1374 matches found
Advisory ROSA-SA-2026-3263
Software: kernel-ml 5.15.180 OS: rosa-server79 unaffected versions = kernel-ml-5.15.180-1.0.1.res7 affected versions kernel-ml-5.15.180-1.0.1.res7 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perfor...
Advisory ROSA-SA-2026-3262
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 unaffected versions = kernel-4.18.0-553.123.1.el810 affected versions lock, allowing a local attacker to cause a denial of service or execute arbitrary code when frequently switching a thread simultaneously with opening/closing a related...
Advisory ROSA-SA-2026-3261
Software: kernel 4.18.0 OS: ROSA Virtualization 2.1 unaffected versions = kernel-4.18.0-553.123.1.el810 affected versions lock, allowing a local attacker to cause a denial of service or execute arbitrary code when frequently switching a thread simultaneously with opening/closing a related subt...
Advisory ROSA-SA-2026-3260
software: kernel-5.15 5.15.193 WASP: ROSA-CHROME unaffected versions = kernel-5.15-5.15.193-3 affected versions kernel-5.15-5.15.193-3 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD...
Advisory ROSA-SA-2026-3259
software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-2 affected versions kernel-5.10-5.10.244-2 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD...
Advisory ROSA-SA-2026-3258
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-3 affected versions kernel-6.1-6.1.152-3 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD "in-place"...
Advisory ROSA-SA-2026-3257
software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-5 affected versions kernel-6.12-6.12.74-5 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD "in-plac...
Advisory ROSA-SA-2026-3256
software: libheif 1.12.0 WASP: ROSA-CHROME unaffected versions = libheif-1.12.0-6 affected versions libheif-1.12.0-6 CVE-ID: CVE-2025-68431 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In libheif HEIF/AVIF decoder/encoder before 1.21.0, when processing a specially formed HEIF with an overlay element ...
Advisory ROSA-SA-2026-3255
software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-3 affected versions ffmpeg-4.4.6-3 CVE-ID: CVE-2025-10256 BDU-ID: 2025-11446 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the configinput function of the FFmpeg multimedia library is related to pointer dereferencing...
Advisory ROSA-SA-2026-3254
software: coturn 4.5.2 OS: ROSA-CHROME unaffected versions = coturn-4.5.2-6 affected versions coturn-4.5.2-6 CVE-ID: CVE-2026-27624 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in Coturn allows a remote attacker to bypass loopback and internal IP range locking denied-peer-ip option and...
Advisory ROSA-SA-2026-3253
Software: haproxy 3.2.13 WASP: ROSA-CHROME unaffected versions = haproxy-3.2.13-1 affected versions haproxy-3.2.13-1 CVE-ID: CVE-2025-11230 BDU-ID: 2025-13169 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to algorithmic complexity. Exploitation of the...
Advisory ROSA-SA-2026-3252
software: grafana 12.1.8 WASP: ROSA-CHROME unaffected versions = grafana-12.1.8-1 affected versions 3s, timeout and permanently block on sending to an unbuffered channel, resulting in linear growth of goroutines and memory exhaustion. CVE-STATUS: The vulnerability has been resolved CVE-REV: To...
Advisory ROSA-SA-2026-3251
software: glibc 2.33 AXIS: ROSA-CHROME unaffected versions = glibc-2.33-11.git5f08d1.5 affected versions glibc-2.33-11.git5f08d1.5 CVE-ID: CVE-2026-0915 BDU-ID: 2026-02104 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getnetbyaddr and getnetbyaddrr functions of the GNU C Library system library...
Advisory ROSA-SA-2026-3250
software: zlib 1.2.13 OS: ROSA-CHROME unaffected versions = zlib-1.2.13-2 affected versions zlib-1.2.13-2 CVE-ID: CVE-2026-27171 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In zlib before 1.3.2, excessive CPU consumption DoS via crc32combine64 and crc32combinegen64 functions is possible: the x2nmodp...
Advisory ROSA-SA-2026-3249
software: vim 9.1.2148 WASP: ROSA-CHROME unaffected versions = vim-9.1.2148-1 affected versions vim-9.1.2148-1 CVE-ID: CVE-2026-25749 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap overflow in Vim before version 9.1.2132 when processing the 'helpfile' option. In gettagfname src/tag.c, the value of...
Advisory ROSA-SA-2026-3248
software: exim 4.99.1 OS: ROSA-CHROME unaffected versions = exim-4.99.1-1 affected versions exim-4.99.1-1 CVE-ID: CVE-2025-67896 BDU-ID: 2026-00906 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Exim mail server is related to a buffer overflow in dynamic memory. Exploitation of the...
Advisory ROSA-SA-2026-3247
software: libreoffice 24.8.7.2 OS: ROSA-CHROME unaffected versions = libreoffice-24.8.7.2 affected versions libreoffice-24.8.7.2 CVE-ID: CVE-2025-2866 BDU-ID: 2025-05910 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the LibreOffice office suite is related to incorrect cryptographic signature...
Advisory ROSA-SA-2026-3246
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-3 affected versions ghostscript-9.56.1-3 CVE-ID: CVE-2024-33869 BDU-ID: 2024-07480 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the base/gpmisc.c file of the Ghostscript document processing, conversion, and...
Advisory ROSA-SA-2026-3245
software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.5 affected versions avahi-0.8-12.git35bb1b.5 CVE-ID: CVE-2026-24401 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Avahi avahi-daemon ≤ 0.9rc2 allows a remote attacker to cause a process crash DoS:...
Advisory ROSA-SA-2026-3239
software: suricata 7.0.14 AXIS: ROSA-CHROME unaffected versions = suricata-7.0.14-1 affected versions suricata-7.0.14-1 CVE-ID: CVE-2026-22258 BDU-ID: 2026-00955 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System's DCERPC protocol implementation is...
Advisory ROSA-SA-2026-3244
software: xrdp 0.10.5 WASP: ROSA-CHROME unaffected versions = xrdp-0.10.5-1 affected versions xrdp-0.10.5-1 CVE-ID: CVE-2025-68670 BDU-ID: 2026-00962 CVE-Crit: CRITICAL CVE-DESC.: An XRDP server vulnerability is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2026-3242
software: djvulibre 3.5.29 WASP: ROSA-CHROME unaffected versions = djvulibre-3.5.29-1 affected versions djvulibre-3.5.29-1 CVE-ID: CVE-2021-46312 BDU-ID: 2023-05878 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the IW44EncodeCodec.cpp component of the library for viewing, creating, editing DjVu...
Advisory ROSA-SA-2026-3243
Software: libarchive 3.6.2 OS: ROSA-CHROME unaffected versions = libarchive-3.6.2-9 affected versions libarchive-3.6.2-9 CVE-ID: CVE-2025-60753 BDU-ID: 2026-00318 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the applysubstitution function of the libarchive library involves the execution of a lo...
Advisory ROSA-SA-2026-3241
software: openssl 1.1.1w OS: ROSA-CHROME unaffected versions = openssl-1.1.1.1w-5 affected versions openssl-1.1.1.1w-5 CVE-ID: CVE-2025-68160 BDU-ID: 2026-01216 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BIOflinebuffer function of the OpenSSL library is related to an operation exceeding...
Advisory ROSA-SA-2026-3240
software: vim 9.1.2128 WASP: ROSA-CHROME unaffected versions = vim-9.1.2128-1 affected versions vim-9.1.2128-1 CVE-ID: CVE-2025-66476 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vim for Windows before version 9.1.1947 implements an unreliable search order for external commands: when using cmd.exe, the...
Advisory ROSA-SA-2026-3238
software: openvpn 2.6.17 OS: ROSA-CHROME unaffected versions = openvpn-2.6.17-1 affected versions openvpn-2.6.17-1 CVE-ID: CVE-2025-13751 BDU-ID: 2025-16280 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenVPN software is related to unrestricted resource allocation. Exploitation of the...
Advisory ROSA-SA-2026-3237
software: libsndfile 1.1.0 OS: ROSA-CHROME unaffected versions = libsndfile-1.1.0-6 affected versions libsndfile-1.1.0-6 CVE-ID: CVE-2025-56226 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Memory leak in Libsndfile =1.2.2 in the mpegl3encoderinit function file mpegl3encode.c. CVE-STATUS: The...
Advisory ROSA-SA-2026-3234
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-6 affected versions curl-8.7.1-6 CVE-ID: CVE-2025-14017 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In multi-threaded LDAPS transfers in libcurl, changing TLS options in one thread changed them globally and could affect other...
Advisory ROSA-SA-2026-3236
software: fluidsynth 2.3.0 WASP: ROSA-CHROME unaffected versions = fluidsynth-2.3.0-2 affected versions fluidsynth-2.3.0-2 CVE-ID: CVE-2025-56225 BDU-ID: 2026-03010 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/synth/fluidsynthmonopoly.c component of the FluidSynth software synthesizer is...
Advisory ROSA-SA-2026-3235
software: expat 2.7.4 OS: ROSA-CHROME unaffected versions = expat-2.7.4-1 affected versions expat-2.7.4-1 CVE-ID: CVE-2026-24515 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In libexpat before 2.7.4, the XMLExternalEntityParserCreate function does not copy custom handler data of unknown encoding...
Advisory ROSA-SA-2026-3232
software: kanboard 1.2.49 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.49-1 affected versions kanboard-1.2.49-1 CVE-ID: CVE-2026-21879 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An Open Redirect vulnerability in Kanboard ≤ 1.2.48 allowed authenticated users to be redirected to malicious...
Advisory ROSA-SA-2026-3233
software: libcupsfilters 2.0.0 OS: ROSA-CHROME unaffected versions = libcupsfilters-2.0.0.0-8 affected versions libcupsfilters-2.0.0-8 CVE-ID: CVE-2025-57812 BDU-ID: 2025-15977 CVE-Crit: LOW CVE-DESC.: A vulnerability in the cfFilterImageToRaster function of the CUPS print server is related to...
Advisory ROSA-SA-2026-3231
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-5 affected versions curl-8.7.1-5 CVE-ID: CVE-2025-14524 BDU-ID: 2026-02955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cURL server communication software tool is related to URL redirection to an untrusted site...
Advisory ROSA-SA-2026-3229
software: capstone 4.0.2 OS: ROSA-CHROME unaffected versions = capstone-4.0.2-2 affected versions capstone-4.0.2.2-2 CVE-ID: CVE-2025-67873 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Capstone is a disassembler framework. In versions up to and including 6.0.0.0-Alpha5, skipdata length was not checked...
Advisory ROSA-SA-2026-3230
software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.4 affected versions avahi-0.8-12.git35bb1b.4 CVE-ID: CVE-2025-68276 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Avahi mDNS/DNS-SD. An unprivileged local user can cause an avahi-daemon DoS crash by...
Advisory ROSA-SA-2026-3228
software: gpsd 3.21 WASP: ROSA-CHROME unaffected versions = gpsd-3.21-5 affected versions gpsd-3.21-5 CVE-ID: CVE-2025-67268 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Vulnerability in gpsd before commit dc966aa: in drivers/drivernmea2000.c, function hnd129540 handling PGN 129540 - GNSS Satellite...
Advisory ROSA-SA-2026-3226
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-26 affected versions grub2-2.06-26 CVE-ID: CVE-2025-61662 BDU-ID: 2025-14786 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the gettext module of the Grub2 operating systems boot loader is related to the ability to use memory...
Advisory ROSA-SA-2026-3225
software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-2 affected versions busybox-1.37.0-2 CVE-ID: CVE-2025-46394 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In tar in BusyBox, file names in a TAR archive can be hidden in the list output using terminal escape sequences...
Advisory ROSA-SA-2026-3227
software: qemu 7.2.22 OS: ROSA-CHROME unaffected versions = qemu-7.2.22-1 affected versions qemu-7.2.22-1 CVE-ID: CVE-2023-3019 BDU-ID: 2024-04883 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability...
Advisory ROSA-SA-2026-3224
software: tpm2-tools 5.5.1 OS: ROSA-CHROME unaffected versions = tpm2-tools-5.5.1-1 affected versions tpm2-tools-5.5.1-1 CVE-ID: CVE-2024-29039 BDU-ID: 2025-16174 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the tpm2 checkquote component of the Trusted Platform Module tpm2-tools repository fo...
Advisory ROSA-SA-2026-3221
software: python-ldap 3.4.5 WASP: ROSA-CHROME unaffected versions = python-ldap-3.4.5-2 affected versions python-ldap-3.4.5-2 CVE-ID: CVE-2025-61911 BDU-ID: 2026-02913 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the filter.py component of the Python module for working with Python-LDAP LDAP...
Advisory ROSA-SA-2026-3222
software: suricata 7.0.13 WASP: ROSA-CHROME unaffected versions = suricata-7.0.13-1 affected versions suricata-7.0.13-1 CVE-ID: CVE-2025-64330 BDU-ID: 2025-14771 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to a buffer overflow in...
Advisory ROSA-SA-2026-3220
Software: fonttools 4.49.0 WASP: ROSA-CHROME unaffected versions = fonttools-4.49.0-2 affected versions fonttools-4.49.0-2 CVE-ID: CVE-2025-66034 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Arbitrary file write vulnerability in fontTools varLib allows a remote attacker to execute arbitrary code when...
Advisory ROSA-SA-2026-3223
software: cups-filters 2.0.1 OS: ROSA-CHROME unaffected versions = cups-filters-2.0.1-1 affected versions cups-filters-2.0.1-1 CVE-ID: CVE-2025-64524 BDU-ID: 2026-03142 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CUPS Filters print package is related to an operation exceeding buffer boundarie...
Advisory ROSA-SA-2026-3219
software: cups 2.4.16 OS: ROSA-CHROME unaffected versions = cups-2.4.16-1 affected versions cups-2.4.16-1 CVE-ID: CVE-2025-58436 BDU-ID: 2026-02912 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is associated with uncontrolled resource consumption. Exploitation of the...
Advisory ROSA-SA-2026-3218
software: sssd 2.9.7 OS: ROSA-CHROME unaffected versions = sssd-2.9.7-1 affected versions sssd-2.9.7-1 CVE-ID: CVE-2023-3758 BDU-ID: 2024-04108 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the remote directory access control service and SSSD authentication mechanism is associated with a race...
Advisory ROSA-SA-2026-3217
software: runc 1.3.4 OS: ROSA-CHROME unaffected versions = runc-1.3.4-1 affected versions runc-1.3.4-1 CVE-ID: CVE-2024-45310 BDU-ID: 2024-06891 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Runc isolated container tool is associated with a race condition that allows link tracking. Exploitation...
Advisory ROSA-SA-2026-3216
software: libpng 1.6.53 WASP: ROSA-CHROME unaffected versions = libpng-1.6.53-1 affected versions libpng-1.6.53-1 CVE-ID: CVE-2025-64505 BDU-ID: 2026-02923 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pngdoquantize function of the pngrtran.c component of the PNG Libpng bitmap graphics libra...
Advisory ROSA-SA-2026-3215
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-15 affected versions tomcat-9.0.37-15 CVE-ID: CVE-2025-55752 BDU-ID: 2025-13742 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability involves relative path traversal. Exploitation of the...
Advisory ROSA-SA-2026-3214
software: nginx 1.26.3 WASP: ROSA-CHROME unaffected versions = nginx-1.26.3-1 affected versions nginx-1.26.3-1 CVE-ID: CVE-2025-23419 BDU-ID: 2025-03281 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TLS 1.3 protocol implementation of the NGINX Plus and NGINX Open Source web servers is relate...