Latest redhat enterprise linux desktop Vulnerabilities

CVE-2024-0409
Xorg-x11-server: selinux context corruption
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
and 23 more
CVE-2023-6816
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
and 16 more
CVE-2024-0408
Xorg-x11-server: selinux unlabeled glx pbuffer
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
and 24 more
CVE-2023-5869
Postgresql: buffer overrun from integer overflow in array modification
ubuntu/postgresql-14<14.10
ubuntu/postgresql-14<14.10-0ubuntu0.22.04.1
ubuntu/postgresql-12<12.17-0ubuntu0.20.04.1
ubuntu/postgresql-12<12.17
ubuntu/postgresql-10<10.23-0ubuntu0.18.04.2+
ubuntu/postgresql-9.5<9.5.25-0ubuntu0.16.04.1+
and 63 more
CVE-2023-5367
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
debian/xorg-server<=2:1.20.4-1+deb10u4<=2:1.20.11-1+deb11u6
debian/xwayland<=2:22.1.9-1
ubuntu/xorg-server<2:1.15.1-0ubuntu2.11+
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<21.1.9
and 27 more
CVE-2023-5455
Ipa: invalid csrf protection
Freeipa Freeipa<4.6.10
Freeipa Freeipa>=4.7.0<4.9.14
Freeipa Freeipa>=4.10.0<4.10.3
Freeipa Freeipa=4.11.0
Freeipa Freeipa=4.11.0-beta1
Fedoraproject Fedora=38
and 54 more
CVE-2023-3972
Insights-client: unsafe handling of temporary files and directories
redhat/insights-client<3.2.2
Redhat Insights-client<3.2.2
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Enterprise Linux Aus=8.6
and 46 more
CVE-2023-3899
Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
Redhat Subscription-manager<1.28.39
Redhat Subscription-manager>=1.29.0<1.29.37
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
and 58 more
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write i...
redhat/xorg-server<21.1.7
X.Org X Server<21.1.7
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.1
and 30 more
CVE-2022-4254
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Fedoraproject Sssd>=1.15.3<2.3.1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux For Ibm Z Systems=7.0
Redhat Enterprise Linux For Power Big Endian=7.0
Redhat Enterprise Linux For Power Little Endian=7.0
and 9 more
CVE-2015-1931
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pla...
Ibm Java Sdk>=5.0.0.0<5.0.16.13
Ibm Java Sdk>=6.0.0.0<6.0.16.7
Ibm Java Sdk>=6.1.0.0<6.1.8.7
Ibm Java Sdk>=7.0.0.0<7.0.9.10
Ibm Java Sdk>=7.1.0.0<7.1.3.10
Ibm Java Sdk>=8.0.0.0<8.0.1.10
and 24 more
CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions...
Samba Samba<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Canonical Ubuntu Linux=14.04
and 36 more
CVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly,...
Port389 389-ds-base<1.3.10.2
Redhat Enterprise Linux Desktop=7
Redhat Enterprise Linux For Ibm Z Systems=7.0
Redhat Enterprise Linux For Power Big Endian=7.0
Redhat Enterprise Linux For Power Little Endian=7.0
Redhat Enterprise Linux For Scientific Computing=7.0
and 2 more
CVE-2022-0330
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system ...
redhat/kernel-rt<0:3.10.0-1160.59.1.rt56.1200.el7
redhat/kernel<0:3.10.0-1160.59.1.el7
redhat/kernel<0:3.10.0-514.99.1.el7
redhat/kernel<0:3.10.0-693.99.1.el7
redhat/kernel<0:3.10.0-957.92.1.el7
redhat/kernel<0:3.10.0-1062.63.1.el7
and 246 more
CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
redhat/polkit<0:0.96-11.el6_10.2
redhat/polkit<0:0.112-26.el7_9.1
redhat/polkit<0:0.112-12.el7_3.1
redhat/polkit<0:0.112-12.el7_4.2
redhat/polkit<0:0.112-18.el7_6.3
redhat/polkit<0:0.112-22.el7_7.2
and 62 more
CVE-2020-25719
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents i...
Samba Samba>=4.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 38 more
CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 58 more
CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 56 more
CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nes...
redhat/kernel-rt<0:3.10.0-1160.45.1.rt56.1185.el7
redhat/kernel<0:3.10.0-1160.45.1.el7
redhat/kernel<0:3.10.0-957.84.1.el7
redhat/kernel<0:3.10.0-1062.59.1.el7
redhat/kernel-rt<0:4.18.0-305.25.1.rt7.97.el8_4
redhat/kernel<0:4.18.0-305.25.1.el8_4
and 209 more
CVE-2020-27769
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
ImageMagick ImageMagick<7.0.9-0
Redhat Enterprise Linux Desktop=5.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Fedoraproject Fedora=33
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.11
and 5 more
CVE-2019-8720
WebKitGTK Memory Corruption Vulnerability
redhat/webkitgtk<2.26.0
WebKitGTK WebKitGTK<2.26.0
Wpewebkit Wpe Webkit<2.26.0
Redhat Codeready Linux Builder=8.0
Redhat Codeready Linux Builder Eus=8.4
and 37 more
CVE-2020-10531
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() func...
redhat/chromium-browser<80.0.3987.122
redhat/node<14.3.0
redhat/node<12.17.0
redhat/node<10.21.0
ubuntu/chromium-browser<80.0.3987.149-0ubuntu0.18.04.1
ubuntu/chromium-browser<80.0.3987.122
and 50 more
CVE-2020-6418
Google Chromium V8 Type Confusion Vulnerability
redhat/chromium-browser<0:80.0.3987.122-1.el6_10
debian/chromium
Google Chrome<80.0.3987.122
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Enterprise Linux Desktop=6.0
and 7 more
CVE-2020-6386
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<80.0.3987.116
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Workstation=6.0
and 4 more
CVE-2020-6383
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
<80.0.3987.116
redhat/chromium-browser<0:80.0.3987.122-1.el6_10
redhat/chromium-browser<80.0.3987.116
Google Chrome<80.0.3987.116
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 6 more
CVE-2020-6384
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<0:80.0.3987.122-1.el6_10
Google Chrome<80.0.3987.116
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
and 4 more
CVE-2020-3757
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead t...
redhat/flash-plugin<32.0.0.330
Adobe Flash Player<32.0.0.321
Apple macOS
Microsoft Windows
Adobe Flash Player<32.0.0.314
Linux Linux kernel
and 9 more
CVE-2020-6415
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6416
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6408
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6404
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6406
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6403
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple iPhone OS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 8 more
CVE-2020-6397
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6400
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6402
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a cr...
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple macOS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
and 7 more
CVE-2020-6398
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6394
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6393
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6392
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c...
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6396
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6391
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6382
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6390
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6385
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2012-4512
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "typ...
KDE KDE=4.7.3
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server Eus=6.3
Redhat Enterprise Linux Workstation=6.0
CVE-2019-15605
Affected Node.js versions can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, pois...
Nodejs Node.js>=10.0.0<10.19.0
Nodejs Node.js>=12.0.0<12.15.0
Nodejs Node.js>=13.0.0<13.8.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
openSUSE Leap=15.1
and 29 more
CVE-2013-4166
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email e...
GNOME Evolution<=3.8.4
Gnome Evolution Data Server<=3.9.5
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Workstation=6.0
CVE-2011-4088
ABRT might allow attackers to obtain sensitive information from crash reports.
Abrt Project Abrt=2.0.6
Fedoraproject Fedora=16
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Workstation=6.0
CVE-2020-3864
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and ...
redhat/webkitgtk<2.26.4
Apple iTunes for Windows<7.17
Apple iTunes for Windows>=10.0<10.9.2
Apple macOS Monterey<12.10.4
Apple Safari<13.0.5
Apple iPadOS<13.3.1
and 12 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203