1374 matches found
Advisory ROSA-SA-2025-2912
software: mosquitto 2.0.20 WASP: ROSA-CHROME unaffected versions = mosquitto-2.0.20-1 affected versions mosquitto-2.0.20-1 CVE-ID: CVE-2024-3935 BDU-ID: 2024-09880 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Eclipse Mosquitto message broker is related to memory re-release. Exploitation of th...
Advisory ROSA-SA-2025-2911
software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-9.5.2 affected versions postgresql-9.5.2 CVE-ID: CVE-2016-2193 BDU-ID: 2016-00974 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to errors in security settings...
Advisory ROSA-SA-2025-2910
software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-12.22-1 affected versions postgresql-12.22-1 CVE-ID: CVE-2023-2455 BDU-ID: 2023-03024 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to...
Advisory ROSA-SA-2025-2909
software: freeradius 3.0.27 OS: ROSA-CHROME unaffected versions = freeradius-3.0.27-1 affected versions freeradius-3.0.27-1 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation involves bypassing the authenticati...
Advisory ROSA-SA-2025-2908
Software: libarchive 3.6.2 OS: ROSA-CHROME unaffected versions = libarchive-3.6.2-4 affected versions libarchive-3.6.2-4 CVE-ID: CVE-2024-26256 BDU-ID: 2024-02924 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libarchive archiving library is related to an operation exceeding buffer boundaries i...
Advisory ROSA-SA-2025-2907
Software: sudo 1.9.5p2 OS: ROSA Virtualization 3.0 packageevrstring: sudo-1.9.5p2-1.rv30 CVE-ID: CVE-2025-32463 BDU-ID: 2025-07765 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sudo system administration program is related to the inclusion of functions from an invalid controlled area when usin...
Advisory ROSA-SA-2025-2906
Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2025-32463 BDU-ID: 2025-07765 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sudo system administration program is related to the inclusion of functions from an invalid controlled area when using...
Advisory ROSA-SA-2025-2905
Software: sudo 1.8.23 OS: rosa-server79 packageevrstring: sudo-1.8.23-11.0.1.res7.3 CVE-ID: CVE-2025-32463 BDU-ID: 2025-07765 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the sudo system administration program is related to the inclusion of functions from an invalid controlled area when using the...
Advisory ROSA-SA-2025-2904
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of...
Advisory ROSA-SA-2025-2903
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of whic...
Advisory ROSA-SA-2025-2902
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2025-2901
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2025-2900
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...
Advisory ROSA-SA-2025-2899
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...
Advisory ROSA-SA-2025-2898
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...
Advisory ROSA-SA-2025-2897
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...
Advisory ROSA-SA-2025-2894
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.0.3.res7.14 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...
Advisory ROSA-SA-2025-2895
Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Advisory ROSA-SA-2025-2896
Software: zlib 1.2.7 OS: rosa-server79 packageevrstring: zlib-1.2.7-21.0.1.res7 CVE-ID: CVE-2025-4638 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: A vulnerability in the zlib library embedded in PointCloudLibrary PCL allows attackers to cause undefined behavior via incorrect pointer arithmetic...
Advisory ROSA-SA-2025-2893
Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-34.rv30 CVE-ID: CVE-2017-17095 BDU-ID: 2019-03339 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the LibTIFF library is related to a heap-based buffer overflow in TIFFSetupStrips. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2892
Software: libtasn1 4.13 OS: ROSA Virtualization 3.0 packageevrstring: libtasn1-4.13-5.rv3 CVE-ID: CVE-2024-12133 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libtasn1 causes the system to slow down or crash due to inefficient processing of certain certificate data. As a result, an...
Advisory ROSA-SA-2025-2891
Software: libsoup 2.62.3 OS: ROSA Virtualization 3.0 packageevrstring: libsoup-2.62.3-9.rv30 CVE-ID: CVE-2025-2784 BDU-ID: 2025-05737 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the skipinsightwhitespace function of the GNOME GUI libsoup library is related to reading beyond buffer boundaries in...
Advisory ROSA-SA-2025-2889
Software: krb5 1.18.2 OS: ROSA Virtualization 3.0 packageevrstring: krb5-1.18.2-32.0.1.rv30 CVE-ID: CVE-2025-3576 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the MIT Kerberos implementation allows an attacker to spoof messages protected by GSSAPI using RC4-HMAC-MD5 due to...
Advisory ROSA-SA-2025-2888
Software: jose 10 OS: ROSA Virtualization 3.0 packageevrstring: jose-10-2.rv30.3 CVE-ID: CVE-2023-50967 BDU-ID: 2024-02461 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the C language module for signing and encrypting JSON latchset Jose objects is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2025-2887
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-16.0.1.rv30 CVE-ID: CVE-2020-27792 BDU-ID: 2023-09076 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the lp8000printpage function of the gdevlp8k.c component of the Ghostscript document processing software...
Advisory ROSA-SA-2025-2886
Software: freetype 2.9.1 OS: ROSA Virtualization 3.0 packageevrstring: freetype-2.9.1-10.rv30 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library is related to reading beyond buffer boundaries in memory. Exploitation of th...
Advisory ROSA-SA-2025-2885
Software: expat 2.2.5 OS: ROSA Virtualization 3.0 packageevrstring: expat-2.2.5-17.0.1.rv30 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-based buffer overflow. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2890
Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 3.0 packageevrstring: libjpeg-turbo-1.5.3-14.rv30 CVE-ID: CVE-2020-13790 BDU-ID: 2021-01352 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the startinputppm function from rdppm.c of the libjpeg-turbo image manipulation library is related to...
Advisory ROSA-SA-2025-2884
Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libwebp-1.0.0.0-10.0.1.rv3 CVE-ID: CVE-2018-25013 BDU-ID: 2021-03103 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in...
Advisory ROSA-SA-2025-2883
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-34.rv3 CVE-ID: CVE-2017-17095 BDU-ID: 2019-03339 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the LibTIFF library is related to a heap-based buffer overflow in TIFFSetupStrips. Exploitation of the vulnerability...
Advisory ROSA-SA-2025-2882
Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-5.rv3 CVE-ID: CVE-2024-12133 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libtasn1 causes the system to slow down or crash due to inefficient processing of certain certificate data. As a result, an...
Advisory ROSA-SA-2025-2881
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-9.rv3 CVE-ID: CVE-2025-2784 BDU-ID: 2025-05737 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the skipinsightwhitespace function of the GNOME GUI libsoup library is related to reading beyond buffer boundaries in...
Advisory ROSA-SA-2025-2880
Software: libjpeg-turbo 1.5.3 OS: ROSA Virtualization 2.1 packageevrstring: libjpeg-turbo-1.5.3-14.rv3 CVE-ID: CVE-2020-13790 BDU-ID: 2021-01352 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the startinputppm function from rdppm.c of the libjpeg-turbo image manipulation library is related to a...
Advisory ROSA-SA-2025-2879
Software: krb5 1.18.2 OS: ROSA Virtualization 2.1 packageevrstring: krb5-1.18.2-32.rv3 CVE-ID: CVE-2020-28196 BDU-ID: 2023-03437 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Kerberos network protocol implementation of the Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Alt 8 SP...
Advisory ROSA-SA-2025-2878
Software: jose 10 OS: ROSA Virtualization 2.1 packageevrstring: jose-10-2.rv3.3 CVE-ID: CVE-2023-50967 BDU-ID: 2024-02461 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the C language module for signing and encrypting JSON latchset Jose objects is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2025-2877
Software: freetype 2.9.1 OS: ROSA Virtualization 2.1 packageevrstring: freetype-2.9.1-10.rv3 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library is related to reading beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2876
Software: expat 2.2.5 OS: ROSA Virtualization 2.1 packageevrstring: expat-2.2.5-17.0.1.rv3 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-based buffer overflow. Exploitation of the vulnerability cou...
Advisory ROSA-SA-2025-2875
Software: iptables 1.8.7 OS: ROSA-CHROME packageevrstring: iptables-1.8.7 CVE-ID: None BDU-ID: 2025-02342 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Linux operating system iptables packet filtering rule table configuration and management utility is related to insecure privilege management...
Advisory ROSA-SA-2025-2874
Software: java-1.8.0-openjdk 1.8.0.442.b06 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.442.b06-1.0.3.res7 CVE-ID: CVE-2025-21587 BDU-ID: 2025-05070 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and...
Advisory ROSA-SA-2025-2873
Software: python3-base 3.6.8 OS: rosa-server79 packageevrstring: python3-base-3.6.8-21.0.3.res7 CVE-ID: CVE-2021-3177 BDU-ID: 2021-01781 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyCArgrepr ctypes/callproc.c function of the Python programming language interpreter is related to buffer...
Advisory ROSA-SA-2025-2872
Software: microcodectl 2.1 OS: rosa-server79 packageevrstring: microcodectl-2.1-73.20.res7 CVE-ID: CVE-2022-40982 BDU-ID: 2023-04663 CVE-Crit: MEDIUM CVE-DESC.: A firmware vulnerability in Intel processors involves information leakage from vector registers. Exploitation of the vulnerability could...
Advisory ROSA-SA-2025-2871
Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0.0-33.0.5.res7 CVE-ID: CVE-2024-9632 BDU-ID: 2024-09084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in...
Advisory ROSA-SA-2025-2870
Software: xorg-x11-server 1.20.4 OS: rosa-server79 packageevrstring: xorg-x11-server-1.20.4-29.0.1.res7 CVE-ID: CVE-2025-26594 BDU-ID: 2025-04129 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org...
Advisory ROSA-SA-2025-2869
Software: libxslt 1.1.28 OS: rosa-server79 packageevrstring: libxslt-1.1.28-6.0.1.1.res7 CVE-ID: CVE-2024-55549 BDU-ID: 2025-03641 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xsltGetInheritedNsList function of the libxslt library is related to memory usage after it has been freed...
Advisory ROSA-SA-2025-2868
Software: libxml2 2.9.1 OS: rosa-server79 packageevrstring: libxml2-2.9.1-6.0.1.res7.6 CVE-ID: CVE-2024-56171 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in libxml2: use-after-free in xmlschemas.c. CVE-STATUS: Vulnerability resolved. CVE-REV: To close the vulnerability, run the command:...
Advisory ROSA-SA-2025-2867
Software: freetype 2.8 OS: rosa-server79 packageevrstring: freetype-2.8-14.0.1.res7.1 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library is related to reading beyond buffer boundaries in memory. Exploitation of the...
Advisory ROSA-SA-2025-2866
Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.2.P2.res7.16 CVE-ID: CVE-2024-11187 BDU-ID: 2025-01459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to asymmetric resource consumption. Exploitation of the vulnerability allows an attacker...
Advisory ROSA-SA-2025-2865
Software: emacs 24.3 OS: rosa-server79 packageevrstring: emacs-24.3-23.0.1.res7.1 CVE-ID: CVE-2025-1244 BDU-ID: 2025-04327 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability exists in the EMACS text editor due to failure to take measures to neutralize special elements. Exploitation of the vulnerabilit...
Advisory ROSA-SA-2025-2864
software: freetype 2.10.4 OS: ROSA-CHROME packageevrstring: freetype-2.10.4-7 CVE-ID: CVE-2025-27363 BDU-ID: 2025-02719 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeType font rasterization library involves reading outside buffer boundaries in memory. Exploitation of the vulnerability coul...
Advisory ROSA-SA-2025-2863
Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 packageevrstring: kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2024-40998 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: Vulnerability in Linux kernel: access to uninitialized rs-lock lock in ext4fillsuper function. CVE-STATUS: Vulnerability has bee...