.15-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2483
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-33.res7 CVE-ID: CVE-2024-31080 BDU-ID: 2024-03132 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ProcXIGetSelectedEvents function of the X Window System Xorg-server is related to an operation exceeding buffer boundaries...
Advisory ROSA-SA-2024-2482
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-29.res7 CVE-ID: CVE-2024-31080 BDU-ID: 2024-03132 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ProcXIGetSelectedEvents function of X Window System Xorg-server is related to an operation exceeding buffe...
Advisory ROSA-SA-2024-2481
Software: java-11-openjdk 11.0.23.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.23.0.9-2.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK,...
Advisory ROSA-SA-2024-2480
Software: java-1.8.0-openjdk 1.8.0.412.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.412.b08-1.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM...
Advisory ROSA-SA-2024-2479
Software: squid 3.5.20 OS: rosa-server79 packageevrstring: squid-3.5.20-17.0.1.res7.10 CVE-ID: CVE-2023-46728 BDU-ID: 2024-01221 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacke...
Advisory ROSA-SA-2024-2478
software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...
Advisory ROSA-SA-2024-2477
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...
Advisory ROSA-SA-2024-2476
software: ldns 1.8.3 OS: ROSA-CHROME packageevrstring: ldns-1.8.3-1 CVE-ID: CVE-2020-19861 BDU-ID: 2022-05917 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ldnsnsec3saltdata function of the DNS LDNS library is related to reading outside the allowed data buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2024-2475
Software: ipmitool 1.8.18 OS: ROSA-CHROME packageevrstring: ipmitool-1.8.18-22 CVE-ID: CVE-2020-5208 BDU-ID: 2020-04640 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the readfruareasection lib/ipmifru.c function of the ipmitool IPMI-enabled device management and configuration utility is related to...
Advisory ROSA-SA-2024-2474
software: libraw 0.20.2 OS: ROSA-CHROME packageevrstring: libraw-0.20.2-4 CVE-ID: CVE-2020-22628 BDU-ID: 2023-05897 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the LibRaw::stretch function of the LibRaw image processing library is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2473
software: net-snmp 5.9 WASP: ROSA-CHROME packageevrstring: net-snmp-5.9-3 CVE-ID: CVE-2022-44792 BDU-ID: 2024-06510 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the handleipDefaultTTL function of the Net-SNMP software suite of the Linux operating system is associated with a NULL Pointer...
Advisory ROSA-SA-2024-2472
software: zip 3.0 WASP: ROSA-CHROME packageevrstring: zip-3.0-15 CVE-ID: CVE-2018-13410 BDU-ID: 2021-03766 CVE-Crit: HIGH CVE-DESC.: A vulnerability in zip file compression software is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2471
software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3-22 CVE-ID: CVE-2021-36770 BDU-ID: 2021-05374 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Encode.pm module of the Perl programming language interpreter is related to incorrect search path handling. Exploitation of the...
Advisory ROSA-SA-2024-2470
software: systemd 249 WASP: ROSA-CHROME packageevrstring: systemd-249-1.gitfab79a.21 CVE-ID: CVE-2022-3821 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An off-by-one error problem was discovered in Systemd in the formattimespan function time-util.c. An attacker could provide specific values for time...
Advisory ROSA-SA-2024-2469
software: pcs 0.10.7 WASP: ROSA-CHROME packageevrstring: pcs-0.10.7-5 CVE-ID: CVE-2022-1049 BDU-ID: 2022-05543 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the corosync/pacemaker PCS program configuration utility is related to flaws in the authentication procedure. Exploitation of the vulnerabili...
Advisory ROSA-SA-2024-2468
software: patch 2.7.6 OS: ROSA-CHROME packageevrstring: patch-2.7.6-5 CVE-ID: CVE-2018-6951 BDU-ID: 2023-01652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the intuitdifftype function of the pch.c component of the Patch edit transfer program is related to pointer dereferencing errors. Exploitatio...
Advisory ROSA-SA-2024-2467
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-5 CVE-ID: CVE-2023-45322 BDU-ID: 2023-06827 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlUnlinkNode function tree.c of the libxml2 library is related to memory usage after it is freed. Exploitation of the vulnerabili...
Advisory ROSA-SA-2024-2465
Software: uuid 1.6.2 OS: ROSA Virtualization 2.1 packageevrstring: uuid-1.6.2 CVE-ID: CVE-2013-4184 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Perl Data::UUID module from CPAN is vulnerable to symbolic link attacks CVE-STATUS: Not Relevant CVE-REV:...
Advisory ROSA-SA-2024-2464
Software: util-linux 2.32.1 OS: ROSA Virtualization 2.1 packageevrstring: util-linux-2.32.1 CVE-ID: CVE-2022-0563 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A compilation vulnerability with Readline support has been discovered in the util-linux utilities chfn and chsh. The Readline library uses the...
Advisory ROSA-SA-2024-2463
software: zlib 1.2.11 OS: ROSA-CHROME packageevrstring: zlib-1.2.11-5 CVE-ID: CVE-2023-45853 BDU-ID: 2023-07116 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the zipOpenNewFileInZip464 function of the MiniZip package of the zlib library relates to an integer overflow when processing file name...
Advisory ROSA-SA-2024-2462
Software: gstreamer1.0-plugins-good 1.19.1 OS: ROSA-CHROME packageevrstring: gstreamer1.0-plugins-good-1.19.1-4 CVE-ID: CVE-2022-2122 BDU-ID: 2022-06453 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the qtdemuxinflate function of the Gstreamer multimedia framework is caused by an integer overflow...
Advisory ROSA-SA-2024-2461
software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-20 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems loader is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2460
software: gnuplot 5.4.10 OS: ROSA-CHROME packageevrstring: gnuplot-5.4.10-1 CVE-ID: CVE-2020-25412 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: comline in command.c in gnuplot causes writes outside the memory buffer from strncpy, which may lead to arbitrary code execution. CVE-STATUS: Fixed CVE-REV...
Advisory ROSA-SA-2024-2459
Software: systemd 239 OS: ROSA Virtualization 2.1 packageevrstring: systemd-239 CVE-ID: CVE-2018-21029 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: systemd accepts any certificate signed by a trusted certificate authority for DNS Over TLS. No server name indication SNI is sent, and there is no...
Advisory ROSA-SA-2024-2458
Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29 CVE-ID: CVE-2022-43995 BDU-ID: 2022-06664 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the implementation of the crypt function of the Sudo system administration program is related to the ability to read outside of...
Advisory ROSA-SA-2024-2457
Software: snappy 1.1.8 OS: ROSA Virtualization 2.1 packageevrstring: snappy-1.1.8 CVE-ID: CVE-2023-28115 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the generateFromHtml function of the PHP Snappy library involves the recovery of invalid data from memory. Exploitation of the...