1374 matches found
Advisory ROSA-SA-2025-2963
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 3.0 unaffected versions = xmlrpc-c-1.51.0-11.0.1.rv30 affected versions xmlrpc-c-1.51.0-11.0.1.rv30 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a...
Advisory ROSA-SA-2025-2961
Software: libnbd 1.6.0 OS: ROSA Virtualization 3.0 unaffected versions = libnbd-1.6.0-6.0.1.1.rv30 affected versions libnbd-1.6.0-6.0.1.1.rv30 CVE-ID: CVE-2022-0485 BDU-ID: 2022-01701 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libnbd library's nbdcopy tool is related to an exception handling...
Advisory ROSA-SA-2025-2960
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 unaffected versions = ghostscript-9.27-17.0.3.rv30 affected versions ghostscript-9.27-17.0.3.rv30 CVE-ID: CVE-2020-16287 BDU-ID: 2021-01163 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the lprnisblack function contrib/lips4/gdevlprn.c of th...
Advisory ROSA-SA-2025-2959
Software: avahi 0.7 OS: ROSA Virtualization 2.1 unaffected versions = avahi-0.7-27.0.2.rv3.1 affected versions avahi-0.7-27.0.2.2.rv3.1 CVE-ID: CVE-2017-6519 BDU-ID: 2019-00693 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the avahi-daemon daemon of the Avahi local area network service...
Advisory ROSA-SA-2025-2958
Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 2.1 unaffected versions = xmlrpc-c-1.51.0-11.0.1.rv3 affected versions xmlrpc-c-1.51.0-11.0.1.rv3 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-bas...
Advisory ROSA-SA-2025-2957
Software: perl-CPAN 2.18 OS: ROSA Virtualization 2.1 unaffected versions = perl-CPAN-2.18-397.0.1.rv3 affected versions perl-CPAN-2.18-397.0.1.rv3 CVE-ID: CVE-2023-31484 BDU-ID: 2023-03871 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CPAN.pm component of the Perl programming language is relat...
Advisory ROSA-SA-2025-2956
Software: libnbd 1.6.0 OS: ROSA Virtualization 2.1 unaffected versions = libnbd-1.6.0-6.0.1.rv3 affected versions libnbd-1.6.0-6.0.1.1.rv3 CVE-ID: CVE-2023-5215 BDU-ID: 2024-06033 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nbdgetsize function of the libnbd library is related to the...
Advisory ROSA-SA-2025-2955
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...
Advisory ROSA-SA-2025-2954
Software: kernel 4.18.0 OS: ROSA Virtualization 2.1 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...
Advisory ROSA-SA-2025-2953
PO: jose 14 WASP: ROSA-CHROME unaffected versions = jose-14-1 affected versions jose-14-1 CVE-ID: CVE-2023-50967 BDU-ID: 2024-02461 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the C language module for signing and encrypting JSON latchset Jose objects is associated with uncontrolled resource...
Advisory ROSA-SA-2025-2952
software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-1 affected versions cjson-1.7.18-1 CVE-ID: CVE-2023-53154 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON: Buffer overflow vulnerability on read from heap via parsestring function. CVE-STATUS: Vulnerability has been resolved...
Advisory ROSA-SA-2025-2951
software: xwayland 24.1.8 WASP: ROSA-CHROME unaffected versions = xwayland-24.1.8-1 affected versions xwayland-24.1.8-1 CVE-ID: CVE-2025-49175 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: No translation CVE-STATUS: The vulnerability has been resolved. CVE-REV: To close the vulnerability, run the...
Advisory ROSA-SA-2025-2950
software: assimp 5.0.1 OS: ROSA-CHROME unaffected versions = assimp-5.0.1.1-6 affected versions assimp-5.0.1.1-6 CVE-ID: CVE-2024-45679 BDU-ID: 2025-02665 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the 3D model import library Open Asset Import Library Assimp is related to a buffer overflow in...
Advisory ROSA-SA-2025-2949
software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-1 affected versions ffmpeg-4.4.6-1 CVE-ID: CVE-2025-1594 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A buffer overflow vulnerability in FFmpeg allows a remote attacker to initiate an attack via the ffaacsearchfortns function in...
Advisory ROSA-SA-2025-2948
software: libsoup2.4 2.74.2 OS: ROSA-CHROME unaffected versions = libsoup2.4-2.74.2-2 affected versions libsoup2.4-2.74.2-2 CVE-ID: CVE-2025-32913 BDU-ID: 2025-06242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the soupmessageheadersgetcontentdisposition function of the GNOME GUI libsoup library ...
Advisory ROSA-SA-2025-2947
software: libsoup 3.2.1 OS: ROSA-CHROME unaffected versions = libsoup-3.2.1-2 affected versions libsoup-3.2.1-2 CVE-ID: CVE-2025-32913 BDU-ID: 2025-06242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the soupmessageheadersgetcontentdisposition function of the GNOME GUI libsoup library is related t...
Advisory ROSA-SA-2025-2946
software: glibc 2.33 AXIS: ROSA-CHROME unaffected versions = glibc-2.33-11.git5f08d1.1 affected versions glibc-2.33-11.git5f08d1.1 CVE-ID: CVE-2025-0395 BDU-ID: 2025-01120 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the assert function of the GNU C Library system library is related to incorrect...
Advisory ROSA-SA-2025-2945
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-3 affected versions curl-8.7.1-3 CVE-ID: CVE-2025-0725 BDU-ID: 2025-01585 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command line utility is related to...
Advisory ROSA-SA-2025-2944
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-10 affected versions tomcat-9.0.37-10 CVE-ID: CVE-2024-24549 BDU-ID: 2024-02608 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability is related to insufficient input validation. Exploitation of th...
Advisory ROSA-SA-2025-2943
Software: openh264 2.1.1 OS: ROSA-CHROME unaffected versions = openh264-2.1.1-3 affected versions openh264-2.1.1-3 CVE-ID: CVE-2025-27091 BDU-ID: 2025-02022 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the decoding functions of the OpenH264 library is related to a buffer overflow in dynamic...
Advisory ROSA-SA-2025-2942
software: libraw 0.20.2 OS: ROSA-CHROME unaffected versions = libraw-0.20.2-5 affected versions libraw-0.20.2-5 CVE-ID: CVE-2025-43961 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in LibRaw allows an out-of-buffer read in the Fujifilm 0xf00c tag parser. CVE-STATUS: The vulnerability has...
Advisory ROSA-SA-2025-2941
software: freetype 2.10.4 OS: ROSA-CHROME unaffected versions = freetype-2.10.4-8 affected versions freetype-2.10.4-8 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library involves reading outside buffer boundaries in memory...
Advisory ROSA-SA-2025-2940
Software: exfatprogs 1.2.9 OS: ROSA-CHROME unaffected versions = exfatprogs-1.2.9-1 affected versions exfatprogs-1.2.9-1 CVE-ID: CVE-2023-45897 BDU-ID: 2024-03156 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readfiledentryset function of the exfatprogs user-space utility is related to readi...
Advisory ROSA-SA-2025-2939
Software: openvpn 2.5.8 OS: ROSA-CHROME unaffected versions = openvpn-2.5.8-2 affected versions openvpn-2.5.8-2 CVE-ID: CVE-2024-4877 BDU-ID: 2025-03850 CVE-Crit: MEDIUM CVE-DESC.: An Interactive Service iservice vulnerability in the OpenVPN GUI client of the OpenVPN software is related to access...
Advisory ROSA-SA-2025-2938
software: emacs 30.1 OS: ROSA-CHROME unaffected versions = emacs-30.1-1 affected versions emacs-30.1-1 CVE-ID: CVE-2024-30202 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in Emacs allows execution of arbitrary Lisp code when Org mode is activated. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2937
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-9 affected versions libxml2-2.9.14-9 CVE-ID: CVE-2025-32414 BDU-ID: 2025-05199 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Python API component of the libxml2 library involves incorrect validation of the return val...
Advisory ROSA-SA-2025-2936
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-4 affected versions ghostscript-9.56.1-4 CVE-ID: CVE-2024-29507 BDU-ID: 2024-05697 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Ghostscript document processing, conversion, and generation software suite is...
Advisory ROSA-SA-2025-2935
software: upx 5.0.0 WASP: ROSA-CHROME unaffected versions = upx-5.0.0.0-1 affected versions upx-5.0.0-1 CVE-ID: CVE-2025-2849 BDU-ID: 2025-06969 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PackLinuxElf64::unDTINIT function of the src/plxelf.cpp file of the UPX executable file packer is...
Advisory ROSA-SA-2025-2934
software: libvirt 8.9.0 OS: ROSA-CHROME unaffected versions = libvirt-8.9.0-4 affected versions libvirt-8.9.0-4 CVE-ID: CVE-2024-2496 BDU-ID: 2024-03249 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the udevConnectListAllInterfaces function of the Libvirt virtualization management library is...
Advisory ROSA-SA-2025-2933
software: suricata 6.0.20 WASP: ROSA-CHROME unaffected versions = suricata-6.0.20-3 affected versions suricata-6.0.20-3 CVE-ID: CVE-2024-55626 BDU-ID: 2024-11374 CVE-Crit: LOW CVE-DESC.: A vulnerability in the BPF filter of the Suricata Intrusion Detection and Prevention System is related to an...
Advisory ROSA-SA-2025-2932
software: libheif 1.12.0 WASP: ROSA-CHROME unaffected versions = libheif-1.12.0-5 affected versions libheif-1.12.0-5 CVE-ID: CVE-2024-25269 BDU-ID: 2024-03241 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the JpegEncoder::Encode function of the libheif decoder and file format encoder is related to...
Advisory ROSA-SA-2025-2928
software: expat 2.7.1 OS: ROSA-CHROME unaffected versions = expat-2.7.1-1 affected versions expat-2.7.1-1 CVE-ID: CVE-2024-45490 BDU-ID: 2024-07004 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the libexpat XML parsing library is related to an improper restriction of a reference to an external...
Advisory ROSA-SA-2025-2927
Software: corosync 3.1.9 OS: ROSA-CHROME unaffected versions = corosync-3.1.9-2 affected versions corosync-3.1.9-2 CVE-ID: CVE-2025-30472 BDU-ID: 2025-03217 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the orftokenendianconvert function of the Corosync group communication system for fault-toleran...
Advisory ROSA-SA-2025-2931
Software: libarchive 3.6.2 OS: ROSA-CHROME unaffected versions = libarchive-3.6.2-5 affected versions libarchive-3.6.2-5 CVE-ID: CVE-2025-1632 BDU-ID: 2025-05203 CVE-Crit: LOW CVE-DESC.: A vulnerability in the bsdunzip.c file of the Libarchive library is related to a NULL pointer dereference erro...
Advisory ROSA-SA-2025-2930
software: ghostscript10 10.05.0 WASP: ROSA-CHROME unaffected versions = ghostscript10-10.05.0-1 affected versions ghostscript10-10.05.0-1 CVE-ID: CVE-2025-27830 BDU-ID: 2025-03710 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the base/writet1.c and psi/zfapi.c files of the DollarBlend component of...
Advisory ROSA-SA-2025-2929
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-2 affected versions ghostscript-9.56.1-2 CVE-ID: CVE-2025-27830 BDU-ID: 2025-03710 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the base/writet1.c and psi/zfapi.c files of the DollarBlend component of the...
Advisory ROSA-SA-2025-2926
software: yelp 42.2 WASP: ROSA-CHROME unaffected versions = yelp-42.2-2 affected versions yelp-42.2-2 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope when processing...
Advisory ROSA-SA-2025-2925
software: yelp-xsl 42.1 WASP: ROSA-CHROME unaffected versions = yelp-xsl-42.1-1 affected versions yelp-xsl-42.1-1 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope whe...
Advisory ROSA-SA-2025-2924
software: qt5-qtbase 5.15.16 WASP: ROSA-CHROME unaffected versions = qt5-qtbase-5.15.16-3 affected versions qt5-qtbase-5.15.16-3 CVE-ID: CVE-2025-30348 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in QDom allows a remote attacker to execute a complex algorithm involving copying XML...
Advisory ROSA-SA-2025-2923
software: util-linux 2.37.4 OS: ROSA-CHROME unaffected versions = util-linux-2.37.4-3 affected versions util-linux-2.37.4-3 CVE-ID: CVE-2024-28085 BDU-ID: 2024-02517 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the util-linux package of the Linux operating system is related to incorrect privile...
Advisory ROSA-SA-2025-2922
software: kanboard 1.2.44 AXIS: ROSA-CHROME unaffected versions = kanboard-1.2.44-0.gitc07304.1-rosa2021.1 affected versions kanboard-1.2.44-0.gitc07304.1-rosa2021.1 CVE-ID: CVE-2024-51748 BDU-ID: 2024-10653 CVE-Crit: HIGH CVE-DESC.: A vulnerability in Kanboard project management software is...
Advisory ROSA-SA-2025-2921
software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-6 affected versions binutils-2.38-6 CVE-ID: CVE-2025-0840 BDU-ID: 2025-03384 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the objdump.c component of the GNU Binutils software development tool is related to a stack-based...
Advisory ROSA-SA-2025-2920
software: freerdp 2.11.7 OS: ROSA-CHROME unaffected versions = freerdp-2.11.7-7 affected versions freerdp-2.11.7-7 CVE-ID: CVE-2024-32661 BDU-ID: 2024-03394 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeRDP RDP client is related to null pointer dereferencing. Exploitation of the...
Advisory ROSA-SA-2025-2919
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-7 affected versions libxml2-2.9.14-7 CVE-ID: CVE-2025-27113 BDU-ID: 2025-03138 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlPatMatch function in the pattern.c file of the libxml2 library is related to null pointe...
Advisory ROSA-SA-2025-2918
software: kernel-5.15 generic WASP: ROSA-CHROME unaffected versions = kernel-5.15-generic-5.15.178-1 affected versions kernel-5.15-generic-5.15.178-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating...
Advisory ROSA-SA-2025-2917
software: x11-server 1.20.14 OS: ROSA-CHROME unaffected versions = x11-server-1.20.14-12 affected versions x11-server-1.20.14-12 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of th...
Advisory ROSA-SA-2025-2916
software: xwayland 24.1.6 WASP: ROSA-CHROME unaffected versions = xwayland-24.1.6-1 affected versions xwayland-24.1.6-1 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the X Windo...
Advisory ROSA-SA-2025-2915
software: x11-server 21.1.16 OS: ROSA-CHROME unaffected versions = x11-server-21.1.16-1 affected versions x11-server-21.1.16-1 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the ...
Advisory ROSA-SA-2025-2914
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-7 affected versions tomcat-9.0.37-7 CVE-ID: CVE-2024-38286 BDU-ID: 2024-07738 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Tomcat application server TLS protocol implementation is associated with uncontrolled...
Advisory ROSA-SA-2025-2913
software: c-ares 1.19.1 OS: ROSA-CHROME unaffected versions = c-ares-1.19.1-2 affected versions c-ares-1.19.1-2 CVE-ID: CVE-2024-25629 BDU-ID: 2024-01708 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the aresreadline function of the C-ares asynchronous DNS query library is related to an operatio...