1374 matches found
Advisory ROSA-SA-2024-2402
Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...
Advisory ROSA-SA-2024-2401
Software: swtpm 0.7.0 OS: ROSA Virtualization 2.1 packageevrstring: swtpm-0.7.0-4.20211109gitb79fd91.module+el8.7.0+16689+53d59bc2.src.rpm CVE-ID: CVE-2022-23645 BDU-ID: 2022-06088 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the swtpm emulator TPM is related to reading beyond buffer boundaries...
Advisory ROSA-SA-2024-2400
Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...
Advisory ROSA-SA-2024-2399
software: htmldoc 1.9.16 OS: ROSA-CHROME packageevrstring: htmldoc-1.9.16-1.src.rpm CVE-ID: CVE-2021-23165 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An error was detected in htmldoc. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may cause arbitrary code execution and denial of...
Advisory ROSA-SA-2024-2398
software: git 2.41.0 WASP: ROSA-CHROME packageevrstring: git-2.41.0-2.src.rpm CVE-ID: CVE-2022-23521 BDU-ID: 2023-00499 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to...
Advisory ROSA-SA-2024-2397
Software: protobuf-c 1.4.1 OS: ROSA-CHROME packageevrstring: protobuf-c-1.4.1-2.src.rpm CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow. Exploitatio...
Advisory ROSA-SA-2024-2396
Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional...
Advisory ROSA-SA-2024-2394
Software: spice 0.14.3 OS: ROSA Virtualization 2.1 packageevrstring: spice-0.14.3-4.rv3 CVE-ID: CVE-2021-20201 BDU-ID: 2022-05884 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SPICE remote virtual desktop rendering system is associated with significantly less resource consumption at the clie...
Advisory ROSA-SA-2024-2393
Software: runc 1.0.0 OS: rosa-server79 packageevrstring: runc-1.0.0.0-70.rc10.res7 CVE-ID: CVE-2019-19921 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: runc has improper access control leading to elevated privileges associated with libcontainer/rootfslinux.go. To exploit this, an attacker must be able t...
Advisory ROSA-SA-2024-2392
Software: python-pillow 2.0.0-25 OS: rosa-server79 packageevrstring: python-pillow-2.0.0.0-25.gitd1c6db8.res7 CVE-ID: CVE-2023-44271 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem has been detected in Pillow. It is a denial of service that uncontrollably allocates memory to process a given task...
Advisory ROSA-SA-2024-2391
Software: ImageMagick 6.9.10.68 OS: rosa-server79 packageevrstring: ImageMagick-6.9.10.68-7.res7 CVE-ID: CVE-2021-40211 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem was detected in ImageMagick via division by zero in the ReadEnhMetaFile function of the coders/emf.c file. CVE-STATUS: Fixed...
Advisory ROSA-SA-2024-2390
Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-2858 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file. CVE-STATUS: Fixed CVE-REV: To close, run the...
Advisory ROSA-SA-2024-2388
Software: wireshark 4.0.10 OS: ROSA-CHROME packageevrstring: wireshark-4.0.10-1.src.rpm CVE-ID: CVE-2023-0666 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Due to a failure in length validation provided by an attacker-created RTPS packet, Wireshark is vulnerable by default to a heap buffer overflow an...
Advisory ROSA-SA-2024-2387
Software: slapi-nis 0.56.6 OS: ROSA Virtualization 2.1 packageevrstring: slapi-nis-0.56.6-2.rv3 CVE-ID: CVE-2021-3480 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dereferencing a null pointer during DN binding analysis could allow an unauthenticated attacker to cause the 389-ds-base directory server to...
Advisory ROSA-SA-2024-2386
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3-12.0.1.rv3.3.x8664.rpm CVE-ID: CVE-2020-10745 BDU-ID: 2021-01741 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Samba networking software package is associated with uncontrolled resource consumption. Exploitation ...
Advisory ROSA-SA-2024-2385
Software: kernel-ml-6.6 6.6.11 OS: rosa-server79 packageevrstring: kernel-ml-6.6.6.11-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the...
Advisory ROSA-SA-2024-2384
Software: kernel-ml 5.15.146 OS: rosa-server79 packageevrstring: kernel-ml-5.15.146-1.res7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/T...
Advisory ROSA-SA-2024-2383
Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.105.1.el7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP...
Advisory ROSA-SA-2024-2382
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.3.res7 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiatio...
Advisory ROSA-SA-2024-2381
Software: rsyslog 8.1911.0 OS: ROSA Virtualization 2.1 packageevrstring: rsyslog-8.1911.0-6.0.1.rv3 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing beyond buffer boundaries ...
Advisory ROSA-SA-2024-2380
Software: rpm 4.14.3 OS: ROSA Virtualization 2.1 packageevrstring: rpm-4.14.3-26.rv3 CVE-ID: CVE-2021-3521 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a flaw in RPM's proprietary functionality. OpenPGP connections are bound to the primary key via a "binding signature". RPM does not verify t...
Advisory ROSA-SA-2024-2379
software: curl 8.4.0 WASP: ROSA-CHROME packageevrstring: curl-8.4.0-1.src.rpm CVE-ID: CVE-2023-38545 BDU-ID: 2023-06576 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SOCKS5 protocol implementation of the cURL command line utility is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2024-2378
software: pcre2 10.36 WASP: ROSA-CHROME packageevrstring: pcre2-10.36-4.src.rpm CVE-ID: CVE-2022-41409 BDU-ID: 2023-05302 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pcre2test command of the PCRE2 regular expression library is related to integer overflow. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2377
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-7.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2376
Software: dav1d 1.3.0 AXIS: ROSA-CHROME packageevrstring: dav1d-1.3.0-1.src.rpm CVE-ID: CVE-2023-32570 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: VideoLAN dav1d has a threadtask.c race condition that could cause an application crash associated with dav1ddecodeframeexit. CVE-STATUS: Fixed CVE-REV: T...
Advisory ROSA-SA-2024-2375
Software: resteasy 3.0.26 OS: ROSA Virtualization 2.1 packageevrstring: resteasy-c-3.0.26-6.0.1.rv3 CVE-ID: CVE-2020-10688 BDU-ID: 2024-01096 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RESTEasy software tool is related to the failure to take measures to protect the structure of a web page...
Advisory ROSA-SA-2024-2374
Software: protobuf-c 1.3.0 OS: ROSA Virtualization 2.1 packageevrstring: protobuf-c-1.3.0-8.rv3 CVE-ID: CVE-2022-48468 BDU-ID: 2023-03313 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the parserequiredmember function of the protobuf-c data serialization protocol is related to integer overflow...
Advisory ROSA-SA-2024-2373
Software: pixman 0.38.4 OS: ROSA Virtualization 2.1 packageevrstring: pixman-0.38.4.src.rpm CVE-ID: CVE-2022-44638 BDU-ID: 2022-06667 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rasterizeedges8 function of the Pixman library is related to the ability to write beyond buffer boundaries in...
Advisory ROSA-SA-2024-2372
Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46-10.el8.src.rpm CVE-ID: CVE-2020-15719 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: libldap in some third-party OpenLDAP packages has a certificate validation error when the third-party package asserts support for...
Advisory ROSA-SA-2024-2371
software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2011-0064 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The hbbufferensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory reallocatio...
Advisory ROSA-SA-2024-2370
software: firefox 118.0.2 OS: ROSA-CHROME packageevrstring: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2007-3670 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An argument injection vulnerability in Microsoft Internet Explorer when running on systems with Firefox installed and registered specific URIs allow...
Advisory ROSA-SA-2024-2367
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...
Advisory ROSA-SA-2024-2366
Software: openssl 1.1.1v OS: ROSA-CHROME packageevrstring: openssl-1.1.1.1v-1.src.rpm CVE-ID: CVE-2023-2650 BDU-ID: 2023-03652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2024-2365
Software: net-snmp 5.8 OS: ROSA Virtualization 2.1 packageevrstring: net-snmp-5.8-27.rv3 CVE-ID: CVE-2022-44792 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception error, which could be used by a remote attacker...
Advisory ROSA-SA-2024-2364
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-9.20180224.rv3 CVE-ID: CVE-2019-17594 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a heap-based buffer enumeration in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses. CVE-STATUS:...
Advisory ROSA-SA-2024-2363
Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...
Advisory ROSA-SA-2024-2362
Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...
Advisory ROSA-SA-2024-2360
software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...
Advisory ROSA-SA-2024-2359
software: postgresql 12.16 WASP: ROSA-CHROME packageevrstring: postgresql-12.16-1.src.rpm CVE-ID: CVE-2023-2454 BDU-ID: 2023-03247 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access delimitation flaws...
Advisory ROSA-SA-2024-2358
Software: libwebp 1.2.3 OS: ROSA-CHROME packageevrstring: libwebp-1.2.3-1.src.rpm CVE-ID: CVE-2023-1999 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a use after free/double free in libwebp. An attacker could use ApplyFiltersAndEncode to free best.bw and assign the pointer best = Trial. The...
Advisory ROSA-SA-2024-2357
software: libvpx 1.10.0 OS: ROSA-CHROME packageevrstring: libvpx-1.10.0-4.src.rpm CVE-ID: CVE-2023-40474 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The MXF file demultiplexer in GStreamer plugins has encountered a heap buffer overflow bug when processing distorted uncompressed video files. This iss...
Advisory ROSA-SA-2024-2356
Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-16.rv3 CVE-ID: CVE-2016-3709 BDU-ID: 2023-07602 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to protect the structure of a web page. Exploitation of...
Advisory ROSA-SA-2024-2355
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...
Advisory ROSA-SA-2024-2354
Software: shim-signed 15 OS: rosa-server79 packageevrstring: shim-signed-15-8.0.1.res7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the UEFI shim bootloader due to failure to take measures to neutralize special elements. Exploitation of the...
Advisory ROSA-SA-2024-2353
Software: shim 15 OS: rosa-server79 packageevrstring: shim-15-8.0.1.el7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could...
Advisory ROSA-SA-2024-2352
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-31.res7 CVE-ID: CVE-2023-6816 BDU-ID: 2024-00405 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related to an operation...
Advisory ROSA-SA-2024-2351
Software: xorg-x11-server 0.19.4 OS: rosa-server79 packageevrstring: xorg-x11-server-0.19.4-2.res7 CVE-ID: CVE-2023-6816 BDU-ID: 2024-00405 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related ...
Advisory ROSA-SA-2024-2350
Software: LibRaw 0.19.4 OS: rosa-server79 packageevrstring: LibRaw-0.19.4-2.res7 CVE-ID: CVE-2021-32142 BDU-ID: 2023-03833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LibRawbufferdatastream::gets function of the src/librawdatastream.cpp component of the LibRaw image processing library is...
Advisory ROSA-SA-2024-2349
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.res7.11 CVE-ID: CVE-2022-28734 BDU-ID: 2024-01201 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Grub loader is related to out-of-bounds writes when processing delimited HTTP headers. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2348
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.0.1.res7.11 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...