1374 matches found
Advisory ROSA-SA-2023-2294
software: emacs 28.1 WASP: ROSA-CHROME packageevrstring: emacs-28.1-4.src.rpm CVE-ID: CVE-2023-27985 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: emacsclient-mail.desktop in Emacs 28.1-28.2 is vulnerable to injecting shell commands via the generated mailto: URI. This is due to an inconsistency with the...
Advisory ROSA-SA-2023-2293
Software: glibc 2.28 OS: ROSA Virtualization 2.1 packageevrstring: glibc-2.28-225.rv3.src.rpm CVE-ID: CVE-2021-3999 BDU-ID: 2022-01635 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the getcwd function of the glibc system library is associated with a single offset error. Exploitation of the...
Advisory ROSA-SA-2023-2292
Software: git 2.39.3 OS: ROSA Virtualization 2.1 packageevrstring: git-2.39.3-1.rv3 CVE-ID: CVE-2022-39253 BDU-ID: 2023-06647 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Git for Windows distributed version control system is related to a lack of service data protection. Exploitation of the...
Advisory ROSA-SA-2023-2291
Software: gdb 8.2 OS: ROSA Virtualization 2.1 packageevrstring: gdb-8.2-19.rv3.src.rpm CVE-ID: CVE-2019-1010180 BDU-ID: 2019-03222 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdb module of the GDB debugger is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2023-2290
Software: fribidi 1.0.4 OS: ROSA Virtualization 2.1 packageevrstring: fribidi-1.0.4-9.rv3.src.rpm CVE-ID: CVE-2022-25308 BDU-ID: 2022-02659 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the GNU FriBidi library is caused by a buffer overflow on the stack. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2289
software: firejail 0.9.60 WASP: ROSA-CHROME packageevrstring: firejail-0.9.60-1.src.rpm CVE-ID: CVE-2021-26910 BDU-ID: 2021-03745 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OverlayFS SUID component of the Firejail sandbox is related to insufficient state checking of a shared resource...
Advisory ROSA-SA-2023-2288
software: libreoffice 7.6.2 OS: ROSA-CHROME packageevrstring: libreoffice-7.6.2-4.src.rpm CVE-ID: CVE-2023-1183 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in the Libreoffice package. An attacker could create an odb containing a "database/script" file using the SCRIPT...
Advisory ROSA-SA-2023-2287
Software: dnsmasq 2.79 OS: ROSA Virtualization 2.1 packageevrstring: dnsmasq-2.79-26.rv3.src.rpm CVE-ID: CVE-2022-0934 BDU-ID: 2022-03253 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DHCPv6 protocol implementation of the Dnsmasq DNS server is related to a memory usage error after memory is...
Advisory ROSA-SA-2023-2286
Software: dhcp 4.3.6 OS: ROSA Virtualization 2.1 packageevrstring: dhcp-4.3.6-49.0.1.rv3.src.rpm CVE-ID: CVE-2022-2929 BDU-ID: None CVE-Crit: N/A CVE-DESC.: In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, a system with access to a DHCP server that sends DHCP packets created to...
Advisory ROSA-SA-2023-2285
software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2284
software: c-ares 1.18.1 OS: ROSA-CHROME packageevrstring: c-ares-1.18.1-2.src.rpm CVE-ID: CVE-2022-4904 BDU-ID: 2023-01258 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aressetsortlist function of the c-ares asynchronous DNS query library is related to a lack of input string validation, allowi...
Advisory ROSA-SA-2023-2283
software: dnsmasq 2.87 WASP: ROSA-CHROME packageevrstring: dnsmasq-2.87-2.src.rpm CVE-ID: CVE-2023-28450 BDU-ID: 2023-02265 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Dnsmasq DNS server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker...
Advisory ROSA-SA-2023-2282
Software: dmidecode 3.5 WASP: ROSA-CHROME packageevrstring: dmidecode-3.5-2.src.rpm CVE-ID: CVE-2023-30630 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dmidecode before version 3.5 allows -dump-bin to overwrite the local file. This has security implications because, for example, it is quite possible to...
Advisory ROSA-SA-2023-2281
Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-51.0.1.rv3.src.rpm CVE-ID: CVE-2022-26691 BDU-ID: 2022-04718 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability cou...
Advisory ROSA-SA-2023-2280
Software: cockpit 264.2 OS: ROSA Virtualization 2.1 packageevrstring: cockpit-264.2-1.0.1.rv3c.src.rpm CVE-ID: CVE-2021-3660 BDU-ID: 2021-04029 CVE-Crit: MEDIUM CVE-DESC.: A manager vulnerability for Cockpit servers is related to errors in the display of the user interface or frames. Exploitation...
Advisory ROSA-SA-2023-2279
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.15.x8664.rpm CVE-ID: CVE-2023-2828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Each named instance configured to act as a recursive resolver maintains a cache database containing responses to queries it has recently sent ...
Advisory ROSA-SA-2023-2278
Software: libssh2 1.8.0 OS: rosa-server79 packageevrstring: libssh2-1.8.0-4.res7.1.x8664.rpm CVE-ID: CVE-2020-22218 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An issue was discovered in the libssh2packetadd function in libssh2 1.10.0 that allows attackers to access external memory. CVE-STATUS: Fixed...
Advisory ROSA-SA-2023-2277
software: ffmpeg 4.4.3 OS: ROSA-CHROME packageevrstring: ffmpeg-4.4.3-2.src.rpm CVE-ID: CVE-2022-3109 BDU-ID: 2023-04787 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vp3decodeframe function of the libavcodec/vp3.c component of the FFmpeg multimedia library is related to a lack of validation o...
Advisory ROSA-SA-2023-2276
software: librsvg 2.52.11 WASP: ROSA-CHROME packageevrstring: librsvg-2.52.11-1.src.rpm CVE-ID: CVE-2023-38633 BDU-ID: 2023-05427 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XML document merge mechanism XInclude of the vector graphics rendering library librsvg is related to an incorrect...
Advisory ROSA-SA-2023-2275
software: irssi 1.4.2 OS: ROSA-CHROME packageevrstring: irssi-1.4.2-2.src.rpm CVE-ID: CVE-2023-29132 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Irssi 1.3.x and 1.4.x before 1.4.4 has post-release usage due to the use of an obsolete special builder reference. This occurs when printing an unformatted...
Advisory ROSA-SA-2023-2274
software: strongswan 5.9.10 OS: ROSA-CHROME packageevrstring: strongswan-5.9.10-1.src.rpm CVE-ID: CVE-2021-41990 BDU-ID: 2022-04051 CVE-Crit: HIGH CVE-DESC.: The gmp plugin in StrongSwan prior to version 5.9.4 has a remote integer overflow via a generated RSASSA-PSS signed certificate. For exampl...
Advisory ROSA-SA-2023-2273
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-1.src.rpm CVE-ID: CVE-2021-46784 BDU-ID: 2022-04051 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server's implementation of the Gopher network protocol is associated with the use of assert or a similar operator...
Advisory ROSA-SA-2023-2272
software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...
Advisory ROSA-SA-2023-2271
software: pdfbox 2.0.24 WASP: ROSA-CHROME packageevrstring: pdfbox-2.0.24-1.src.rpm CVE-ID: CVE-2021-27807 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A carefully crafted PDF file may cause an infinite loop when loading the file. This issue affects Apache PDFBox version 2.0.22 and earlier versions of...
Advisory ROSA-SA-2023-2270
software: thrift 0.10.0 WASP: ROSA-CHROME packageevrstring: thrift-0.10.0-18.src.rpm CVE-ID: CVE-2018-1320 BDU-ID: 2019-04255 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.thrift.transport.TSaslTransport class of the Apache Thrift interface description language is related to...
Advisory ROSA-SA-2023-2269
Software: vsftpd 3.0.5 OS: ROSA-CHROME packageevrstring: vsftpd-3.0.5-1.src.rpm CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2023-2268
software: vim 9.0.1572 WASP: ROSA-CHROME packageevrstring: vim-9.0.1572-1.src.rpm CVE-ID: CVE-2023-0049 BDU-ID: 2023-00068 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the buildstlstrhl buffer.c function of the Vim text editor is related to an operation exceeding buffer boundaries in memory...
Advisory ROSA-SA-2023-2267
software: virglrenderer 0.8.1 OS: ROSA-CHROME packageevrstring: virglrenderer-0.8.1-3.src.rpm CVE-ID: CVE-2022-0135 BDU-ID: 2023-05686 CVE-Crit: HIGH CVE-DESC.: An out-of-bounds write issue has been discovered in the OpenGL VirGL virtual visualization tool virglrenderer. This vulnerability allows...
Advisory ROSA-SA-2023-2266
software: sqlite 3.41.2 OS: ROSA-CHROME packageevrstring: sqlite-3.41.2-1.src.rpm CVE-ID: CVE-2022-46908 BDU-ID: 2023-05686 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the command line interface of the SQLite database management system is related to implementation errors in the...
Advisory ROSA-SA-2023-2265
Software: openjpeg 1.5.2 OS: ROSA-CHROME packageevrstring: openjpeg-1.5.2-7.src.rpm CVE-ID: CVE-2016-3182 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The coloresycctorgb function in bin/common/color.c in OpenJPEG before version 2.1.1 allows attackers to cause a denial of service memory corruption vi...
Advisory ROSA-SA-2023-2264
software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-4.src.rpm CVE-ID: CVE-2022-2868 BDU-ID: 2023-00296 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the tiffcrop utility exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to...
Advisory ROSA-SA-2023-2263
software: ncurses 6.2 WASP: ROSA-CHROME packageevrstring: ncurses-6.2-6.src.rpm CVE-ID: CVE-2022-29458 BDU-ID: 2023-00296 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the convertstrings function of the convertstrings component of the tinfo/readentry.c component of the Ncurses terminal I/O contr...
Advisory ROSA-SA-2023-2262
Software: openvswitch 2.16.1 OS: ROSA-CHROME packageevrstring: openvswitch-2.16.1-3.src.rpm CVE-ID: CVE-2019-25076 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The TSS Tuple Space Search algorithm in Open vSwitch versions 2.x-2.17.2 and 3.0.0 allows remote attackers to cause denial of service delayin...
Advisory ROSA-SA-2023-2261
software: mujs 1.3.3 AXIS: ROSA-CHROME packageevrstring: mujs-1.3.3.3-1.src.rpm CVE-ID: CVE-2016-10141 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS to...
Advisory ROSA-SA-2023-2260
software: upx 4.0.2 OS: ROSA-CHROME packageevrstring: upx-4.0.2-1.src.rpm CVE-ID: CVE-2019-20805 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: plxelf.cpp in UPX before version 3.96 has an integer overflow during unpacking via created values in the PTDYNAMIC segment. CVE-STATUS: Fixed CVE-REV: To close...
Advisory ROSA-SA-2023-2259
software: libxpm 3.5.14 OS: ROSA-CHROME packageevrstring: libxpm-3.5.14-2.src.rpm CVE-ID: CVE-2022-44617 BDU-ID: 2023-00389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ParsePixels function of the X Pixmap image file library XPM libXpm is related to insufficient input validation. Exploitation...
Advisory ROSA-SA-2023-2258
software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-3.src.rpm CVE-ID: CVE-2020-9484 BDU-ID: 2020-03620 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PersistenceManager component of the Apache Tomcat application server is related to the recovery of invalid data in memory...
Advisory ROSA-SA-2023-2257
Software: wireshark 4.0.5 OS: ROSA-CHROME packageevrstring: wireshark-4.0.5-1.src.rpm CVE-ID: CVE-2022-4344 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory shortage in the Kafka protocol dissector in Wireshark versions 4.0.0.0-4.0.1 and 3.6.0-3.6.9 allows denial of service via packet injection ...
Advisory ROSA-SA-2023-2256
Software: libmysofa 1.3.1 OS: ROSA-CHROME packageevrstring: libmysofa-1.3.1-1.src.rpm CVE-ID: CVE-2020-36148 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Improper handling of input to theverifyAttribute function in the libmysofa 0.5-1.1 library will result in dereferencing a null pointer and a...
Advisory ROSA-SA-2023-2255
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-32088 BDU-ID: 2022-04064 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Exectimetracker::getloops/Filesorttracker::reportuse/filesort function of the MariaDB database management system is...
Advisory ROSA-SA-2023-2254
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-27447 BDU-ID: 2022-06909 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Binarystring::freebuffer function of the /sql/sqlstring.h component of the MariaDB DBMS is related to memory usage after...
Advisory ROSA-SA-2023-2253
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-21595 BDU-ID: 2022-06420 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitati...
Advisory ROSA-SA-2023-2252
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-3284 BDU-ID: 2019-00759 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to resource release errors. Exploitation of...
Advisory ROSA-SA-2023-2251
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-2813 BDU-ID: 2019-03456 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Server: DDL component of the MySQL Server database management system is related to a lack of service data protection...
Advisory ROSA-SA-2023-2250
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...
Advisory ROSA-SA-2023-2249
software: xrdp 0.9.22.1 OS: ROSA-CHROME packageevrstring: xrdp-0.9.22.1-1.src.rpm CVE-ID: CVE-2022-23468 BDU-ID: 2022-07312 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the xrdploginwndcreate function of the XRDP server involves buffer copying without checking the size of the input data...
Advisory ROSA-SA-2023-2248
software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...
Advisory ROSA-SA-2023-2247
software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-23169 BDU-ID: 2021-04603 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the copyIntoFrameBuffer function of the OpenEXR wide dynamic range luminance image storage software is related to writing beyo...
Advisory ROSA-SA-2023-2246
Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-5.rv3.src.rpm CVE-ID: CVE-2021-3672 BDU-ID: 2022-00342 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SI library for DNS c-ares asynchronous queries is associated with failure to take measures to protect the...
Advisory ROSA-SA-2023-2245
Software: bind 9.11.26 OS: ROSA Virtualization 2.1 packageevrstring: bind-9.11.26-6.rv3.src.rpm CVE-ID: CVE-2019-6470 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: There was a bug in a function in one of the ISC BIND libraries that dhcpd used when running in DHCPv6 mode. There was also a bug in dhcpd's...