1374 matches found
Advisory ROSA-SA-2025-3013
software: openscap 1.4.2 OS: ROSA-CHROME unaffected versions = openscap-1.4.2-2 affected versions openscap-1.4.2-2 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart...
Advisory ROSA-SA-2025-3012
software: opensc 0.26.1 OS: ROSA-CHROME unaffected versions = opensc-0.26.1-1 affected versions opensc-0.26.1-1 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart ca...
Advisory ROSA-SA-2025-3011
software: postgresql 15.14 WASP: ROSA-CHROME unaffected versions = postgresql-15.14-1 affected versions postgresql-15.14-1 CVE-ID: CVE-2024-10979 BDU-ID: 2024-09679 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PL/Perl environment variables of the PostgreSQL database management system is relat...
Advisory ROSA-SA-2025-3010
software: postgresql14 14.19 WASP: ROSA-CHROME unaffected versions = postgresql14-14.19-1 affected versions postgresql14-14.19-1 CVE-ID: CVE-2024-10979 BDU-ID: 2024-09679 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PL/Perl environment variables of the PostgreSQL database management system is...
Advisory ROSA-SA-2025-3009
software: sos 4.10.0 WASP: ROSA-CHROME unaffected versions = sos-4.10.0-1 affected versions sos-4.10.0-1 CVE-ID: CVE-2022-2806 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: ovirt-log-collector/sosreport collects RHV admin password in plaintext. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-3008
software: mono 6.12.0 WASP: ROSA-CHROME unaffected versions = mono-6.12.0-206.1 affected versions mono-6.12.0-206.1 CVE-ID: CVE-2021-24112 BDU-ID: 2021-00929 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the .NET Core software platform is related to insufficient input validation. Exploitation of t...
Advisory ROSA-SA-2025-3007
software: qt5-qtconnectivity 5.15.10 OS: ROSA-CHROME unaffected versions = qt5-qtconnectivity-5.15.15-3 affected versions qt5-qtconnectivity-5.15.15-3 CVE-ID: CVE-2025-23050 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In the Qt Bluetooth module QLowEnergyController on Linux when using the Bluetooth...
Advisory ROSA-SA-2025-3006
Software: libpcap 1.10.5 OS: ROSA-CHROME unaffected versions = libpcap-1.10.5-1 affected versions libpcap-1.10.5-1 CVE-ID: CVE-2023-7256 BDU-ID: 2024-07427 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libpcap library's freeaddrinfo function involves calling freeaddrinfo for the same allocat...
Advisory ROSA-SA-2025-3005
software: gimp 2.10.36 WASP: ROSA-CHROME unaffected versions = gimp-2.10.36-4 affected versions gimp-2.10.36-4 CVE-ID: CVE-2025-5473 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An integer overflow vulnerability in GIMP parsing ICO files allows remote attackers to execute arbitrary code. User interacti...
Advisory ROSA-SA-2025-3004
software: flatpak 1.14.10 WASP: ROSA-CHROME unaffected versions = flatpak-1.14.10-1 affected versions flatpak-1.14.10-1 CVE-ID: CVE-2024-32462 BDU-ID: 2024-03113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xdg-desktop-portal interface of the Flatpak application and environment management too...
Advisory ROSA-SA-2025-3003
software: unbound 1.23.1 OS: ROSA-CHROME unaffected versions = unbound-1.23.1-1 affected versions unbound-1.23.1-1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to th...
Advisory ROSA-SA-2025-3002
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-8 affected versions ghostscript-9.56.1-8 CVE-ID: CVE-2023-46751 BDU-ID: 2024-00187 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gdevprnopenprinterseekable function of the Ghostscript document processing,...
Advisory ROSA-SA-2025-3001
software: suricata 7.0.11 WASP: ROSA-CHROME unaffected versions = suricata-7.0.11-1 affected versions suricata-7.0.11-1 CVE-ID: CVE-2024-38534 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in Suricata allows system resources to be consumed by certain modbus traffic. CVE-STATUS: The...
Advisory ROSA-SA-2025-3000
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-24 affected versions grub2-2.06-24 CVE-ID: CVE-2024-45779 BDU-ID: 2025-03832 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BFS file system of the Grub2 operating system boot loader is related to reads outside the allowed...
Advisory ROSA-SA-2025-2999
software: sqlite 3.41.2 OS: ROSA-CHROME unaffected versions = sqlite-3.41.2-3 affected versions sqlite-3.41.2-3 CVE-ID: CVE-2025-3277 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: An integer overflow vulnerability in the SQLite concatws function that could lead to a buffer overflow of up to 4 GB and...
Advisory ROSA-SA-2025-2998
software: libvpx 1.10.0 OS: ROSA-CHROME unaffected versions = libvpx-1.10.0-5 affected versions libvpx-1.10.0-5 CVE-ID: CVE-2024-5197 BDU-ID: 2024-04531 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vpximgalloc function of the libvpx video encoding/decoding library is related to integer...
Advisory ROSA-SA-2025-2997
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-4 affected versions curl-8.7.1-4 CVE-ID: CVE-2024-11053 BDU-ID: 2024-11106 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of servic...
Advisory ROSA-SA-2025-2996
software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-23 affected versions grub2-2.06-23 CVE-ID: CVE-2024-45777 BDU-ID: 2025-07120 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gettext component of the Grub operating systems loader is related to integer overflow. Exploitation...
Advisory ROSA-SA-2025-2995
software: unbound 1.17.0 OS: ROSA-CHROME unaffected versions = unbound-1.17.0-2 affected versions unbound-1.17.0-2 CVE-ID: CVE-2024-8508 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Unbound when handling responses with very large RRsets could result in a denial of service. CVE-STATUS...
Advisory ROSA-SA-2025-2994
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-13 affected versions tomcat-9.0.37-13 CVE-ID: CVE-2025-52520 BDU-ID: 2025-08953 CVE-Crit: MEDIUM CVE-DESC.: Apache Tomcat application server vulnerability is related to integer overflow. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2025-2993
software: htmldoc 1.9.20 OS: ROSA-CHROME unaffected versions = htmldoc-1.9.20-1 affected versions htmldoc-1.9.20-1 CVE-ID: CVE-2024-45508 BDU-ID: 2025-04747 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the parseparagraph function of the ps-pdf.cxx component of the HTMLDOC document conversion...
Advisory ROSA-SA-2025-2992
Software: dav1d 1.3.0 AXIS: ROSA-CHROME unaffected versions = dav1d-1.3.0-2 affected versions dav1d-1.3.0-2 CVE-ID: CVE-2024-1580 BDU-ID: 2024-04901 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the dav1d decoder of the iOS, iPadOS, visionOS, macOS, Fedora, and Safari browser operating systems i...
Advisory ROSA-SA-2025-2991
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-7 affected versions ghostscript-9.56.1-7 CVE-ID: CVE-2025-48708 BDU-ID: 2025-06028 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the gslibctxctxstashsanitizedarg function of the base/gslibctx.c file of the...
Advisory ROSA-SA-2025-2990
software: assimp 5.0.1 OS: ROSA-CHROME unaffected versions = assimp-5.0.1.1-7 affected versions assimp-5.0.1.1-7 CVE-ID: CVE-2025-3548 BDU-ID: 2025-07019 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the File Handler component of the cross-platform 3D model import library Assimp Open Asset Impor...
Advisory ROSA-SA-2025-2989
software: subversion 1.14.5 OS: ROSA-CHROME unaffected versions = subversion-1.14.5-1 affected versions subversion-1.14.5-1 CVE-ID: CVE-2024-46901 BDU-ID: 2025-03298 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moddavsvn function of Apache Subversion software is related to a flaw in the...
Advisory ROSA-SA-2025-2988
software: salt 3006.3 WASP: ROSA-CHROME unaffected versions = salt-3006.3-2 affected versions salt-3006.3-2 CVE-ID: CVE-2024-38824 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A directory traversal vulnerability in recvfile allows an attacker to write arbitrary files to the master cache directory...
Advisory ROSA-SA-2025-2987
software: rlottie 0.2 WASP: ROSA-CHROME unaffected versions = rlottie-0.2-4 affected versions rlottie-0.2-4 CVE-ID: CVE-2025-53074 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Samsung Open Source rLottie - out-of-bounds read vulnerability allows buffers to overflow. CVE-STATUS: Vulnerability has be...
Advisory ROSA-SA-2025-2986
software: spdlog 1.8.5 OS: ROSA-CHROME unaffected versions = spdlog-1.8.5-2 affected versions spdlog-1.8.5-2 CVE-ID: CVE-2025-6140 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in spdlog causes excessive resource consumption when running the scopedpadder function patternformatter-inl.h,...
Advisory ROSA-SA-2025-2984
software: qt6-qtimageformats 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtimageformats-6.8.3-2 affected versions qt6-qtimageformats-6.8.3-2 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCor...
Advisory ROSA-SA-2025-2983
software: qt6-qtbase 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtbase-6.8.3-3 affected versions qt6-qtbase-6.8.3-3 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCore cross-platform software...
Advisory ROSA-SA-2025-2982
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-11 affected versions tomcat-9.0.37-11 CVE-ID: CVE-2025-49125 BDU-ID: 2025-09499 CVE-Crit: HIGH CVE-DESC.: Apache Tomcat application server vulnerability related to bypassing the authentication procedure by using an...
Advisory ROSA-SA-2025-2981
software: jq 1.8.1 OS: ROSA-CHROME unaffected versions = jq-1.8.1-1 affected versions jq-1.8.1-1 CVE-ID: CVE-2024-53427 BDU-ID: 2025-06690 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the decNumberCopy function of the jq functional programming language is related to accessing a resource via...
Advisory ROSA-SA-2025-2980
software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-1 affected versions busybox-1.37.0-1 CVE-ID: CVE-2022-48174 BDU-ID: 2023-05378 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the ash.c file of the BusyBox set of UNIX command line utilities is related to writing...
Advisory ROSA-SA-2025-2979
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-5 affected versions ghostscript-9.56.1-5 CVE-ID: CVE-2023-52722 BDU-ID: 2024-07479 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the afqkf psi/zmisc1.c file of the Ghostscript document processing, conversion,...
Advisory ROSA-SA-2025-2978
software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-2 affected versions cjson-1.7.18-2 CVE-ID: CVE-2023-26819 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON 1.7.15 may cause a denial of service when processing a specially generated JSON document, e.g.: "a": true, "b": null,...
Advisory ROSA-SA-2025-2977
software: chromium-browser-stable 138.0.7204.92 WASP: ROSA-CHROME unaffected versions = chromium-browser-stable-138.0.7204.92-1 affected versions chromium-browser-stable-138.0.7204.92-1 CVE-ID: CVE-2025-6554 BDU-ID: 2025-07783 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the JavaScript scrip...
Advisory ROSA-SA-2025-2976
Software: rsync 3.4.1 OS: ROSA-CHROME unaffected versions = rsync-3.4.1-1 affected versions rsync-3.4.1-1 CVE-ID: CVE-2024-12084 BDU-ID: 2025-00378 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation...
Advisory ROSA-SA-2025-2975
Software: libarchive 3.6.2 OS: ROSA-CHROME unaffected versions = libarchive-3.6.2-6 affected versions libarchive-3.6.2-6 CVE-ID: CVE-2025-5914 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability has been discovered in libarchive archivereadformatrarseekdata related to an integer overflow that...
Advisory ROSA-SA-2025-2974
software: libreswan 4.15 WASP: ROSA-CHROME unaffected versions = libreswan-4.15-1 affected versions libreswan-4.15-1 CVE-ID: CVE-2024-3652 BDU-ID: 2024-04885 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the "IPsec" VPN protocol library libreswan is related to a reachability assertion when...
Advisory ROSA-SA-2025-2973
software: sudo 1.9.17p1 WASP: ROSA-CHROME unaffected versions = sudo-1.9.17p1-1 affected versions sudo-1.9.17p1-1 CVE-ID: CVE-2025-32462 BDU-ID: 2025-08356 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Sudo system administration program is related to a flaw in the authorization mechanism...
Advisory ROSA-SA-2025-2972
software: systemd 249 WASP: ROSA-CHROME unaffected versions = systemd-249-1.gitfab79a.27 affected versions systemd-249-1.gitfab79a.27 CVE-ID: CVE-2025-4598 BDU-ID: 2025-06694 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the systemd-coredump service of the Systemd daemon is related to a kernel...
Advisory ROSA-SA-2025-2971
software: less 608 WASP: ROSA-CHROME unaffected versions = less-608-3 affected versions less-608-3 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the...
Advisory ROSA-SA-2025-2970
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-8 affected versions tomcat-9.0.37-8 CVE-ID: CVE-2025-31651 BDU-ID: 2025-05707 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the Apache Tomcat application server is related to a flaw in the output encoding or escaping...
Advisory ROSA-SA-2025-2969
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-3 affected versions ghostscript-9.56.1-3 CVE-ID: CVE-2024-33870 BDU-ID: 2024-05063 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Ghostscript document processing, conversion, and generation software suite...
Advisory ROSA-SA-2025-2968
software: libheif 1.19.8 WASP: ROSA-CHROME unaffected versions = libheif-1.19.8-1 affected versions libheif-1.19.8-1 CVE-ID: CVE-2025-43966 BDU-ID: None CVE-Crit: LOW CVE-DESC.: Vulnerability: In libheif before 1.19.6, the ImageItemiden function dereferences a null pointer in image-items/iden.cc...
Advisory ROSA-SA-2025-2967
Software: avahi 0.7 OS: ROSA Virtualization 2.1 unaffected versions = avahi-0.7-27.0.2.rv3.1 affected versions avahi-0.7-27.0.2.2.rv3.1 CVE-ID: CVE-2018-1000845 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC: Duplicate CVE-2017-6519 CVE-STATUS: The vulnerability has been resolved CVE-REV: To clo...
Advisory ROSA-SA-2025-2966
Software: avahi 0.7 OS: ROSA Virtualization 3.0 unaffected versions = avahi-0.7-27.0.2.rv30.1 affected versions avahi-0.7-27.0.0.2.rv30.1 CVE-ID: CVE-2018-1000845 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC: Duplicate CVE-2017-6519 CVE-STATUS: The vulnerability has been resolved CVE-REV: To...
Advisory ROSA-SA-2025-2965
Software: avahi 0.7 OS: ROSA Virtualization 3.0 unaffected versions = avahi-0.7-27.0.2.rv30.1 affected versions avahi-0.7-27.0.0.2.rv30.1 CVE-ID: CVE-2017-6519 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the avahi-daemon daemon of the Avahi local area network service...
Advisory ROSA-SA-2025-2964
Software: LibRaw 0.19.5 OS: ROSA Virtualization 3.0 unaffected versions = LibRaw-0.19.5-4.rv30 affected versions LibRaw-0.19.5-4.rv30 CVE-ID: CVE-2021-32142 BDU-ID: 2023-03833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LibRawbufferdatastream::gets function of the src/librawdatastream.cpp...
Advisory ROSA-SA-2025-2963
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 3.0 unaffected versions = xmlrpc-c-1.51.0-11.0.1.rv30 affected versions xmlrpc-c-1.51.0-11.0.1.rv30 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a...