1374 matches found
Advisory ROSA-SA-2024-2456
Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...
Advisory ROSA-SA-2024-2455
software: avahi 0.8 WASP: ROSA-CHROME packageevrstring: avahi-0.8-12.git35bb1b.2 CVE-ID: CVE-2021-26720 BDU-ID: 2022-05969 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the avahi-daemon-check-dns.sh component of the Avahi local area network service discovery system involves the execution of a scri...
Advisory ROSA-SA-2024-2454
software: dom4j 2.0.3 AXIS: ROSA-CHROME packageevrstring: dom4j-2.0.3-1 CVE-ID: CVE-2018-1000632 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The dom4j version contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute, which could lead to an attacker forging XM...
Advisory ROSA-SA-2024-2453
Software: e2fsprogs 1.46.6 WASP: ROSA-CHROME packageevrstring: e2fsprogs-1.46.6-1 CVE-ID: CVE-2022-1304 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read/write vulnerability outside the allocated area has been detected in e2fsprogs. This issue leads to a segmentation error and possible execution of...
Advisory ROSA-SA-2024-2452
software: redis 7.0.14 OS: ROSA-CHROME packageevrstring: redis-7.0.14-1 CVE-ID: CVE-2023-41053 BDU-ID: 2023-05475 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system is related to insecure privilege management. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2451
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2020-25722 BDU-ID: 2022-00004 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Active Directory Domain Controller component of the Samba networking software package is caused by a buffer overflow...
Advisory ROSA-SA-2024-2450
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2016-2124 BDU-ID: 2021-05993 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability was discovered in the way Samba implemented SMB1 authentication. An attacker could use this vulnerability to extract the public...
Advisory ROSA-SA-2024-2449
Software: postgresql 12.1 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.1 CVE-ID: CVE-2020-1720 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability has been discovered in PostgreSQL "ALTER ... DEPENDS ON EXTENSION" where subcommands did not perform authorization checks. An...
Advisory ROSA-SA-2024-2448
Software: pcre2 10.32 OS: ROSA Virtualization 2.1 packageevrstring: pcre2-10.32 CVE-ID: CVE-2022-1587 BDU-ID: 2023-02635 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2jitcompile.c function of the PCRE2 regular expression library is related to reading outside of the allowed data buffer...
Advisory ROSA-SA-2024-2447
software: cairo 1.16.0 WASP: ROSA-CHROME packageevrstring: cairo-1.16.0-5 CVE-ID: CVE-2019-6461 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an assertion problem in the cairoarcindirection function in the cairo-arc.c file. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update...
Advisory ROSA-SA-2024-2445
software: xrdp 0.9.23.1 OS: ROSA-CHROME packageevrstring: xrdp-0.9.23.1-1 CVE-ID: CVE-2023-40184 BDU-ID: 2023-07659 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the authstartsession function of the XRDP server is related to the bypassing of session restrictions. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2024-2444
Software: xdg-utils 1.1.3 OS: ROSA-CHROME packageevrstring: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially send...
Advisory ROSA-SA-2024-2442
software: usbredir 0.8.0 OS: ROSA-CHROME packageevrstring: usbredir-0.8.0-4 CVE-ID: CVE-2021-3700 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A post-release exploit vulnerability was discovered in usbredir in usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs when...
Advisory ROSA-SA-2024-2440
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1 CVE-ID: CVE-2019-16905 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: OpenSSH, when compiled with an experimental key type, has an integer overflow before authentication if the client or server is configured to use a...
Advisory ROSA-SA-2024-2439
Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert function...
Advisory ROSA-SA-2024-2438
Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...
Advisory ROSA-SA-2024-2437
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1 CVE-ID: CVE-2022-29458 BDU-ID: 2023-00296 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the convertstrings function of the convertstrings component of the tinfo/readentry.c component of the Ncurses terminal I/O...
Advisory ROSA-SA-2024-2436
software: cfengine 3.21.3 OS: ROSA-CHROME packageevrstring: cfengine-3.21.3-1 CVE-ID: CVE-2021-36756 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is no SSL certificate validation in CFEngine Enterprise. CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update cfengine CVE-ID:...
Advisory ROSA-SA-2024-2435
software: vim 9.0.2130 WASP: ROSA-CHROME packageevrstring: vim-9.0.2130-1 CVE-ID: CVE-2023-46246 BDU-ID: 2023-07250 CVE-Crit: LOW CVE-DESC.: A vulnerability in the gagrowinner function of the vim text editor, protocol for software Unix is caused by an integer overflow. Exploitation of the...
Advisory ROSA-SA-2024-2434
Software: giflib 5.2.1 OS: ROSA-CHROME packageevrstring: giflib-5.2.1-4 CVE-ID: CVE-2023-39742 BDU-ID: 2023-05863 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getarg.c component of the GIFLIB library for handling GIF files is related to a segmentation error. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2024-2433
software: emacs 28.1 WASP: ROSA-CHROME packageevrstring: emacs-28.1-5 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir paramet...
Advisory ROSA-SA-2024-2432
Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 packageevrstring: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users with access to the man user account to gain root privileges, because /usr/bin/mandb is executed by the root user,...
Advisory ROSA-SA-2024-2431
Software: lua 5.3.4 OS: ROSA Virtualization 2.1 packageevrstring: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in luaresume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...
Advisory ROSA-SA-2024-2430
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux M...
Advisory ROSA-SA-2024-2429
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3 CVE-ID: CVE-2023-2731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing bug was found in the LZWDecode function of the Libtiff library in the libtiff/tiflzw.c file. This flaw allows a...
Advisory ROSA-SA-2024-2428
software: djvulibre 3.5.28 WASP: ROSA-CHROME packageevrstring: djvulibre-3.5.28-4 CVE-ID: CVE-2021-3500 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A flaw was discovered in djvulibre. A stack overflow in DJVU::DjVuDocument::getdjvufile via a created djvu file may cause the application to crash and...
Advisory ROSA-SA-2024-2427
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3op2-10 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2426
software: busybox 1.36.1 OS: ROSA-CHROME packageevrstring: busybox-1.36.1-3 CVE-ID: CVE-2022-30065 BDU-ID: 2023-02631 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the copyvar function of the BusyBox suite of UNIX command line utilities is related to incorrect processing of a template created...
Advisory ROSA-SA-2024-2425
software: aspell 0.60.8 WASP: ROSA-CHROME packageevrstring: aspell-0.60.8-3 CVE-ID: CVE-2019-25051 BDU-ID: None CVE-Crit: N/A CVE-DESC.: objstack in GNU Aspell has a heap buffer overflow in acommon::ObjStack::duptop CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update aspell...
Advisory ROSA-SA-2024-2424
Software: libsolv 0.7.11 OS: ROSA Virtualization 2.1 packageevrstring: libsolv-0.7.11 CVE-ID: CVE-2021-44568 BDU-ID: 2023-05482 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the resolvedependencies function of the libsolv library is related to writing beyond buffer boundaries in memory. Exploitati...
Advisory ROSA-SA-2024-2423
Software: libmpeg2 0.5.1 OS: ROSA Virtualization 2.1 packageevrstring: libmpeg2-0.5.1 CVE-ID: CVE-2022-37416 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Ittiam libmpeg2 uses memcpy with overlapping memory blocks in impeg2mcfullxfullxfullx8x8. CVE-STATUS: Not Relevant CVE-REV:...
Advisory ROSA-SA-2024-2421
Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3 CVE-ID: CVE-2019-11463 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory leak in archivereadformatzipcleanup in archivereadsupportformatzip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial...
Advisory ROSA-SA-2024-2420
Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 packageevrstring: jackson-databind-2.10.0 CVE-ID: CVE-2020-35490 BDU-ID: 2022-03804 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library o...
Advisory ROSA-SA-2024-2419
software: heimdal 7.8.0 WASP: ROSA-CHROME packageevrstring: heimdal-7.8.0-1 CVE-ID: CVE-2021-44758 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: heimdal allowed attackers to cause null pointer dereferencing in the SPNEGO receiver via the preferredmechtype GSSCNOOID and a non-zero initialresponse value f...
Advisory ROSA-SA-2024-2418
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-4 CVE-ID: CVE-2023-28709 BDU-ID: 2023-05380 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability is associated with a single offset error. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2417
Software: faad2 2.8.8 OS: ROSA Virtualization 2.1 packageevrstring: faad2-2.8.8-6.0.1.rv3 CVE-ID: CVE-2021-32272 BDU-ID: 2022-01810 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the stszin function of the mp4read.c component of the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related t...
Advisory ROSA-SA-2024-2416
Software: binutils 2.30 OS: ROSA Virtualization 2.1 packageevrstring: binutils-2.30-108.0.1.rv3.1 CVE-ID: CVE-2021-37322 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: GCC c++filt v2.26 was found to contain a post-release exploitation vulnerability via the cplus-dem.c component. CVE-STATUS: Not Relevant...
Advisory ROSA-SA-2024-2415
software: hwloc 2.7.1 OS: ROSA-CHROME packageevrstring: hwloc-2.7.1-2 CVE-ID: CVE-2022-47022 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem discovered in open-mpi hwloc allows attackers to cause denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. CVE-STATUS:...
Advisory ROSA-SA-2024-2414
software: upx 4.2.1 OS: ROSA-CHROME packageevrstring: upx-4.2.1-1 CVE-ID: CVE-2023-23456 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack in the file ptmt.cpp. This thread allows an attacker to cause a denial of service interrupt using...
Advisory ROSA-SA-2024-2413
software: mariadb 10.5.23 AXIS: ROSA-CHROME packageevrstring: mariadb-10.5.23-1 CVE-ID: CVE-2022-47015 BDU-ID: 2023-03856 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the spiderdbmbase::printwarnings function of the MariaDB DBMS is related to pointer dereferencing errors. Exploitation of the...
Advisory ROSA-SA-2024-2412
software: libxpm 3.5.17 OS: ROSA-CHROME packageevrstring: libxpm-3.5.17-1 CVE-ID: CVE-2023-43788 BDU-ID: 2023-06887 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XpmCreateXpmImageFromBuffer function of the X Pixmap Image File XPM libXpm library is related to reading data beyond buffer...
Advisory ROSA-SA-2024-2411
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-22.rv3.src.rpm CVE-ID: CVE-2021-22897 BDU-ID: 2022-00375 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Transport Layer Security TLS protocol implementation of the libcurl library is due to security flaws in the...
Advisory ROSA-SA-2024-2410
Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...
Advisory ROSA-SA-2024-2409
Software: xz 5.2.2 OS: rosa-server79 packageevrstring: xz-5.2.2.2-2 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts...
Advisory ROSA-SA-2024-2408
Software: xz 5.2.4 OS: ROSA Virtualization 2.1 packageevrstring: xz-5.2.4-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process...
Advisory ROSA-SA-2024-2407
software: xz 5.2.9 AXIS: ROSA-CHROME packageevrstring: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extrac...
Advisory ROSA-SA-2024-2406
software: gcc 11.4.0 OS: ROSA-CHROME packageevrstring: gcc-11.4.0-10 CVE-ID: CVE-2023-4039 BDU-ID: 2023-05920 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the stack protection feature of the GNU Compiler Collection GCC stack for various programming languages involves a breach of the data...
Advisory ROSA-SA-2024-2405
software: kubernetes 1.25.15 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.15-1 CVE-ID: CVE-2023-2431 BDU-ID: 2023-03899 CVE-Crit: LOW CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation o...
Advisory ROSA-SA-2024-2404
SOFTWARE: 389-ds-base 1.4.3.8 OS: ROSA Virtualization 2.1 packageevrstring: 389-ds-base-1.4.3.8.src.rpm CVE-ID: CVE-2022-1949 BDU-ID: 2022-04434 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the search filter ldbmsearch.c of the 389 Directory Server is related to access delimitation flaws...
Advisory ROSA-SA-2024-2403
Software: vdsm 4.40.35.1 OS: ROSA Virtualization 2.1 packageevrstring: vdsm-4.40.35.1.rv3 CVE-ID: CVE-2022-0207 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A race condition has been detected in vdsm. Functionality to hide sensitive values in log files, which may cause values to be stored as plaintex...