Advisory ROSA-SA-2023-2127

Software: openssh 7.4 OS: rosa-server79 packageevrstring: openssh-7.4p1-21 CVE-ID: CVE-2023-25136 BDU-ID: 2023-00711 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the options.kexalgorithms component of the OpenSSH cryptographic security tool server is associated with a memory re-release error...

Advisory ROSA-SA-2023-2126

Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-22 CVE-ID: CVE-2023-0494 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be used by ProcXkbSetDeviceInfo a...

Advisory ROSA-SA-2023-2125

Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-common-1.20.4-16. CVE-ID: CVE-2023-0494 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be used b...

Advisory ROSA-SA-2023-2121

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26 CVE-ID: CVE-2022-2795 BDU-ID: 2022-06124 CVE-Crit: HIGH CVE-DESC: A vulnerability in the DNS BIND server is related to improper management of internal resources within the application when processing large delegations...

Advisory ROSA-SA-2023-2120

Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...

Advisory ROSA-SA-2023-2113

Software: kernel 3.10.0-1160.83.1.el7 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-0179 BDU-ID: 2023-00383 CVE-Crit: HIGH CVE-DESC: A vulnerability in the netfilter component of the Linux operating system kernel is related to a stack buffer overflow in nftables...

Advisory ROSA-SA-2023-2112

Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87 CVE-ID: CVE-2022-28733 BDU-ID: 2022-03372 CVE-Crit: HIGH CVE-DESC: A vulnerability in the grubnetrecvip4packets function of the Grub operating systems bootloader program is related to integer overflow. Exploitation of the...

Advisory ROSA-SA-2023-2107

kernel 123 rosa-server79 test00 software: kernel 123xxxxxxxxxzzzzzzzzzzzz CVE-Crit: packageevrstring: test00 CVE-ID: test CVE-Crit: Not Current...

Advisory ROSA-SA-2023-2098

Software: samba 1.0 OS: testCVE-ID: test CVE-Crit: medium CVE-DESC: test CVE-STATUS: test CVE-REV: test...

Advisory ROSA-SA-2023-2097

Software: kernel 3.10.0-1160.83.1.el7 OS: rosa-server79 packageevrstring: 3.10.0-1160.83.1.el7 CVE-ID: CVE-2022-2964 BDU-ID: 2022-05848 CVE-Crit: HIGH CVE-DESC: A vulnerability in the Linux operating system kernel driver for ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet devices is related t...

Advisory ROSA-SA-2023-2096

Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...

Advisory ROSA-SA-2023-2095

Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-22 CVE-ID: CVE-2022-4283 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting i...

Advisory ROSA-SA-2023-2092

Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-common-1.20.4-16. CVE-ID: CVE-2022-4283 BDU-ID: None CVE-Crit: HIGH CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to...

Advisory ROSA-SA-2023-2085

Software: xrdp 0.9.21 OS: rosa-server79 packageevrstring: xrdp-0.9.21 CVE-ID: CVE-2022-23477 BDU-ID: 2022-07224 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerabili...

Advisory ROSA-SA-2023-2075

Software: sudo 1.8.23 OS: rosa-server79 packageevrstring: sudo-1.8.23-11 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: HIGH CVE-DESC: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional arguments in environmen...

Advisory ROSA-SA-2022-2062

Software: samba 4.12.12 OS: rosa-server79 packageevrstring: samba-4.12.12-3 CVE-ID: CVE-2022-32744 BDU-ID: 2022-04687 CVE-Crit: Not Relevant CVE-DESC: A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own...

Advisory ROSA-SA-2022-2056

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2022-2078 BDU-ID: 2022-04090 CVE-Crit: Not Relevant CVE-DESC: A vulnerability in the nftsetdescconcatparse function of the Linux operating systems kernel is related to buffer copying without checki...

Advisory ROSA-SA-2022-2013

Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...

Advisory ROSA-SA-2022-2012

Software: polkit 0.112 OS: rosa-server79 packageevrstring: polkit-0.112-26 CVE-ID: CVE-2021-4034 BDU-ID: 2022-00488 CVE-Crit: HIGH CVE-DESC: There is an issue in pkexec that causes it to not check the number of arguments, assuming that it will always be at least 1 and that the second value is equ...

Advisory ROSA-SA-2021-2006

Software: zziplib 0.13.62 OS: Cobalt 7.9 CVE-ID: CVE-2017-5977 CVE-Crit: MEDIUM CVE-DESC: The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file. CVE-STATUS: default CVE-REV:...

Advisory ROSA-SA-2021-2005

Software: zsh 5.0.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-10070 CVE-Crit: HIGH CVE-DESC: zsh before 5.0.7 allows the initial values of integer variables imported from the environment to be evaluated instead of treating them as literal numbers. This may allow local privilege escalation under some specif...

Advisory ROSA-SA-2021-2004

Software: zlib 1.2.7 OS: Cobalt 7.9 CVE-ID: CVE-2013-0296 CVE-Crit: HIGH CVE-DESC: race condition in pigz before 2.2.5 uses permissions derived from umask when compressing a file before setting that file's permissions to match those of the source file, which may allow local users to bypass implie...

Advisory ROSA-SA-2021-2003

Software: yum-utils 1.1.31 OS: Cobalt 7.9 CVE-ID: CVE-2018-10897 CVE-Crit: HIGH CVE-DESC: A directory traversal issue was discovered in reposync, part of yum-utils, where reposync cannot clear paths in remote repository configuration files. If an attacker controls the repository, they can copy...

Advisory ROSA-SA-2021-2002

Software: yum 3.4.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-1910 CVE-Crit: CRITICAL CVE-DESC: yum mishandles bad metadata, allowing an attacker to cause a denial of service and possibly other undefined impact via a Trojan horse file in the metadata of a remote repository. CVE-STATUS: default CVE-REV:...

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

Advisory ROSA-SA-2021-2000

Software: xdelta 3.0.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-9765 CVE-Crit: HIGH CVE-DESC: Buffer overflow in maingetappheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code through a crafted input file. CVE-STATUS: default CVE-REV: default...

Advisory ROSA-SA-2021-1999

Software: xchat 2.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2011-5129 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service failure and possibly execute arbitrary code using a long response string. CVE-STATUS: default CVE-REV:...

Advisory ROSA-SA-2021-1998

Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...

Advisory ROSA-SA-2021-1997

Software: wirehark 1.10.14 OS: Cobalt 7.9 CVE-ID: CVE-2015-3814 CVE-Crit: HIGH CVE-DESC: The functions 1 exctfsrequest and 2 exctfsresponse in epan / dissectors / packet-ieee80211.c in IEEE 802.11 dissector in Wireshark 1.10.x through 1.10.14 and 1.12.x through 1.12.5 interpret the null. value as...

Advisory ROSA-SA-2021-1996

Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...

Advisory ROSA-SA-2021-1995

Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...

Advisory ROSA-SA-2021-1994

Software: vorbis-tools 1.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9638 CVE-Crit: MEDIUM CVE-DESC: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service division-by-zero error and crash via a WAV file with the number of channels set to zero. CVE-STATUS: default CVE-REV:...

Advisory ROSA-SA-2021-1993

Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...

Advisory ROSA-SA-2021-1992

Software: util-linux 2.23.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-5224 CVE-Crit: CRITICAL CVE-DESC: The mkostemp function in login-utils in util-linux, when misused, allows remote attackers to cause file name conflict and possibly other attacks. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2016-501...

Advisory ROSA-SA-2021-1991

Software: unzip 6.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9913 CVE-Crit: MEDIUM CVE-DESC: Buffer overflow in listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service failure using vectors associated with the compression method. CVE-STATUS: default CVE-REV:...

Advisory ROSA-SA-2021-1990

Software: unbound 1.6.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-15105 CVE-Crit: MEDIUM CVE-DESC: An error was found in the method of unbound to 1.6.8 verified NSEC records synthesized using wildcards. An improperly checked wildcard NSEC record may be used to prove the absence NXDOMAIN response of an...

Advisory ROSA-SA-2021-1989

Software: trousers 0.3.14 OS: Cobalt 7.9 CVE-ID: CVE-2020-24330 CVE-Crit: HIGH CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed...

Advisory ROSA-SA-2021-1988

Software: tomcat 7.0.76 OS: Cobalt 7.9 CVE-ID: CVE-2012-5568 CVE-Crit: CRITICAL CVE-DESC: Apache Tomcat via 7.0.x allows remote attackers to cause a denial of service disabling the daemon via partial HTTP requests, as demonstrated by Slowloris. CVE-STATUS: default CVE-REV: default CVE-ID:...

Advisory ROSA-SA-2021-1987

Software: tigervnc 1.8.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-26117 CVE-Crit: HIGH CVE-DESC: In the files rfb / CSecurityTLS.cxx and rfb / CSecurityTLS.java in TigerVNC before 1.11.0, the viewers do not handle TLS certificate exceptions correctly. They store certificates as authoritative sources, whic...

Advisory ROSA-SA-2021-1986

Software: thunderbird 78.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-26970 CVE-Crit: HIGH CVE-DESC: When reading SMTP server status codes, Thunderbird writes an integer value to a position in the stack that should contain only one byte. Depending on the processor architecture and stack structure, this...

Advisory ROSA-SA-2021-1985

Software: tcpdump 4.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-16808 CVE-Crit: MEDIUM CVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoeprint in print-aoe.c and lookupememem in addrtoname.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-10103 CVE-Crit:...

Advisory ROSA-SA-2021-1984

Software: tar 1.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-12015. CVE-Crit: HIGH CVE-DESC: In Perl before 5.26.2, the Archive :: Tar module allows remote attackers to bypass the directory traversal protection mechanism and overwrite arbitrary files via an archive file containing a symbolic link and a...

Advisory ROSA-SA-2021-1983

Software: talk 0.17 OS: Cobalt 7.9 CVE-ID: CVE-2018-3781 CVE-Crit: MEDIUM CVE-DESC: The lack of cleanup of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to persistence of XSS requiring user interaction. The lack of cleanup only affected usernames, so malicious search...

Advisory ROSA-SA-2021-1982

Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...

Advisory ROSA-SA-2021-1981

Software: sysstat 10.1.5 OS: Cobalt 7.9 CVE-ID: CVE-2019-16167 CVE-Crit: MEDIUM CVE-DESC: sysstat before 12.1.6 has memory corruption due to an integer overflow in remapstruct in sacommon.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-19725 CVE-Crit: CRITICAL CVE-DESC: sysstat before...

Advisory ROSA-SA-2021-1980

Software: sudo 1.8.23 OS: Cobalt 7.9 CVE-ID: CVE-2021-23239 CVE-Crit: LOW CVE-DESC: The sudoedit personality in sudo before 1.9.5 can allow a local unprivileged user to perform arbitrary directory existence tests by winning the sudoedit.c race condition when replacing a user-controlled directory...

Advisory ROSA-SA-2021-1979

Software: subversion 1.7.14 OS: Cobalt 7.9 CVE-ID: CVE-2014-3504 CVE-Crit: HIGH CVE-DESC: The functions 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate in Serf 0.2.0 - 1.3.x through 1.3.7 incorrectly handle the NUL byte in the domain name in the subject common name. CN in...

Advisory ROSA-SA-2021-1978

Software: stunnel 4.56 OS: Cobalt 7.9 CVE-ID: CVE-2014-0016 CVE-Crit: MEDIUM CVE-DESC: stunnel before 5.00 when using fork streaming does not properly update the OpenSSL pseudo-random number generator PRNG state, which causes subsequent children with the same process ID to use the same entropy po...

Advisory ROSA-SA-2021-1977

Software: sssd 1.16.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-16883 CVE-Crit: MEDIUM CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the "alloweduids" configuration parameter. If sensitive information was stored in a user's directory, it...

Advisory ROSA-SA-2021-1976

Software: squid 3.5.20 OS: Cobalt 7.9 CVE-ID: CVE-2016-10003 CVE-Crit: HIGH CVE-DESC: An incorrect comparison of HTTP request headers in Squid HTTP Proxy 3.5.0.0.1-3.5.22 and 4.0.1-4.0.16 causes Collapsed Forwarding to incorrectly identify some private responses as suitable for delivery to multip...