1374 matches found
Advisory ROSA-SA-2021-1925
Software: mutt 1.5.21 OS: Cobalt 7.9 CVE-ID: CVE-2018-14349 CVE-Crit: CRITICAL CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-14350 CVE-Crit:...
Advisory ROSA-SA-2021-1924
Software: mpfr 3.1.1 OS: Cobalt 7.9 CVE-ID: CVE-2014-9474 CVE-Crit: CRITICAL CVE-DESC: Buffer overflow in mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-sensitive attackers to have undefined impact via vectors associated with incorrect documentation for mpnsetstr. CVE-STATUS:...
Advisory ROSA-SA-2021-1923
Software: modwsgi 3.4 OS: Cobalt 7.9 CVE-ID: CVE-2014-8583 CVE-Crit: CRITICAL CVE-DESC: modwsgi before 4.2.4 for Apache when creating a daemon process group does not handle properly when group privileges cannot be discarded, which could allow attackers to gain privileges via undefined vectors...
Advisory ROSA-SA-2021-1922
Software: modauthopenidc 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2017-6062 CVE-Crit: HIGH CVE-DESC: The "OpenID Connect Verification Party and OAuth 2.0 Resource Server" module also known as modauthopenidc before version 2.1.5 for Apache HTTP Server does not pass the OIDCCLAIM and OIDCAuthNHeader header...
Advisory ROSA-SA-2021-1921
Software: modauthmellon 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-3878 CVE-Crit: HIGH CVE-DESC: A vulnerability was discovered in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy server and modauthmellon is configured to allow only authenticated users with the require...
Advisory ROSA-SA-2021-1920
Software: minicom 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2017-7467 CVE-Crit: CRITICAL CVE-DESC: A buffer overflow error was detected in the way minicom pre-2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially exploit this vulnerability to crash minicom or execute arbitrar...
Advisory ROSA-SA-2021-1919
Software: mgetty 1.1.36 OS: Cobalt 7.9 CVE-ID: CVE-2018-16741 CVE-Crit: HIGH CVE-DESC: A problem was found in mgetty before 1.2.1. In the file fax / faxq-helper.c, the doactivate function does not properly handle shell metacharacters to prevent commands from being injected. You can use the...
Advisory ROSA-SA-2021-1918
Software: mercurial 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-9462 CVE-Crit: CRITICAL CVE-DESC: The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via the created repository name in the clone command. CVE-STATUS: default CVE-REV: defau...
Advisory ROSA-SA-2021-1917
Software: memcached 1.4.15 OS: Cobalt 7.9 CVE-ID: CVE-2017-9951 CVE-Crit: HIGH CVE-DESC: The tryreadcommand function in memcached.c in memcached prior to version 1.4.39 allows remote attackers to cause a denial of service segmentation error with an add / set key request, which allows to compare...
Advisory ROSA-SA-2021-1916
Software: mate-screensaver 1.16.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...
Advisory ROSA-SA-2021-1915
Software: mate-desktop 1.16.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-20681 CVE-Crit: MEDIUM CVE-DESC: mate-screensaver before 1.20.2 in the MATE desktop environment allows physically nearby attackers to view screen content and possibly control applications. When disconnecting and reconnecting or...
Advisory ROSA-SA-2021-1914
Software: mariadb 5.5.68 OS: Cobalt 7.9 CVE-ID: CVE-2016-3492 CVE-Crit: MEDIUM CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors associated with Server:...
Advisory ROSA-SA-2021-1913
Software: mailman 2.1.15 OS: Cobalt 7.9 CVE-ID: CVE-2016-6893 CVE-Crit: HIGH CVE-DESC: A cross-site request forgery CSRF vulnerability in the user parameter page in GNU Mailman 2.1.x through 2.1.23 allows remote attackers to intercept arbitrary user authentication for requests that modify a...
Advisory ROSA-SA-2021-1912
Software: lz4 1.8.3 OS: Cobalt 7.9 CVE-ID: CVE-2019-17543 CVE-Crit: HIGH CVE-DESC: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize affecting applications that call LZ4compressfast with large input. This issue can also cause data corruption. NOTE: the...
Advisory ROSA-SA-2021-1911
Software: luajit 2.0.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-24372 CVE-Crit: HIGH CVE-DESC: LuaJIT before 2.1.0-beta3 has out-of-range reads in ljerrrun in ljerr.c. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1910
Software: lua 5.1.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-15888 CVE-Crit: HIGH CVE-DESC: Lua through 5.4.0 incorrectly handles the interaction between stack resizing and garbage collection, resulting in heap-based buffer overflow, heap-based buffer overflow, or post-release usage. CVE-STATUS: default...
Advisory ROSA-SA-2021-1909
Software: log4j 1.2.17 OS: Cobalt 7.9 CVE-ID: CVE-2019-17571 CVE-Crit: CRITICAL CVE-DESC: Log4j 1.2 includes a SocketServer class vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in conjunction with a deserialization gadget while listening to...
Advisory ROSA-SA-2021-1908
Software: live555 2020.04.12 OS: Cobalt 7.9 CVE-ID: CVE-2021-28899 CVE-Crit: HIGH CVE-DESC: Vulnerability in AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses through 2021 in Networks LIVE555...
Advisory ROSA-SA-2021-1907
Software: libzip 0.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-2331 CVE-Crit: HIGH CVE-DESC: An integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6. 7 and other products,...
Advisory ROSA-SA-2021-1906
Software: libxslt 1.1.28 OS: Cobalt 7.9 CVE-ID: CVE-2015-7995 CVE-Crit: MEDIUM CVE-DESC: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, allowing attackers to cause a denial of service via a generated XML file related to the "type...
Advisory ROSA-SA-2021-1905
Software: libxml2 2.9.1 OS: Cobalt 7.9 CVE-ID: CVE-2013-0339 CVE-Crit: HIGH CVE-DESC: libxml2 before 2.9.1 does not handle external entity extension properly if the application developer does not use the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to...
Advisory ROSA-SA-2021-1904
Software: libxkbcommon 0.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2018-15858 CVE-Crit: MEDIUM CVE-DESC: Unchecked use of NULL pointer when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp / keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash dereference NULL pointer...
Advisory ROSA-SA-2021-1903
Software: libwmf 0.2.8.4 OS: Cobalt 7.9 CVE-ID: CVE-2016-9011 CVE-Crit: MEDIUM CVE-DESC: The wmfmalloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service application crash via a crafted wmf file, causing a memory allocation failure. CVE-STATUS: default CVE-RE...
Advisory ROSA-SA-2021-1902
Software: libwebp 0.3.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-9085 CVE-Crit: LOW CVE-DESC: multiple integer overflow in libwebp allows attackers to have undefined impact via unknown vectors. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1901
Software: libvorbis 1.3.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-20412 CVE-Crit: MEDIUM CVE-DESC: lib / codebook.c in libvorbis before 1.3.6, which was used in StepMania 5.0.12 and other products, has insufficient array bounds checking with the created OGG file. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1900
Software: libvncserver 0.9.9 OS: Cobalt 7.9 CVE-ID: CVE-2016-9941 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before version 0.9.11 allows remote servers to cause a denial of service application failure or possibly execute arbitrary code v...
Advisory ROSA-SA-2021-1899
Software: libvirt 4.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-25637 CVE-Crit: MEDIUM CVE-DESC: A double free memory issue has been detected in libvirt APIs in versions prior to 6.8.0 responsible for querying information about network interfaces of a running QEMU domain. This flaw affects the polkit...
Advisory ROSA-SA-2021-1898
Software: libupnp 1.6.25 OS: Cobalt 7.9 CVE-ID: CVE-2020-13848 CVE-Crit: HIGH CVE-DESC: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service failure with a crafted SSDP message due to dereferencing a NULL pointer in the FindServiceControlURLPath an...
Advisory ROSA-SA-2021-1897
Software: libtirpc 0.2.4 OS: Cobalt 7.9 CVE-ID: CVE-2018-14621 CVE-Crit: HIGH CVE-DESC: An infinite loop vulnerability was discovered in libtirpc before version 1.0.2-rc2. If a port uses polling rather than selection, exhaustion of file descriptors will cause the server to enter an infinite loop,...
Advisory ROSA-SA-2021-1896
Software: libtiff 4.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-3620 CVE-Crit: HIGH CVE-DESC: The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" parameter is used, allows remote attackers to cause a denial of service buffer overflow via a generated BMP...
Advisory ROSA-SA-2021-1895
Software: libtasn1 4.10 OS: Cobalt 7.9 CVE-ID: CVE-2017-10790 CVE-Crit: HIGH CVE-DESC: The asn1checkidentifier function in GNU Libtasn1 - 4.12 causes the dereferencing of a NULL pointer and a failure to read the created input, which triggers the assignment of a NULL value in the asn1node structur...
Advisory ROSA-SA-2021-1894
Software: libtar 1.2.11 OS: Cobalt 7.9 CVE-ID: CVE-2013-4420 CVE-Crit: HIGH CVE-DESC: Multiple directory traversal vulnerabilities in the 1 tarextractglob and 2 tarextractall functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files with a . dot in a created tar...
Advisory ROSA-SA-2021-1893
Software: libssh2 1.8.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-13115 CVE-Crit: HIGH CVE-DESC: In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that can cause out-of-range reads when reading packets from the server. A remote attacker...
Advisory ROSA-SA-2021-1892
Software: libspiro 20071029 OS: Cobalt 7.9 CVE-ID: CVE-2019-19847. CVE-Crit: HIGH CVE-DESC: Libspiro before 20190731 has a stack-based buffer overflow in the spirotobpath0 function in spiro.c. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1891
Software: libsolv 0.6.34 OS: Cobalt 7.9 CVE-ID: CVE-2019-20387 CVE-Crit: HIGH CVE-DESC: repodataschema2id in repodata.c in libsolv before version 0.7.6 has an excessive heap-based buffer read due to the last schema being less than the length of the input schema. CVE-STATUS: default CVE-REV: defau...
Advisory ROSA-SA-2021-1890
Software: libsndfile 1.0.25 OS: Cobalt 7.9 CVE-ID: CVE-2014-9756 CVE-Crit: CRITICAL CVE-DESC: The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service division-by-zero error and application crash via undefined vectors associated with the headindex variable...
Advisory ROSA-SA-2021-1889
Software: libseccomp 2.3.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-9893 CVE-Crit: CRITICAL CVE-DESC: libseccomp before 2.4.0 incorrectly generated argument comparisons of 64-bit system calls using arithmetic operators LT, GT, LE, GE, which could lead to seccomp filter bypass and potential privilege...
Advisory ROSA-SA-2021-1888
Software: libsamplerate 0.1.8 OS: Cobalt 7.9 CVE-ID: CVE-2017-7697 CVE-Crit: MEDIUM CVE-DESC: libsamplerate before version 0.1.9 experiences a buffer overflow in the calcoutputsingle function in srcsinc.c via a created audio file. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1887
Software: libreswan 3.25 OS: Cobalt 7.9 CVE-ID: CVE-2019-10155 CVE-Crit: LOW CVE-DESC: The Libreswan project has discovered a vulnerability in the handling of IKEv1 information exchange packets that are encrypted and integrity protected using the established IKE SA encryption and integrity keys,...
Advisory ROSA-SA-2021-1886
Software: librepo 1.8.1 OS: Cobalt 7.9 CVE-ID: CVE-2020-14352 CVE-Crit: HIGH CVE-DESC: A bug was discovered in librepo in versions prior to 1.12.1. A directory traversal vulnerability was discovered where paths in remote repository metadata could not be cleared. An attacker controlling a remote...
Advisory ROSA-SA-2021-1885
Software: libproxy 0.4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-25219 CVE-Crit: HIGH CVE-DESC: url :: recvline in url.cpp in libproxy 0.4.x to 0.4.15 allows a remote HTTP server to run uncontrolled recursion through a response consisting of an infinite stream with no newline character. This results in...
Advisory ROSA-SA-2021-1884
Software: libpng 1.5.13 OS: Cobalt 7.9 CVE-ID: CVE-2013-7353 CVE-Crit: HIGH CVE-DESC: Integer overflow in pngsetunknownchunks function in libpng / pngset.c in libpng before 1.5.14beta08 allows context-sensitive attackers to cause a denial of service segmentation error and crash via a crafted imag...
Advisory ROSA-SA-2021-1883
Software: libplist 1.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-6435 CVE-Crit: MEDIUM CVE-DESC: The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a created plist file. CVE-STATUS: default CVE-REV: default CVE-I...
Advisory ROSA-SA-2021-1882
Software: libpcap 1.5.3 OS: Cobalt 7.9 CVE-ID: CVE-2019-15165 CVE-Crit: MEDIUM CVE-DESC: sf-pcapng.c in libpcap before 1.9.1 incorrectly checks the length of the PHB header before allocating memory. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-15161 CVE-Crit: MEDIUM CVE-DESC: rpcapd /...
Advisory ROSA-SA-2021-1881
Software: libntlm 1.3 OS: Cobalt 7.9 CVE-ID: CVE-2019-17455 CVE-Crit: CRITICAL. CVE-DESC: Libntlm before 1.5 relies on fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge and tSmbNtlmAuthResponse for read and write operations, as demonstrated by stack-based buffer overflow in...
Advisory ROSA-SA-2021-1880
Software: libnotify 0.7.7 OS: Cobalt 7.9 CVE-ID: CVE-2013-7381 CVE-Crit: CRITICAL CVE-DESC: libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands using undefined characters when libnotify.notify is called. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1879
Software: libmwaw 0.3.5 OS: Cobalt 7.9 CVE-ID: CVE-2017-9433 CVE-Crit: CRITICAL CVE-DESC: The libmwaw document release project prior to 08.04.2017 had an out-of-range entry caused by a heap-based buffer overflow associated with the MsWrd1Parser :: readFootnoteCorrespondance function in lib /...
Advisory ROSA-SA-2021-1878
Software: libmicrohttpd 0.9.33 OS: Cobalt 7.9 CVE-ID: CVE-2021-3466 CVE-Crit: CRITICAL CVE-DESC: A bug was found in libmicrohttpd in versions before 0.9.71. The lack of bounds checking in the postprocessurlencoded function causes a buffer overflow, allowing a remote attacker to write arbitrary da...
Advisory ROSA-SA-2021-1877
Software: libmad 0.15.1b OS: Cobalt 7.9 CVE-ID: CVE-2018-7263 CVE-Crit: CRITICAL CVE-DESC: The maddecoderrun function in decoder.c in Underbit libmad before 0.15.1b allows remote attackers to cause a denial of service SIGABRT due to double release or corruption or possibly have unspecified other...
Advisory ROSA-SA-2021-1876
Software: liblouis 2.5.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-17294 CVE-Crit: MEDIUM CVE-DESC: The matchCurrentInput function inside loutranslateString.c in Liblouis before version 3.7 does not check the length of the input string, allowing attackers to cause a denial of service application failure du...