1374 matches found
Advisory ROSA-SA-2024-2346
Software: gstreamer1-plugins-bad-free 1.10.4 OS: rosa-server79 packageevrstring: gstreamer1-plugins-bad-free-1.10.4-4.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...
Advisory ROSA-SA-2024-2344
Software: gstreamer-plugins-bad-free 0.10.23 OS: rosa-server79 packageevrstring: gstreamer-plugins-bad-free-0.10.23-24.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...
Advisory ROSA-SA-2024-2343
software: libx11 1.8.1 OS: ROSA-CHROME packageevrstring: libx11-1.8.1-3.src.rpm CVE-ID: CVE-2023-3138 BDU-ID: 2023-03596 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the src/InitExt.c file of the libX11 client API provisioning library for the X Window System libX11 is related to an operation...
Advisory ROSA-SA-2024-2342
software: ostree 2022.7 WASP: ROSA-CHROME packageevrstring: ostree-2022.7-1.src.rpm CVE-ID: CVE-2022-47085 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The issue detected in ostree allows attackers to cause a denial of service or other unspecified consequences using the printpanic function in...
Advisory ROSA-SA-2024-2341
Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-148.0.1.rv3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding...
Advisory ROSA-SA-2024-2340
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.1.res7 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to an argument injection or...
Advisory ROSA-SA-2024-2339
Software: libtirpc 1.1.4 OS: ROSA Virtualization 2.1 packageevrstring: libtirpc-1.1.4-8.rv3.src.rpm CVE-ID: CVE-2021-46828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In libtirpc, remote attackers could exhaust the file descriptors of a process using libtirpc because idle TCP connections are not handl...
Advisory ROSA-SA-2024-2338
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3.src.rpm CVE-ID: CVE-2022-0561 BDU-ID: 2022-05790 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TIFFFetchStripThing function of the tifdirread.c component of the LibTIFF library is related to pointer...
Advisory ROSA-SA-2024-2337
software: flatpak 1.14.4 AXIS: ROSA-CHROME packageevrstring: flatpak-1.14.4-1.src.rpm CVE-ID: CVE-2023-28100 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: If the Flatpak application runs on a Linux virtual console, such as /dev/tty1, it can copy text from the virtual console and paste it into a comman...
Advisory ROSA-SA-2024-2336
software: hiredis 0.13.3 AXIS: ROSA-CHROME packageevrstring: hiredis-0.13.3-2.src.rpm CVE-ID: CVE-2021-32765 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In vulnerable versions, Hiredis is vulnerable to integer overflow if provided with maliciously crafted or corrupted RESP mult-bulk protocol data. Whe...
Advisory ROSA-SA-2024-2335
software: xterm 386 WASP: ROSA-CHROME packageevrstring: xterm-386-1.src.rpm CVE-ID: CVE-2023-40359 BDU-ID: 2023-07914 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting ReGIS Reporting feature of the XTerm terminal emulator is related to an operation exceeding...
Advisory ROSA-SA-2024-2334
software: ansible 2.9.27 WASP: ROSA-CHROME packageevrstring: ansible-2.9.27-1.src.rpm CVE-ID: CVE-2021-20178 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in the ansible module where default credentials are exposed in the console log and are not protected by the security feature...
Advisory ROSA-SA-2024-2333
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-10.rv3.src.rpm CVE-ID: CVE-2021-3634 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in libssh for versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets throughout a session. One ...
Advisory ROSA-SA-2024-2332
Software: glibc 2.28 OS: ROSA Virtualization 2.1 packageevrstring: glibc-2.28-225.rv3.src.rpm CVE-ID: CVE-2023-4527 BDU-ID: 2023-06332 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the glibc system library is related to reading data outside of buffer boundaries in...
Advisory ROSA-SA-2024-2331
Software: glibc 2.17 OS: rosa-server79 packageevrstring: glibc-2.17-326.res7.7 CVE-ID: CVE-2023-4911 BDU-ID: 2023-06269 CVE-Crit: N/A CVE-DESC.: A vulnerability in the dynamic loader ld.so of the glibc library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability...
Advisory ROSA-SA-2024-2330
software: epiphany 42.2 WASP: ROSA-CHROME packageevrstring: epiphany-42.2-4.src.rpm CVE-ID: CVE-2023-26081 BDU-ID: 2023-01753 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Epiphany web browser is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2024-2329
software: puppet 7.25.0 OS: ROSA-CHROME packageevrstring: puppet-7.25.0-1.src.rpm CVE-ID: CVE-2021-27021 BDU-ID: 2022-01884 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PuppetDB database management system is related to the failure to take measures to protect the SQL query structure...
Advisory ROSA-SA-2024-2328
Software: libpng 1.6.34 OS: ROSA Virtualization 2.1 packageevrstring: libpng-1.6.34-5.0.1.rv3.src.rpm CVE-ID: CVE-2019-7317 BDU-ID: 2019-03330 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pngimagefree function png.c of the PNG libpng bitmap graphics library involves the pngimagefreefunction...
Advisory ROSA-SA-2024-2327
Software: libnbd 1.6.0 OS: ROSA Virtualization 2.1 packageevrstring: libnbd-1.6.0-5.rv3.src.rpm CVE-ID: CVE-2022-0485 BDU-ID: 2022-01701 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libnbd library's nbdcopy tool is related to an exception handling flaw. Exploitation of the vulnerability could...
Advisory ROSA-SA-2024-2326
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: httpd-2.4.6-98.0.1.res7.7 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of the...
Advisory ROSA-SA-2024-2325
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-28.res7 CVE-ID: CVE-2023-5367 BDU-ID: 2023-07145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X Window System Xorg-server XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty randr/rrrproperty.c functions...
Advisory ROSA-SA-2024-2324
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-25.res7 CVE-ID: CVE-2023-6377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An error has been detected in xorg-server. Requesting or modifying XKB button actions, such as switching from touchpad to mouse, can...
Advisory ROSA-SA-2024-2323
Software: libmaxminddb 1.2.0 OS: ROSA Virtualization 2.1 packageevrstring: libmaxminddb-1.2.0.0-10.0.1.rv3.src.rpm CVE-ID: CVE-2020-28241 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: libmaxminddb has a process to overwrite data stored in a buffer located in dynamic memory in a function in the heap in...
Advisory ROSA-SA-2024-2322
Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 2.1 packageevrstring: libjpeg-turbo-1.5.3-12.rv3.src.rpm CVE-ID: CVE-2020-17541 BDU-ID: 2023-07622 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libjpeg-turbo image manipulation library is related to writing beyond buffer boundaries...
Advisory ROSA-SA-2024-2321
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...
Advisory ROSA-SA-2024-2320
software: cups 2.3.3op2 OS: ROSA-CHROME packageevrstring: cups-2.3.3.3op2-6.src.rpm CVE-ID: CVE-2023-4504 BDU-ID: 2023-06408 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the scanps function of the CUPS print server libppd library is related to an operation exceeding buffer boundaries in memory wh...
Advisory ROSA-SA-2023-2319
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...
Advisory ROSA-SA-2023-2318
software: ghostscript 9.54.0 OS: ROSA-CHROME packageevrstring: ghostscript-9.54.0-9.src.rpm CVE-ID: CVE-2023-36664 BDU-ID: 2023-03466 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the Ghostscript document processing, conversion, and generation software suite due to failure to take measures ...
Advisory ROSA-SA-2023-2317
Software: libinput 1.16.3 OS: ROSA Virtualization 2.1 packageevrstring: libinput-1.16.3-3.rv3.src.rpm CVE-ID: CVE-2022-1215 BDU-ID: 2022-02695 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the evdevlogmsg function of the libinput library's libinput implementation of the X.Org and Wayland display...
Advisory ROSA-SA-2023-2316
Software: libgcrypt 1.8.5 OS: ROSA Virtualization 2.1 packageevrstring: libgcrypt-1.8.5-7.rv3.src.rpm CVE-ID: CVE-2021-40528 BDU-ID: 2022-00593 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libgcrypt cryptographic library is related to the use of a weak cryptographic algorithm. Exploitation ...
Advisory ROSA-SA-2023-2315
Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14583 BDU-ID: 2020-03866 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libraries component of the Oracle Java SE and Oracle Java SE Embedded software platform...
Advisory ROSA-SA-2023-2314
Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14779 BDU-ID: 2020-05051 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Serialization component of the Java SE, Java SE Embedded software platforms is related t...
Advisory ROSA-SA-2023-2312
Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2023-22045 BDU-ID: 2023-04350 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Enterprise Edition...
Advisory ROSA-SA-2023-2311
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...
Advisory ROSA-SA-2023-2310
software: hivex 1.3.23 OS: ROSA-CHROME packageevrstring: hivex-1.3.23-4.src.rpm CVE-ID: CVE-2021-3622 BDU-ID: 2021-04419 CVE-Crit: LOW CVE-DESC.: A vulnerability in the getchildren function of the getchildren library for retrieving the contents of Windows hivex registry branches is related to the...
Advisory ROSA-SA-2023-2309
Software: libcap 2.26 OS: ROSA Virtualization 2.1 packageevrstring: libcap-2.26-5.0.1.rv3.src.rpm CVE-ID: CVE-2023-2603 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: This issue occurs in libcapstrdup and can cause an integer overflow if the input string is close to 4 GB. CVE-STATUS: Fixed CVE-REV: To...
Advisory ROSA-SA-2023-2308
Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.0.1.rv3.src.rpm CVE-ID: CVE-2018-1000879 BDU-ID: 2020-01816 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the archiveaclfromtextlins function of the libarchive library is related to NULL pointer...
Advisory ROSA-SA-2023-2307
Software: jasper 2.0.14-5 OS: ROSA Virtualization 2.1 packageevrstring: jasper-2.0.14-5.rv3.src.rpm CVE-ID: CVE-2020-27828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Special input provided by an attacker in jasper could cause an arbitrary write outside of the allowed range. This could potentially...
Advisory ROSA-SA-2023-2306
Software: hivex 1.3.18 OS: ROSA Virtualization 2.1 packageevrstring: hivex-1.3.18-23.rv3.src.rpm CVE-ID: CVE-2021-3622 BDU-ID: 2021-04419 CVE-Crit: LOW CVE-DESC.: A vulnerability in the getchildren function of the getchildren library for retrieving the contents of Windows hivex registry branches ...
Advisory ROSA-SA-2023-2305
software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...
Advisory ROSA-SA-2023-2304
software: netty 4.1.13 WASP: ROSA-CHROME packageevrstring: netty-4.1.13-13.src.rpm CVE-ID: CVE-2023-34462 BDU-ID: 2023-05355 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SniHandler component of the Netty networking software tool is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2023-2303
software: poppler 22.05.0 WASP: ROSA-CHROME packageevrstring: poppler-22.05.0-7.src.rpm CVE-ID: CVE-2023-34872 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Outline.cc for Poppler before version 23.06.0 allows a remote attacker to cause a denial of service DoS crash via a created PD...
Advisory ROSA-SA-2023-2302
software: qemu 7.2.0 OS: ROSA-CHROME packageevrstring: qemu-7.2.0-2.src.rpm CVE-ID: CVE-2023-0330 BDU-ID: 2023-04834 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the lsi53c895a.c component of the QEMU hardware emulator is related to writing beyond buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2023-2301
Software: gzip 1.9 OS: ROSA Virtualization 2.1 packageevrstring: gzip-1.9-13.rv3.src.rpm CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2023-2300
Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-106.0.3.rv3.src.rpm CVE-ID: CVE-2020-14372 BDU-ID: 2022-00326 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Secure Boot protocol implementation of the Grub2 operating system boot loader is related to an incorrect...
Advisory ROSA-SA-2023-2299
Software: grafana 7.3.6 OS: ROSA Virtualization 2.1 packageevrstring: grafana-7.3.6-2.el8.src.rpm CVE-ID: CVE-2020-27846 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A signature verification vulnerability exists in cookiejam/saml. This flaw allows an attacker to bypass SAML authentication. The...
Advisory ROSA-SA-2023-2298
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-6.0.1.rv3.src.rpm CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: An implementation vulnerability in the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...
Advisory ROSA-SA-2023-2297
software: puppet 7.25.0 OS: ROSA-CHROME packageevrstring: puppet-7.25.0-1.src.rpm CVE-ID: CVE-2021-27021 BDU-ID: 2022-01884 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PuppetDB database management system is related to the failure to take measures to protect the SQL query structure...
Advisory ROSA-SA-2023-2296
software: redis 7.0.12 OS: ROSA-CHROME packageevrstring: redis-7.0.12-1.src.rpm CVE-ID: CVE-2022-24834 BDU-ID: 2023-07213 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory...
Advisory ROSA-SA-2023-2295
software: tang 11 WASP: ROSA-CHROME packageevrstring: tang-11-4.src.rpm CVE-ID: CVE-2023-1672 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a race condition in the Tang server functions for key generation and key rotation. This flaw results in a small time interval during which Tang private...