1374 matches found
Advisory ROSA-SA-2023-2193
Software: libksba 1.3.5 OS: ROSA Virtualization 2.1 packageevrstring: libksba-1.3.5-9.rv3.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the...
Advisory ROSA-SA-2023-2191
Software: emacs 24.3-23. OS: rosa-server79 packageevrstring: 24.3-23.res7.1 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir parameter come from external input, and...
Advisory ROSA-SA-2023-2190
Software: c-ares 1.10.0 OS: rosa-server79 packageevrstring: 1.10.0-3.res7.1 CVE-ID: CVE-2023-32067 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: This problem occurs due to a 0-byte UDP payload that can cause a denial of service. CVE-STATUS: Fixed CVE-REV: To close, run the yum update c-ares command...
Advisory ROSA-SA-2023-2189
Software: kernel-ml 5.15.117 OS: rosa-server79 packageevrstring: kernel-ml-5.15.117-1.res7 CVE-ID: CVE-2023-31085 BDU-ID: 2023-02516 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the mtddivbyeb function in the include/linux/mtd/mtd/mtd.h module of the Linux operating system kernel is related to...
Advisory ROSA-SA-2023-2188
Software: pure-ftpd 1.0.51 OS: ROSA-CHROME packageevrstring: pure-ftpd-1.0.51-1.src.rpm CVE-ID: CVE-2020-9274 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An uninitialized pointer vulnerability has been discovered in the linked list of diraliases. When the lookupaliasconst char alias or printaliasesvoi...
Advisory ROSA-SA-2023-2186
software: pidgin 2.14.12 WASP: ROSA-CHROME packageevrstring: pidgin-2.14.12-1.src.rpm CVE-ID: CVE-2022-26491 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A remote attacker who can spoof DNS responses can redirect the client connection to a malicious server. The client will perform TLS certificate...
Advisory ROSA-SA-2023-2184
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-8.rv3.src.rpm CVE-ID: CVE-2020-36329 BDU-ID: 2021-03101 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to memory usage after memory is freed...
Advisory ROSA-SA-2023-2183
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-8.rv3.src.rpm CVE-ID: CVE-2018-25009 BDU-ID: 2021-03097 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in...
Advisory ROSA-SA-2023-2182
software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-3269 BDU-ID: 2023-03584 CVE-Crit: HIGH CVE-DESC: A vulnerability in the memory management subsystem of the Linux operating system kernel is related to memory usage after memory has...
Advisory ROSA-SA-2023-2181
Software: Grafana 6.7.4 OS: ROSA Virtualization 2.1 packageevrstring: grafana-6.7.4-3.rv3.src.rpm CVE-ID: CVE-2023-3128 BDU-ID: 2023-03343 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of...
Advisory ROSA-SA-2023-2180
Software: kernel-ml 5.15.114 OS: rosa-server79 packageevrstring: kernel-ml-5.15.114-1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...
Advisory ROSA-SA-2023-2179
Software: kernel-ml 6.1.31 OS: rosa-server79 packageevrstring: kernel-ml-6.1.31-1.0.1.res7 CVE-ID: CVE-2023-2124 BDU-ID: 2023-02529 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XFS file system of the Linux operating system kernel is related to insufficient metadata control during mount mount ...
Advisory ROSA-SA-2023-2178
software: leptonica 1.79.0 WASP: ROSA-CHROME packageevrstring: leptonica-1.79.0-3.src.rpm CVE-ID: CVE-2022-38266 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An issue in the linked Leptonica library v1.79.0 allows attackers to raise an arithmetic exception leading to a denial of service DoS via a...
Advisory ROSA-SA-2023-2177
Software: libcacard 2.5.2 OS: ROSA-CHROME packageevrstring: libcacard-2.5.2-6.src.rpm CVE-ID: CVE-2017-6414 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A memory leak in the vcardapdunew function in the card7816.c file in libcacard before version 2.5.3 allows local guest OS users to cause a denial of...
Advisory ROSA-SA-2023-2176
Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-25.res7 CVE-ID: CVE-2023-25652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Up to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1 by submitting specially crafted input for git app...
Advisory ROSA-SA-2023-2175
Software: apr-util 1.5.2-6 OS: rosa-server79 packageevrstring: apr-util-1.5.2-6.res7.1 CVE-ID: CVE-2022-25147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Inte Overflow or Wraparound vulnerability in Apache Portable Runtime Utility APR-util aprbase64 functions allows an attacker to write data outside...
Advisory ROSA-SA-2023-2174
software: redis 7.0.11 OS: ROSA-CHROME packageevrstring: redis-7.0.11-1.src.rpm CVE-ID: CVE-2022-35977 BDU-ID: 2023-00695 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to integer overflow during object processing. Exploitation of the...
Advisory ROSA-SA-2023-2173
software: tnef 1.4.15 AXIS: ROSA-CHROME packageevrstring: tnef-1.4.15-3.src.rpm CVE-ID: CVE-2019-18849 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In tnef before 1.4.18, an attacker could write to a victim's .ssh/authorizedkeys file via an email message with a created winmail.dat application/ms-tnef...
Advisory ROSA-SA-2023-2172
Software: libtar 1.2.20 OS: ROSA Virtualization 2.1 packageevrstring: libtar-1.2.20-17.rv3 CVE-ID: CVE-2021-33644 BDU-ID: None CVE-Crit: HIGH CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc0 for the gnulongname variabl...
Advisory ROSA-SA-2023-2171
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 packageevrstring: sqlite-3.26.0-17.rv3 CVE-ID: CVE-2020-35525 BDU-ID: None CVE-Crit: HIGH CVE-DESC: In SQlite 3.31.1, a potential null pointer dereference was detected while processing an INTERSEC request. CVE-STATUS: Fixed CVE-REV: Execute the...
Advisory ROSA-SA-2023-2170
software: libksba 1.3.5 OS: ROSA-CHROME packageevrstring: libksba-1.3.5-10.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the CRL parser...
Advisory ROSA-SA-2023-2169
software: log4net 1.2.15 OS: ROSA-CHROME packageevrstring: log4net-1.2.15-6.src.rpm CVE-ID: CVE-2018-1285 BDU-ID: 2021-01050 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the logging library to the .NET Framework log4net platform is related to XML external object XXE link restriction errors...
Advisory ROSA-SA-2023-2168
Software: firefox 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-1.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit. Exploitation ...
Advisory ROSA-SA-2023-2166
Software: thunderbird 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-2.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit...
Advisory ROSA-SA-2023-2165
Software: nss 3.53.1 OS: rosa-server79 packageevrstring: 3.53.1-7.res7 CVE-ID: CVE-2023-0767 BDU-ID: 2023-01270 CVE-Crit: HIGH CVE-DESC: A vulnerability in Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird email client browsers is related to improper limiting of operations within the...
Advisory ROSA-SA-2023-2164
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-2.rv3.src.rpm CVE-ID: CVE-2019-25038 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: Unbound before version 1.9.5 allows integer overflow on size calculation in dnscrypt/dnscrypt.c. CVE-STATUS: Fixed CVE-REV: Run the...
Advisory ROSA-SA-2023-2163
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 packageevrstring: unbound-1.16.2-2.rv3.src.rpm CVE-ID: CVE-2019-25032 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: Unbound before 1.9.5 allows integer overflow in the regional allocator via regionalalloc. CVE-STATUS: Fixed CVE-REV: Run the yum...
Advisory ROSA-SA-2023-2162
Software: wpasupplicant 2.10 OS: ROSA Virtualization 2.1 packageevrstring: wpasupplicant-2.10-1.rv3.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information...
Advisory ROSA-SA-2023-2161
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...
Advisory ROSA-SA-2023-2160
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2021-36160 BDU-ID: 2021-06099 CVE-Crit: HIGH CVE-DESC: A vulnerability in the modproxyuwsgi function of the Apache HTTP Server web server is related to reading data outside of the specified buffer. Exploitatio...
Advisory ROSA-SA-2023-2159
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the...
Advisory ROSA-SA-2023-2158
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: 2.4.6-98.7 CVE-ID: CVE-2021-40438 BDU-ID: 2021-04820 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2023-2156
Software: zlib 1.2.11 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.11 CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2023-2155
Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: 1.15.7 CVE-ID: CVE-2020-11993 BDU-ID: 2021-00779 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Apache HTTP Server's implementation of the HTTP/2 web server mechanism is related to inconsistent interpretation of http...
Advisory ROSA-SA-2023-2154
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: 1.8.0-25 CVE-ID: CVE-2023-1393 BDU-ID: None CVE-Crit: HIGH CVE-DESC: Use-After-Free can result in elevated local privileges. If a client explicitly destroys a linker overlay window also known as COW, Xserver will leave a dangling pointe...
Advisory ROSA-SA-2023-2153
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: 1.20.4-23 CVE-ID: CVE-2023-1393 BDU-ID: None CVE-Crit: HIGH CVE-DESC: Use-After-Free can result in elevated local privileges. If a client explicitly destroys a linker overlay window also known as COW, Xserver will leave a dangli...
Advisory ROSA-SA-2023-2152
Software: openssl 1.0.2k OS: rosa-server79 packageevrstring: 1.0.2k-20 CVE-ID: CVE-2023-0286 BDU-ID: 2023-00665 CVE-Crit: HIGH CVE-DESC: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to a flaw in the data type conversion mechanism for x400 address processing...
Advisory ROSA-SA-2023-2151
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-39399 BDU-ID: None CVE-Crit: LOW CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM...
Advisory ROSA-SA-2023-2150
Software: libtar 1.2.20 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.20 CVE-ID: CVE-2021-33643 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc0 for the gnulonglink variable, resulti...
Advisory ROSA-SA-2023-2149
Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 packageevrstring: 3.26.0 CVE-ID: CVE-2019-19645 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Alter.c in SQLite before 3.30.1 allows attackers to trigger infinite recursion using certain types of self-referential views in conjunction with ALTER TABLE...
Advisory ROSA-SA-2023-2139
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21282 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...
Advisory ROSA-SA-2023-2138
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...
Advisory ROSA-SA-2023-2136
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...
Advisory ROSA-SA-2023-2135
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21366 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...
Advisory ROSA-SA-2023-2134
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-35603 BDU-ID: None CVE-Crit: LOW CVE-DESC: A vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE component: JSSE. A...
Advisory ROSA-SA-2023-2133
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-2161 BDU-ID: 2021-02490 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition softwa...
Advisory ROSA-SA-2023-2132
Software: pesign 0.109 OS: rosa-server79 packageevrstring: pesign-0.109-11 CVE-ID: CVE-2022-3560 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: A flaw has been found in the design. The pesign package provides a systemd service used to run the pesign daemon. This service module runs a script to set ACLs...
Advisory ROSA-SA-2023-2131
Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-19 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2023-2130
Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-23 CVE-ID: CVE-2022-23521 BDU-ID: 2023-00499 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to integer...
Advisory ROSA-SA-2023-2129
Software: libksba 1.3.0 OS: rosa-server79 packageevrstring: libksba-1.3.0 CVE-ID: CVE-2022-47629 BDU-ID: 2022-07478 CVE-Crit: HIGH CVE-DESC: A vulnerability in the X.509 LibKSBA certificate function-providing library is related to an integer overflow in the CRL parser. Exploitation of the...