1374 matches found
Advisory ROSA-SA-2021-1975
Software: sqlite 3.7.17 OS: Cobalt 7.9 CVE-ID: CVE-2015-3717 CVE-Crit: HIGH CVE-DESC: Multiple buffer overflows in SQLite's printf function, used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service application crash via...
Advisory ROSA-SA-2021-1974
Software: vdagent spices 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-15108 CVE-Crit: HIGH CVE-DESC: spices vdagent up to 0.17.0 in a way that does not avoid saving the directory before going to the shell, allowing an attacker with access to the session running the agent to inject arbitrary commands to...
Advisory ROSA-SA-2021-1973
Software: spamassassin 3.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-11780 CVE-Crit: CRITICAL CVE-DESC: A potential remote code execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. CVE-STATUS: Default CVE-REV: default CVE-ID: CVE-2018-11805 CVE-Crit: MEDIUM CVE-DESC: In Apach...
Advisory ROSA-SA-2021-1972
Software: soundtouch 1.4.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-1000223 CVE-Crit: HIGH CVE-DESC: soundtouch versions up to and including 2.0.0.0 contain a buffer overflow vulnerability in SoundStretch / WavFile.cpp: WavInFile :: readHeaderBlock that could lead to arbitrary code execution. This attack...
Advisory ROSA-SA-2021-1971
Software: snort 2.9.16 OS: Cobalt 7.9 CVE-ID: CVE-2021-1223 CVE-Crit: HIGH CVE-DESC: Several Cisco products are affected by a vulnerability in the Snort discovery engine that could allow an unauthenticated remote attacker to bypass the configured file policy for HTTP. The vulnerability is related...
Advisory ROSA-SA-2021-1970
Software: slapi-nis 0.56.5 OS: Cobalt 7.9 CVE-ID: CVE-2021-3480 CVE-Crit: HIGH CVE-DESC: A bug was discovered in slapi-nis in versions before 0.56.7. Dereferencing a null pointer during Binding DN parsing could allow an unauthenticated attacker to take down a 389-ds-base directory server. The...
Advisory ROSA-SA-2021-1969
Software: sendmail 8.14.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-3956 CVE-Crit: CRITICAL CVE-DESC: The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order and therefore misses setting expected FDCLOEXEC flags, which allows local users to access unintended file...
Advisory ROSA-SA-2021-1968
Software: screen 4.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-5618 CVE-Crit: HIGH CVE-DESC: GNU screen before 4.5.1 allows local users to modify arbitrary files and therefore gain superuser privileges by improperly checking log file permissions. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-9366...
Advisory ROSA-SA-2021-1967
Software: samba 4.10.16 OS: Cobalt 7.9 CVE-ID: CVE-2020-10745 CVE-Crit: HIGH CVE-DESC: In all versions of Samba prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4, a flaw has been discovered in the way NetBios is handled over TCP / IP. This flaw allows a remote attacker to cause excessive CP...
Advisory ROSA-SA-2021-1966
Software: ruby 2.0.0.648 OS: Cobalt 7.9 CVE-ID: CVE-2012-6684 CVE-Crit: MEDIUM CVE-DESC: A cross-site scripting XSS vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1965
Software: rsyslog 8.24.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-12588 CVE-Crit: CRITICAL CVE-DESC: zmq3 input and output modules in rsyslog prior to version 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with undefined impact. CVE-STATUS: default CVE-RE...
Advisory ROSA-SA-2021-1964
Software: rsync 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-15994 CVE-Crit: CRITICAL CVE-DESC: rsync 3.1.3-development before 10/24-2017 incorrectly handles outdated checksums, making it easy for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch is widely used...
Advisory ROSA-SA-2021-1963
Software: rpm 4.11.3 OS: Cobalt 7.9 CVE-ID: CVE-2017-7501 CVE-Crit: HIGH CVE-DESC: It was discovered that rpm versions prior to 4.13.0.2 use temporary files with predictable names when installing RPM. An attacker with the ability to write to the directory where the files will be installed could...
Advisory ROSA-SA-2021-1962
Software: rpcbind 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-8779 CVE-Crit: HIGH CVE-DESC: rpcbind before 0.2.4, LIBTIRPC before 1.0.1 and 1.0.2-rc before 1.0.2-rc3 and NTIRPC before 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, allowing remote attackers to...
Advisory ROSA-SA-2021-1961
Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor also known as libraptor before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user, ...
Advisory ROSA-SA-2021-1960
Software: quagga 0.99.22.4 OS: Cobalt 7.9 CVE-ID: CVE-2016-1245 CVE-Crit: CRITICAL CVE-DESC: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffers from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The main reason was that the BUFSIZ was...
Advisory ROSA-SA-2021-1959
Software: qt 4.8.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-0190 CVE-Crit: HIGH CVE-DESC: The GIF decoder in QtGui in Qt before version 5.3 allows remote attackers to cause a denial of service dereferencing a NULL pointer via invalid width and height values in a GIF image. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1958
Software: pywbem 0.7.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-6418 CVE-Crit: HIGH CVE-DESC: PyWBEM 0.7 and earlier versions use a separate connection to validate X.509 certificates, which allows "attacker-in-the-middle" attackers to trick a peer node with an arbitrary certificate. CVE-STATUS: default...
Advisory ROSA-SA-2021-1957
Software: python 2.7.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-7040 CVE-Crit: CRITICAL. CVE-DESC: Python 2.7 through 3.4 uses only the last eight bits of the prefix to randomize hash values, causing it to compute hash values without limiting the ability to predictably initiate hash code collisions and...
Advisory ROSA-SA-2021-1956
Software: procps-ng 3.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2018-1126. CVE-Crit: CRITICAL. CVE-DESC: procps-ng before version 3.3.15 is vulnerable due to incorrect integer size in proc / alloc. , Which leads to truncation / integer overflow problems. This flaw is related to CVE-2018-1124. CVE-STATUS:...
Advisory ROSA-SA-2021-1955
Software: postgresql 9.2.24 OS: Cobalt 7.9 CVE-ID: CVE-2016-7048 CVE-Crit: HIGH CVE-DESC: The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 may allow remote attackers to execute arbitrary code using HTTP to download software. CVE-STATUS: Default...
Advisory ROSA-SA-2021-1954
Software: postfix 2.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-10140 CVE-Crit: HIGH CVE-DESC: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 may allow local users to gain privileges using undocumented features in Berkeley DB 2. x and later related to reading...
Advisory ROSA-SA-2021-1953
Software: poppler 0.26.5 OS: Cobalt 7.9 CVE-ID: CVE-2017-7511 CVE-Crit: MEDIUM CVE-DESC: poppler, since version 0.17.3, was vulnerable to null pointer dereferencing in pdfunite caused by specially crafted documents. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2017-7515 CVE-Crit: MEDIUM...
Advisory ROSA-SA-2021-1952
Software: policycoreutils 2.5 OS: Cobalt 7.9 CVE-ID: CVE-2014-3215 CVE-Crit: CRITICAL CVE-DESC: seunshare in policycoreutils 2.2.5 belongs to the root user with permissions 4755 and executes programs in a way that changes the relationship between the setuid system call and the stored set-user-ID...
Advisory ROSA-SA-2021-1951
Software: pidgin 2.10.11 OS: Cobalt 7.9 CVE-ID: CVE-2016-1000030 CVE-Crit: CRITICAL CVE-DESC: Pidgin version 2.11.0 contains a vulnerability in X.509 certificate import, specifically due to improper validation of return values from gnutlsx509crtinit and gnutlsx509crtimport , which could lead to...
Advisory ROSA-SA-2021-1950
Software: php 5.4.16 OS: Cobalt 7.9 CVE-ID: CVE-2011-4718 CVE-Crit: MEDIUM CVE-DESC: A session commit vulnerability in the session subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2011-4718...
Advisory ROSA-SA-2021-1949
Software: perl 5.16.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-4330 CVE-Crit: MEDIUM CVE-DESC: The Dumper method in Data :: Dumper before 2.154, which was used in Perl 5.20.1 and earlier, allows context-sensitive attackers to cause a denial of service stack consumption and failure via an array reference...
Advisory ROSA-SA-2021-1948
Software: pcsc-lite 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2016-10109 CVE-Crit: HIGH CVE-DESC: Post-release exploitation vulnerability in pcsc-lite before 1.8.20 allows remote attackers to cause a denial of service failure with a command that uses "cardList" after the descriptor has been released using...
Advisory ROSA-SA-2021-1947
Software: pcre 8.32 OS: Cobalt 7.9 CVE-ID: CVE-2015-2327 CVE-Crit: MEDIUM CVE-DESC: PCRE before version 8.36 incorrectly handles the pattern / a \ 2 | a \ g / / and related patterns with certain internal recursive backlinks, allowing remote attackers to cause a denial of service segmentation erro...
Advisory ROSA-SA-2021-1946
Software: path 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2014-9637 CVE-Crit: MEDIUM CVE-DESC: GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation error with a crafted diff file. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2015-1196...
Advisory ROSA-SA-2021-1945
Software: pango 1.42.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-17365 CVE-Crit: HIGH CVE-DESC: Incorrect directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier could allow an authorized user to potentially enable privilege escalation via local access. The...
Advisory ROSA-SA-2021-1944
Software: p7zip 16.02 OS: Cobalt 7.9 CVE-ID: CVE-2018-5996 CVE-Crit: HIGH CVE-DESC: Insufficient exception handling in NCompress method :: NRar3 :: CDecoder :: Code of 7-Zip before 18.00 and p7zip can cause multiple memory corruptions in PPMd code, allowing remote attackers to cause a denial of...
Advisory ROSA-SA-2021-1943
Software: p11-kit 0.23.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-29361 CVE-Crit: HIGH CVE-DESC: A problem was found in p11-kit 0.21.1 to 0.23.21. Multiple integer overflows were found in array allocation in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling...
Advisory ROSA-SA-2021-1942
Software: orca 3.6.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-9298 CVE-Crit: HIGH CVE-DESC: The spinnaker template resolution feature is vulnerable to server-side request forgery SSRF, which allows an attacker to send requests on behalf of the spinnaker, potentially exposing sensitive data. CVE-STATUS:...
Advisory ROSA-SA-2021-1941
Software: orc 0.4.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-8015 CVE-Crit: HIGH CVE-DESC: In Apache ORC 1.0.0-1.4.3, a corrupted ORC file can trigger an infinitely recursive function call in a C ++ or Java parser. The consequence of this error is likely to be a denial of service for software that uses t...
Advisory ROSA-SA-2021-1940
Software: openvpn 2.4.9 OS: Cobalt 7.9 CVE-ID: CVE-2020-11462 CVE-Crit: HIGH CVE-DESC: The issue was found in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. When the full-featured RPC2 interface is enabled, a temporary management interface DoS state can be reached when sending an XML...
Advisory ROSA-SA-2021-1939
Software: openssl 1.0.2k OS: Cobalt 7.9 CVE-ID: CVE-2011-4108 CVE-Crit: CRITICAL CVE-DESC: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs MAC checks only if a certain fill-in is allowed, making it easy for remote attackers to recover plaintext using a fill-in orac...
Advisory ROSA-SA-2021-1938
Software: openssh 7.4p1 OS: Cobalt 7.9 CVE-ID: CVE-2011-4327 CVE-Crit: CRITICAL CVE-DESC: ssh-keysign.c in ssh-keysign in OpenSSH before version 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, allowing local users to obtain sensitive key information via ...
Advisory ROSA-SA-2021-1937
Software: openslp 2.0.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-4912 CVE-Crit: HIGH CVE-DESC: The xrealloc function in xlspxmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service dereferencing a null pointer and crashing through a large number of created packets, causing a memory...
Advisory ROSA-SA-2021-1936
Software: opensc 0.19.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-15945 CVE-Crit: MEDIUM CVE-DESC: OpenSC before 0.20.0-rc1 has out-of-bounds access to ASN.1 bit string in decodebitstring in libopensc / asn1.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15946 CVE-Crit: MEDIUM CVE-DESC: OpenSC...
Advisory ROSA-SA-2021-1935
Software: openldap 2.4.44 OS: Cobalt 7.9 CVE-ID: CVE-2017-14159 CVE-Crit: MEDIUM CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account t...
Advisory ROSA-SA-2021-1934
Software: oddjob 0.31.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-10737 CVE-Crit: MEDIUM CVE-DESC: A race condition was discovered in the mkhomedir tool provided with the oddjob package in versions prior to 0.34.5 and 0.34.6, whereby during the creation of the home directory, mkhomedir copies the / etc /...
Advisory ROSA-SA-2021-1933
Software: numpy 1.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-12852 CVE-Crit: HIGH CVE-DESC: There is no input validation for the numpy.pad function in Numpy 1.13.1 and earlier. An empty list or ndarray will remain in an infinite loop, which may allow attackers to launch a DoS attack. CVE-STATUS: default...
Advisory ROSA-SA-2021-1932
Software: ntp 4.2.6p5 OS: Cobalt 7.9 CVE-ID: CVE-2015-5146 CVE-Crit: MEDIUM CVE-DESC: ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer trusted to perform remote configuration to cau...
Advisory ROSA-SA-2021-1931
Software: nmap 6.40 OS: Cobalt 7.9 CVE-ID: CVE-2018-15173 CVE-Crit: HIGH CVE-DESC: Nmap through 7.70, when the -sV parameter is used, allows remote attackers to cause a denial of service stack consumption and application failure via a TCP-based service created. CVE-STATUS: default CVE-REV: defaul...
Advisory ROSA-SA-2021-1930
Software: nettle 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-16869 CVE-Crit: MEDIUM. CVE-DESC: An oracle attack based on a Bleichenbacher-type side-channel was discovered in the way nettle handles the final transformation of PKCS 1 v1.5 data decrypted with RSA. An attacker who could run a process on th...
Advisory ROSA-SA-2021-1929
Software: net-snmp 5.7.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-2284 CVE-Crit: HIGH CVE-DESC: The Linux implementation of ICMP-MIB in Net-SNMP 5.5 through 5.5.2.1, 5.6.x through 5.6.2.1, and 5.7.x through 5.7.2.1 incorrectly validates input, allowing remote attackers to cause a denial of service via...
Advisory ROSA-SA-2021-1928
Software: netpbm 10.79.00 OS: Cobalt 7.9 CVE-ID: CVE-2018-8975 CVE-Crit: MEDIUM CVE-DESC: The pmmallocarray2 function in lib / util / mallocvar.c in Netpbm before version 10.81.03 allows remote attackers to cause a denial of service excessive heap-based buffer reads via a crafted image file, as...
Advisory ROSA-SA-2021-1927
Software: ncurses 5.9 OS: Cobalt 7.9 CVE-ID: CVE-2019-15547 CVE-Crit: HIGH CVE-DESC: An issue has been discovered in the ncurses box prior to version 5.99.0 for Rust. The printw functions have format string problems due to improper handling of C format arguments. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1926
Software: nasm 2.10.07 OS: Cobalt 7.9 CVE-ID: CVE-2018-1000667 CVE-Crit: MEDIUM CVE-DESC: NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains nasm memory corruption crash while processing a created file due to assemblyfile inname, independentptr function at asm / nasm.c: 482...