1374 matches found
Advisory ROSA-SA-2021-1875
Software: libjpeg-turbo 1.2.90 OS: Cobalt 7.9 CVE-ID: CVE-2014-9092 CVE-Crit: MEDIUM CVE-DESC: libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service crash via a crafted JPEG file associated with an Exif token. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1874
Software: libimobiledevice 1.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-5209 CVE-Crit: CRITICAL CVE-DESC: The base64decode function in base64.c in libimobiledevice libplist before 1.12 allows attackers to retrieve sensitive information from process memory or cause a denial of service buffer overflow usi...
Advisory ROSA-SA-2021-1873
Software: libidn 1.28 OS: Cobalt 7.9 CVE-ID: CVE-2015-2059 CVE-Crit: MEDIUM CVE-DESC: The stringpreputf8toucs4 function in libin prior to 1.31, used in jabberd2, allows context-sensitive attackers to read system memory and possibly exert other undefined influence via invalid UTF-8 characters in a...
Advisory ROSA-SA-2021-1872
Software: libgxps 0.3.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-10733 CVE-Crit: MEDIUM CVE-DESC: There is a heap-based buffer overflow in the ftfontfacehash function of the gxps-fonts.c file in libgxps before version 0.3.0. The input created will result in a remote denial of service attack. CVE-STATUS:...
Advisory ROSA-SA-2021-1871
Software: libgsf 1.14.26 OS: Cobalt 7.9 CVE-ID: CVE-2016-9888 CVE-Crit: MEDIUM CVE-DESC: A bug in the tardirectoryforfile function gsf-infile-tar.c in the GNOME structured file library before 1.14.41 can be used to trigger null pointer dereferencing and then crash through a created TAR file...
Advisory ROSA-SA-2021-1870
Software: libgcrypt 1.5.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-5270 CVE-Crit: CRITICAL CVE-DESC: Libgcrypt before 1.5.4, used in GnuPG and other products, incorrectly performs ciphertext normalization and ciphertext randomization, making it easier for physically proximate attackers to conduct key...
Advisory ROSA-SA-2021-1869
Software: libevent 2.0.21 OS: Cobalt 7.9 CVE-ID: CVE-2014-6272 CVE-Crit: MEDIUM CVE-DESC: Multiple integer overflows in the evbuffer API in Libevent 1.4.x through 1.4.15, 2.0.x through 2.0.22, and 2.1.x through 2.1.The 5-beta allow context-aware attackers to cause a denial of service or possibly...
Advisory ROSA-SA-2021-1868
Software: libesmtp 1.0.6 OS: Cobalt 7.9 CVE-ID: CVE-2019-19977 CVE-Crit: CRITICAL CVE-DESC: libESMTP before 1.0.6 incorrectly handles domain copying to a fixed-size buffer in ntlmbuildtype2 in ntlm / ntlmstruct.c, as demonstrated by a stack-based buffer overflow. CVE-STATUS: default CVE-REV: defa...
Advisory ROSA-SA-2021-1867
Software: libebml 1.3.9 OS: Cobalt 7.9 CVE-ID: CVE-2021-3405 CVE-Crit: MEDIUM CVE-DESC: A bug was found in libebml before version 1.4.2. A heap overflow bug exists in the EbmlString :: ReadData and EbmlUnicodeString :: ReadData implementations of libebml. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1866
Software: libdwarf 20130207 OS: Cobalt 7.9 CVE-ID: CVE-2016-5028 CVE-Crit: MEDIUM CVE-DESC: The printframeinstbytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service dereferencing a null pointer via an object file with empty bss-like sections. CVE-STATUS:...
Advisory ROSA-SA-2021-1865
Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...
Advisory ROSA-SA-2021-1864
Software: libcaca 0.99 OS: Cobalt 7.9 CVE-ID: CVE-2018-20544 CVE-Crit: MEDIUM CVE-DESC: floating-point exception in caca / dither.c function cacaditherbitmap in libcaca 0.99.beta19. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-20545 CVE-Crit: HIGH CVE-DESC: There is an invalid WRITE memo...
Advisory ROSA-SA-2021-1863
Software: libass 0.13.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-24994 CVE-Crit: HIGH CVE-DESC: Stack overflow in the parsetag function in libass / assparse.c in libass before version 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. CVE-STATUS: defau...
Advisory ROSA-SA-2021-1862
Software: libarchive 3.1.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-2304 CVE-Crit: HIGH CVE-DESC: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via the full path in the archive. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1861
Software: less 458 OS: Cobalt 7.9 CVE-ID: CVE-2014-9488 CVE-Crit: CRITICAL. CVE-DESC: The isutf8wellformed function in GNU less to 475 allows remote attackers to have undefined impact using garbled UTF-8 characters, causing reads outside the valid range. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1860
Software: ksh 20120801 OS: Cobalt 7.9 CVE-ID: CVE-2019-14868 CVE-Crit: HIGH CVE-DESC: a bug was discovered in ksh version 20120801 in the way certain environment variables are evaluated. An attacker could exploit this vulnerability to override or bypass environment restrictions to execute shell...
Advisory ROSA-SA-2021-1859
Software: kernel 3.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-10751 CVE-Crit: MEDIUM CVE-DESC: A bug was discovered in the implementation of the SELinux LSM trap in Linux kernels prior to version 5.7, where it was incorrectly assumed that skb would only contain a single netlink message. The trap...
Advisory ROSA-SA-2021-1858
Software: keepalived 1.3.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-19115 CVE-Crit: CRITICAL CVE-DESC: keepalived before 2.0.7 has a heap-based buffer overflow when analyzing HTTP status codes leading to DoS or possibly unspecified other impacts, because extractstatuscode in lib / html.c does not check th...
Advisory ROSA-SA-2021-1857
Software: junit 4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-15250 CVE-Crit: MEDIUM CVE-DESC: In JUnit4, from version 4.7 through 4.13.1, the TemporaryFolder test rule contains a local information disclosure vulnerability. In Unix-like systems, a system's temporary directory is shared by all users on tha...
Advisory ROSA-SA-2021-1856
Software: irssi 0.8.15 OS: Cobalt 7.9 CVE-ID: CVE-2017-15227 CVE-Crit: HIGH CVE-DESC: Irssi before 1.0.5 may erroneously fail to remove destroyed channels from the request list when waiting for channel synchronization, resulting in post-release usage conditions on subsequent status updates...
Advisory ROSA-SA-2021-1855
Software: iptables 1.4.21 OS: Cobalt 7.9 CVE-ID: CVE-2012-2663 CVE-Crit: CRITICAL CVE-DESC: extension / libxttcp.c in iptables before 1.4.21 does not match TCP SYN + FIN packets in --syn rules, which may allow remote attackers to bypass intended firewall restrictions using crafted packets. NOTE:...
Advisory ROSA-SA-2021-1854
Software: imlib2 1.4.5 OS: Cobalt 7.9 CVE-ID: CVE-2011-5326 CVE-Crit: HIGH CVE-DESC: imlib2 before 1.4.9 allows remote attackers to cause a denial of service division-by-zero error and application crash by drawing a 2x1 ellipse. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2014-9762 CVE-Crit:...
Advisory ROSA-SA-2021-1853
Software: hivex 1.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2014-9273 CVE-Crit: HIGH CVE-DESC: lib / handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges using small bush files, which triggers reads or writes outside the allowed range. CVE-STATUS: default CVE-REV...
Advisory ROSA-SA-2021-1852
Software: hesiod 3.2.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10151 CVE-Crit: HIGH CVE-DESC: The hesiodinit function in lib / hesiod.c in Hesiod 3.2.1 compares EUID to UID to determine whether to use configurations from environment variables, allowing local users to gain privileges via 1 HESIODCONFIG or...
Advisory ROSA-SA-2021-1851
Software: haproxy 1.5.18 OS: Cobalt 7.9 CVE-ID: CVE-2018-10184 CVE-Crit: HIGH CVE-DESC: An issue was found in HAProxy before 1.8.8. The length of the incoming H2 frame was checked by maxframesize instead of checking by bufsize. Maxframesize applies only to outgoing traffic, not incoming traffic, ...
Advisory ROSA-SA-2021-1850
Software: gstreamer 0.10.36 OS: Cobalt 7.9 CVE-ID: CVE-2016-10199 CVE-Crit: HIGH CVE-DESC: The qtdemuxtagaddstrfull function in gst / isomp4 / qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service read out of range and crash using a created...
Advisory ROSA-SA-2021-1849
Software: grub2 2.02 OS: Cobalt 7.9 CVE-ID: CVE-2020-15706 CVE-Crit: MEDIUM CVE-DESC: GRUB2 contains a race condition in grubscriptfunctioncreate leading to a post-release exploitation vulnerability that can be triggered by overriding a function when the same function is already executing, leadin...
Advisory ROSA-SA-2021-1848
Software: gparted 0.33.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-7208 CVE-Crit: HIGH CVE-DESC: GParted before version 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the created file system label. CVE-STATUS: default CVE-REV: default...
Advisory ROSA-SA-2021-1847
Software: gnutls 3.3.29 OS: Cobalt 7.9 CVE-ID: CVE-2014-3469 CVE-Crit: CRITICAL CVE-DESC: The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allow context-sensitive attackers to cause a denial of service dereferencing a NULL pointer and crashing via a NULL value in t...
Advisory ROSA-SA-2021-1846
Software: gnome-shell 3.28.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-17489 CVE-Crit: MEDIUM CVE-DESC: A problem was found in some GNOME gnome-shell configurations through 3.36.4. When logging out of an account, the password field in the login dialog box reappears, but the password is still displayed. If...
Advisory ROSA-SA-2021-1845
Software: gnome-keyring 3.28.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-19358 CVE-Crit: HIGH CVE-DESC: The GNOME keyring up to version 3.28.2 allows local users to obtain login credentials through the Secret Service API call and the D-Bus interface if the keyring is unlocked, similar to CVE-2008-7320. On...
Advisory ROSA-SA-2021-1844
Software: glibc 2.17 OS: Cobalt 7.9 CVE-ID: CVE-2014-4043 CVE-Crit: MEDIUM CVE-DESC: The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument according to the POSIX specification, allowing context-dependent attackers to launch exploitation vulnerabilities aft...
Advisory ROSA-SA-2021-1843
Software: git 1.8.3.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-7545 CVE-Crit: CRITICAL CVE-DESC: 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict allowed protocols, which could all...
Advisory ROSA-SA-2021-1842
Software: giflib 4.1.6 OS: Cobalt 7.9 CVE-ID: CVE-2015-7555 CVE-Crit: MEDIUM CVE-DESC: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service program crash via the created image and logical screen width fields in a GIF file. CVE-STATUS:...
Advisory ROSA-SA-2021-1841
Software: ghostscript 9.25 OS: Cobalt 7.9 CVE-ID: CVE-2018-19478 CVE-Crit: MEDIUM CVE-DESC: In Artifex Ghostscript before 9.26, a carefully crafted PDF file can run extremely long calculations when parsing the file. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2020-14373 CVE-Crit: MEDIUM...
Advisory ROSA-SA-2021-1840
Software: gegl 0.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2018-10111 CVE-Crit: HIGH CVE-DESC: An issue was discovered in GEGL before version 0.3.32. The renderrectangle function in process / gegl-processor.c has unlimited memory allocation, which causes a denial of service application crash if the allocati...
Advisory ROSA-SA-2021-1839
Software: gdb 7.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-1010180 CVE-Crit: HIGH CVE-DESC: GNU gdb All versions are affected by: Buffer overflow - accessing a limited amount of memory. Consequences are: denial of service, memory disclosure, and possible code execution. Component: The gdb core module...
Advisory ROSA-SA-2021-1838
Software: gcc 4.8.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-12886 CVE-Crit: HIGH CVE-DESC: stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate sequences of instructions when targeting ARM targets that...
Advisory ROSA-SA-2021-1837
Software: fuse 2.9.2 OS: Cobalt 7.9 CVE-ID: CVE-2015-3202 CVE-Crit: HIGH CVE-DESC: fusermount in FUSE before 2.9.3-15 incorrectly clears the environment before calling 1 mount or 2 umount as root user, which allows local users to write arbitrary files via a created environment variable...
Advisory ROSA-SA-2021-1836
Software: freeradius 3.0.13 OS: Cobalt 7.9 CVE-ID: CVE-2019-11234 CVE-Crit: CRITICAL CVE-DESC: FreeRADIUS before 3.0.19 does not prevent the use of reflection for authentication spoofing, also known as the "Dragonblood" issue, similar to CVE-2019-9497. CVE-STATUS: default CVE-REV: Default CVE-ID:...
Advisory ROSA-SA-2021-1835
Software: firefox 78.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-12400 CVE-Crit: MEDIUM CVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox 80 and...
Advisory ROSA-SA-2021-1834
Software: file-roller 3.28.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-16680 CVE-Crit: MEDIUM CVE-DESC: A problem was found in GNOME file-roller before 3.29.91. It bypasses a single path ./../ through the filename contained in a TAR archive, possibly overwriting the file during extraction. CVE-STATUS:...
Advisory ROSA-SA-2021-1833
Software: file 5.11 OS: Cobalt 7.9 CVE-ID: CVE-2014-9620 CVE-Crit: HIGH CVE-DESC: ELF parser in files 5.08 through 5.21 allows remote attackers to cause a denial of service with a large number of notes. CVE-STATUS: Default CVE-REV: Default CVE-ID: CVE-2018-1183 CVE-Crit: CRITICAL CVE-DESC: In Del...
Advisory ROSA-SA-2021-1832
Software: exempi 2.2.0 OS: Cobalt 7.9 CVE-ID: CVE-2017-18235 CVE-Crit: MEDIUM CVE-DESC: An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles / source / FormatSupport / WEBPSupport.cpp does not guarantee non-zero width and height values, allowing remote attackers to cause...
Advisory ROSA-SA-2021-1831
Software: evolution-data-server 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-14928 CVE-Crit: MEDIUM CVE-DESC: From evolution-data-server eds to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a "start TLS" response, eds reads additional data and...
Advisory ROSA-SA-2021-1830
Software: evolution 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-11879 CVE-Crit: MEDIUM CVE-DESC: A problem was found in GNOME Evolution before 3.35.91. Using the proprietary not RFC6068 parameter mailto? Attach = ..., a website or other mailto link source could cause Evolution to attach local files or...
Advisory ROSA-SA-2021-1829
Software: erlang R16B OS: Cobalt 7.9 CVE-ID: CVE-2011-0766 CVE-Crit: MEDIUM CVE-DESC: The random number generator in the Crypto application before 2.0.2.2.2 and SSH before 2.0.5, which was used in the Erlang / OTP ssh library before R14B03, uses predictable starting numbers based on the current...
Advisory ROSA-SA-2021-1828
Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...
Advisory ROSA-SA-2021-1827
Software: elinks 0.12 OS: Cobalt 7.9 CVE-ID: CVE-2012-6709 CVE-Crit: MEDIUM CVE-DESC: ELinks 0.12 and Twibright Links 2.3 lack SSL certificate validation. CVE-STATUS: Default CVE-REV: Default...
Advisory ROSA-SA-2021-1826
Software: ed 1.9 OS: Cobalt 7.9 CVE-ID: CVE-2015-2987 CVE-Crit: MEDIUM CVE-DESC: Type74 ED before 4.0 incorrectly uses 128-bit ECB encryption for small files, making it easier for attackers to obtain plaintext data by differential cryptanalysis of a file with an original length of less than 128...