Rosalinux - Page 22 of Rosalinux Vulnerabilities List | Vulners.com

RosalinuxRecent

Recent Most viewed

1374 matches found

Rosalinux•added 2023/10/10 9:49 a.m.•25 views

Advisory ROSA-SA-2023-2244

Software: babel 2.5.1 OS: ROSA Virtualization 2.1 packageevrstring: babel-2.5.1-7.rv3 CVE-ID: CVE-2021-42771 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary local .dat files containing serialized Python objects via directory traversal,...

7.8CVSS7.2AI score0.00169EPSS

Rosalinux•added 2023/10/10 9:47 a.m.•23 views

Advisory ROSA-SA-2023-2243

Software: avahi 0.7 OS: ROSA Virtualization 2.1 packageevrstring: avahi-0.7-19.0.1.rv3 CVE-ID: CVE-2021-3468 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A bug was discovered in avahi in versions 0.6 through 0.8. The event used to signal the termination of a client connection in the avahi Unix socket...

5.5CVSS6.7AI score0.0003EPSS

Rosalinux•added 2023/10/10 9:32 a.m.•32 views

Advisory ROSA-SA-2023-2242

Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-2.rv3.src.rpm CVE-ID: CVE-2023-20900 BDU-ID: 2023-05064 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to the ability to bypass the SAML token signature...

7.5CVSS6.9AI score0.00807EPSS

Rosalinux•added 2023/10/10 9:26 a.m.•36 views

Advisory ROSA-SA-2023-2241

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-3397 BDU-ID: 2023-03779 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the JFS file system of the Linux operating system kernel is related to the reuse of previously freed memory due to...

7.8CVSS6.9AI score0.00221EPSS

Rosalinux•added 2023/10/10 8:59 a.m.•33 views

Advisory ROSA-SA-2023-2240

software: pcs 0.10.7 WASP: ROSA-CHROME packageevrstring: pcs-0.10.7-3.src.rpm CVE-ID: CVE-2022-2735 BDU-ID: 2022-05554 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the corosync/pacemaker PCS configuration utility is related to flaws in the authentication procedure. Exploitation of the vulnerabili...

7.8CVSS7.1AI score0.00051EPSS

Rosalinux•added 2023/10/10 8:57 a.m.•42 views

Advisory ROSA-SA-2023-2239

software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...

7.5CVSS7.4AI score0.00831EPSS

Rosalinux•added 2023/09/19 9:33 a.m.•25 views

Advisory ROSA-SA-2023-2238

software: less 608 WASP: ROSA-CHROME packageevrstring: less-608-2.src.rpm CVE-ID: CVE-2022-46663 BDU-ID: 2023-00696 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Less UNIX-like UNIX text terminal utility is related to incorrect filtering of embedded ANSI sequences when processing the -R...

7.5CVSS6.9AI score0.00108EPSS

Rosalinux•added 2023/09/19 9:31 a.m.•48 views

Advisory ROSA-SA-2023-2237

SOFTWARE: 389-ds-base 1.4.4.4.4. WASP: ROSA-CHROME packageevrstring: 389-ds-base-1.4.4.4-12.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...

6.5CVSS7.1AI score0.00118EPSS

Rosalinux•added 2023/09/12 12:13 p.m.•11 views

Advisory ROSA-SA-2023-2236

software: nuitka 1.5 WASP: ROSA-CHROME packageevrstring: nuitka-1.5-3.src.rpm CVE-ID: CVE-2022-2054 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Deploy code to the GitHub nuitka/nuitka repository to version 0.9. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update nuitka...

8.4CVSS7.3AI score0.0013EPSS

Rosalinux•added 2023/09/12 12:11 p.m.•27 views

Advisory ROSA-SA-2023-2235

Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5-1.src.rpm CVE-ID: CVE-2023-22742 BDU-ID: 2023-00574 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libssh2 library of the C Libgit2 implementation of Git methods is related to cryptographic signature verification errors...

5.9CVSS6.7AI score0.00121EPSS

Rosalinux•added 2023/09/12 11:49 a.m.•23 views

Advisory ROSA-SA-2023-2233

Software: thunderbird 102.14.0 OS: rosa-server79 packageevrstring: thunderbird-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text...

9.8CVSS8.8AI score0.03618EPSS

Rosalinux•added 2023/09/12 11:49 a.m.•20 views

Advisory ROSA-SA-2023-2232

Software: firefox 102.14.0 OS: rosa-server79 packageevrstring: firefox-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text directio...

9.8CVSS8.8AI score0.03618EPSS

Rosalinux•added 2023/09/05 12:17 p.m.•24 views

Advisory ROSA-SA-2023-2231

SOFTWARE: 389-ds-base 1.4.3.8 OS: ROSA Virtualization 2.1 packageevrstring: 389-ds-base-1.4.3.8.src.rpm CVE-ID: CVE-2021-3652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then...

6.5CVSS7AI score0.00118EPSS

Rosalinux•added 2023/09/05 12:16 p.m.•35 views

Advisory ROSA-SA-2023-2230

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...

7.5CVSS7.1AI score0.00948EPSS

Rosalinux•added 2023/09/05 9:40 a.m.•58 views

Advisory ROSA-SA-2023-2229

Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.res7 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool is related to...

9.8CVSS7.5AI score0.66852EPSS

Rosalinux•added 2023/09/05 9:37 a.m.•33 views

Advisory ROSA-SA-2023-2228

Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.16.res7 CVE-ID: CVE-2022-21216 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Insufficient granularity in external management access control in some IntelR Atom and Intel Xeon scalable processors may allow a privileged...

7.5CVSS6.6AI score0.00055EPSS

Rosalinux•added 2023/09/05 9:31 a.m.•32 views

Advisory ROSA-SA-2023-2227

software: buildah 1.30.0 AXIS: ROSA-CHROME packageevrstring: buildah-1.30.0-2.src.rpm CVE-ID: CVE-2022-27651 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There was a bug in the build that caused containers to incorrectly start with non-empty default permissions. A bug was discovered in Moby Docker...

7.1CVSS6.7AI score0.00181EPSS

Rosalinux•added 2023/09/05 9:29 a.m.•23 views

Advisory ROSA-SA-2023-2226

software: yara 4.3.1 AXIS: ROSA-CHROME packageevrstring: yara-4.3.1-1.src.rpm CVE-ID: CVE-2021-3402 BDU-ID: 2021-04875 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the YARA malware research and detection software is related to integer overflow. Exploitation of the vulnerability could allow an...

9.1CVSS7AI score0.00468EPSS

Rosalinux•added 2023/08/29 12:20 p.m.•19 views

Advisory ROSA-SA-2023-2225

software: pesign 116 WASP: ROSA-CHROME packageevrstring: pesign-116-1.src.rpm CVE-ID: CVE-2022-3560 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A flaw has been discovered in the design. The pesign package provides a systemd service used to run the pesign daemon. This service module runs a script to...

5.5CVSS7AI score0.00036EPSS

Rosalinux•added 2023/08/29 12:18 p.m.•21 views

Advisory ROSA-SA-2023-2224

software: mosquitto 2.0.15 WASP: ROSA-CHROME packageevrstring: mosquitto-2.0.15-2.src.rpm CVE-ID: CVE-2021-34431 BDU-ID: 2022-01775 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message i...

7.5CVSS6.7AI score0.0037EPSS

Rosalinux•added 2023/08/29 12:2 p.m.•38 views

Advisory ROSA-SA-2023-2223

Software: nss 3.53.1 OS: ROSA Virtualization 2.1 packageevrstring: nss-3.53.1-17.rv3.1c.src.rpm CVE-ID: CVE-2020-12403 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A bug was discovered in the way CHACHA20-POLY1305 is implemented in NSS in versions prior to 3.55. When using a Chacha20 consisting of...

9.8CVSS7.6AI score0.05243EPSS

Rosalinux•added 2023/08/29 11:57 a.m.•73 views

Advisory ROSA-SA-2023-2222

Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1-19.rv3.src.rpm CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security to...

9.8CVSS10AI score0.66852EPSS

Rosalinux•added 2023/08/22 1:21 p.m.•40 views

Advisory ROSA-SA-2023-2221

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-32206 BDU-ID: 2022-06918 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CURL server communication software tool is related to the allocation of unlimited memory. Exploitation of...

6.5CVSS6.9AI score0.03367EPSS

Rosalinux•added 2023/08/22 1:18 p.m.•34 views

Advisory ROSA-SA-2023-2220

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-22576 BDU-ID: 2022-03036 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OAUTH2 protocol implementation of the cURL command line utility is related to the reuse of a connection wi...

8.1CVSS7.3AI score0.00682EPSS

Rosalinux•added 2023/08/22 9:57 a.m.•23 views

Advisory ROSA-SA-2023-2219

software: tor 0.4.6.10 OS: ROSA-CHROME packageevrstring: tor-0.4.6.10-2.src.rpm CVE-ID: CVE-2023-23589 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The SafeSocks option in Tor before version 0.4.7.13 has a logic error that can use the insecure SOCKS4 protocol, but not the secure SOCKS4a protocol, aka...

6.5CVSS6.9AI score0.00779EPSS

Rosalinux•added 2023/08/22 8:47 a.m.•27 views

Advisory ROSA-SA-2023-2218

software: multipath-tools 0.8.9 WASP: ROSA-CHROME packageevrstring: multipath-tools-0.8.9-3.src.rpm CVE-ID: CVE-2022-41973 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: multipath-tools 0.7.7 to 0.9.x to 0.9.2 allows local users to gain root access as used in conjunction with CVE-2022-41974. Local users...

7.8CVSS6.9AI score0.00231EPSS

Rosalinux•added 2023/08/15 9:41 a.m.•21 views

Advisory ROSA-SA-2023-2217

Software: libmicrohttpd 0.9.76 OS: ROSA-CHROME packageevrstring: libmicrohttpd-0.9.76-1.src.rpm CVE-ID: CVE-2023-27371 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: GNU libmicrohttpd before version 0.9.76 allowed remote DoS denial of service due to improper multipart/form-data boundary parsing in the...

5.9CVSS6.9AI score0.00074EPSS

Rosalinux•added 2023/08/15 9:37 a.m.•29 views

Advisory ROSA-SA-2023-2216

software: subversion 1.14.2 OS: ROSA-CHROME packageevrstring: subversion-1.14.2-1.src.rpm CVE-ID: CVE-2020-17525 BDU-ID: 2022-00306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrect handling of reques...

7.5CVSS7AI score0.14805EPSS

Rosalinux•added 2023/08/15 9:26 a.m.•32 views

Advisory ROSA-SA-2023-2215

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2022-0392 BDU-ID: 2022-00992 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getexmodeline exgetln.c function of the vim text editor is related to writing beyond buffer boundaries in...

8.4CVSS8.7AI score0.01534EPSS

Rosalinux•added 2023/08/15 9:10 a.m.•33 views

Advisory ROSA-SA-2023-2214

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2021-3796 BDU-ID: 2021-05417 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the nvreplace function of the VIM text editor is related to memory usage after it has been freed. Exploitation o...

9.8CVSS8.4AI score0.00562EPSS

Rosalinux•added 2023/08/08 8:57 a.m.•21 views

Advisory ROSA-SA-2023-2213

Software: java-11-openjdk 11.0.19.0.7 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.19.0.7-1.res7 CVE-ID: CVE-2023-21930 BDU-ID: 2023-02179 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition...

7.4CVSS6.8AI score0.01156EPSS

Rosalinux•added 2023/08/08 8:21 a.m.•35 views

Advisory ROSA-SA-2023-2212

Software: freetype 2.9.1 OS: ROSA Virtualization 2.1 packageevrstring: freetype-2.9.1-9.rv3.src.rpm CVE-ID: CVE-2022-27404 BDU-ID: 2022-06908 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the sfntinitface function of the FreeType library is related to writing beyond buffer boundaries...

9.8CVSS8.7AI score0.00151EPSS

Rosalinux•added 2023/08/08 8:12 a.m.•34 views

Advisory ROSA-SA-2023-2211

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3.src.rpm CVE-ID: CVE-2021-23840 BDU-ID: 2021-03742 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions of the OpenSSL TLS and SSL protocols...

10CVSS8.7AI score0.86858EPSS

Rosalinux•added 2023/08/08 7:54 a.m.•18 views

Advisory ROSA-SA-2023-2210

Software: opensmtpd 7.3.0p0rc2 OS: ROSA-CHROME packageevrstring: opensmtpd-7.3.0p0rc2-1.src.rpm CVE-ID: CVE-2023-29323 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: asciiloadsockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0.0-portable commi...

7.8CVSS6.7AI score0.00063EPSS

Rosalinux•added 2023/08/08 7:51 a.m.•34 views

Advisory ROSA-SA-2023-2209

software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.1.7-1.src.rpm CVE-ID: CVE-2021-43784 BDU-ID: 2023-02652 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting...

7.8CVSS7.1AI score0.00146EPSS

Rosalinux•added 2023/08/01 1:30 p.m.•40 views

Advisory ROSA-SA-2023-2208

software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-38431 BDU-ID: 2023-03952 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ksmbdconnhandlerloop function in the fs/smb/server/connection.c module of the KSMBD file system of the...

9.8CVSS6.8AI score0.00096EPSS

Rosalinux•added 2023/08/01 1:20 p.m.•46 views

Advisory ROSA-SA-2023-2207

software: kernel-5.10 5.10.184 WASP: ROSA-CHROME packageevrstring: kernel-5.10-generic-5.10.184-1.src.rpm CVE-ID: CVE-2023-34255 BDU-ID: 2023-02994 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xfsbtreelookupgetblock function of the Linux operating systems kernel is related to memory usage aft...

7.8CVSS6.7AI score0.00023EPSS

Rosalinux•added 2023/08/01 1:17 p.m.•43 views

Advisory ROSA-SA-2023-2206

software: kernel-5.15 5.15.117 WASP: ROSA-CHROME packageevrstring: kernel-5.15-generic-5.15.117-1.src.rpm CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control duri...

7.8CVSS6.7AI score0.00023EPSS

Rosalinux•added 2023/08/01 1:7 p.m.•30 views

Advisory ROSA-SA-2023-2205

Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.rv3.src.rpm CVE-ID: CVE-2021-23177 BDU-ID: 2022-01463 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability...

9.8CVSS7.8AI score0.00551EPSS

Rosalinux•added 2023/08/01 1:4 p.m.•25 views

Advisory ROSA-SA-2023-2204

Software: pcre2 10.32 OS: ROSA Virtualization 2.1 packageevrstring: pcre2-10.32-3.rv3.src.rpm CVE-ID: CVE-2022-1586 BDU-ID: 2022-03770 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the compilexclassmatchingpath function of the PCRE2 library is related to reading data beyond buffer boundaries in...

9.1CVSS6.8AI score0.00584EPSS

Rosalinux•added 2023/08/01 12:58 p.m.•38 views

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

9.8CVSS7.8AI score0.01445EPSS

Rosalinux•added 2023/07/25 10:31 a.m.•29 views

Advisory ROSA-SA-2023-2202

Software: python 3.6.8 OS: rosa-server79 packageevrstring: python-3.6.8-19.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

7.5CVSS6.9AI score0.01445EPSS

Rosalinux•added 2023/07/25 10:25 a.m.•33 views

Advisory ROSA-SA-2023-2201

Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-3.res7.6 CVE-ID: CVE-2023-20867 BDU-ID: 2023-03162 CVE-Crit: LOW CVE-DESC.: A vulnerability in the vgauth module of the VMware Tools component of the VMware ESXi hypervisor is related to errors in the...

3.9CVSS7.1AI score0.01444EPSS

Rosalinux•added 2023/07/25 10:22 a.m.•23 views

Advisory ROSA-SA-2023-2200

Software: openblas 0.3.3 OS: ROSA Virtualization 2.1 packageevrstring: openblas-0.3.3-5.rv3.1.src.rpm CVE-ID: CVE-2021-4048 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An out-of-bounds read vulnerability was discovered in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack before version...

9.1CVSS7.2AI score0.00364EPSS

Rosalinux•added 2023/07/25 10:20 a.m.•19 views

Advisory ROSA-SA-2023-2199

Software: aspell 0.60.6.1 OS: ROSA Virtualization 2.1 packageevrstring: aspell-0.60.6.1.1-21.rv3.1.src.rpm CVE-ID: CVE-2019-17544 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer that is reloaded in acommon::unescape in common/getdata.cpp...

9.1CVSS7.1AI score0.01242EPSS

Rosalinux•added 2023/07/25 10:17 a.m.•38 views

Advisory ROSA-SA-2023-2198

Software: sysstat 12.7.2 OS: ROSA-CHROME packageevrstring: sysstat-12.7.2-1.src.rpm CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: On 32-bit systems in versions 9.1.16 and newer but before 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures...

7.8CVSS8.2AI score0.01192EPSS

Rosalinux•added 2023/07/25 10:14 a.m.•17 views

Advisory ROSA-SA-2023-2197

software: suricata 6.0.12 WASP: ROSA-CHROME packageevrstring: suricata-6.0.12-1.src.rpm CVE-ID: CVE-2021-37592 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a TCP/IP stack created that can send a specific sequence of...

9.8CVSS7AI score0.00404EPSS

Rosalinux•added 2023/07/18 11:36 a.m.•22 views

Advisory ROSA-SA-2023-2196

Software: bookkeeper 4.3.2 OS: ROSA-CHROME packageevrstring: bookkeeper-4.3.2-7.src.rpm CVE-ID: CVE-2022-32531 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The Apache Bookkeeper Java client before 4.14.6, and also 4.15.0 does not close the connection to the accounting server when TLS hostname validatio...

5.9CVSS6.8AI score0.00798EPSS

Rosalinux•added 2023/07/18 11:33 a.m.•16 views

Advisory ROSA-SA-2023-2195

software: salt 3004.2 WASP: ROSA-CHROME packageevrstring: salt-3004.2-1.src.rpm CVE-ID: CVE-2022-22967 BDU-ID: 2022-03745 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PAM auth function of the Salt configuration management and remote operations execution system is related to the lack of a vali...

8.8CVSS7.6AI score0.00504EPSS

Rosalinux•added 2023/07/18 11:28 a.m.•27 views

Advisory ROSA-SA-2023-2194

Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-4.rv3.src.rpm CVE-ID: CVE-2021-46848 BDU-ID: 2022-06694 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1encodesimpleder function of the Libtasn1 library is related to a single offset error. Exploitation of th...

9.1CVSS6.6AI score0.0041EPSS

Total number of security vulnerabilities1374