Latest redhat enterprise linux server Vulnerabilities

CVE-2024-0409
Xorg-x11-server: selinux context corruption
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
and 23 more
CVE-2023-6816
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
and 16 more
CVE-2024-0408
Xorg-x11-server: selinux unlabeled glx pbuffer
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
and 24 more
CVE-2023-5869
Postgresql: buffer overrun from integer overflow in array modification
ubuntu/postgresql-14<14.10
ubuntu/postgresql-14<14.10-0ubuntu0.22.04.1
ubuntu/postgresql-12<12.17-0ubuntu0.20.04.1
ubuntu/postgresql-12<12.17
ubuntu/postgresql-10<10.23-0ubuntu0.18.04.2+
ubuntu/postgresql-9.5<9.5.25-0ubuntu0.16.04.1+
and 63 more
CVE-2023-46847
Squid: denial of service in http digest authentication
Squid-Cache Squid>=3.2.0.1<6.4
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Enterprise Linux Eus=8.6
Redhat Enterprise Linux Eus=8.8
Redhat Enterprise Linux Eus=9.0
and 24 more
CVE-2023-5367
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
debian/xorg-server<=2:1.20.4-1+deb10u4<=2:1.20.11-1+deb11u6
debian/xwayland<=2:22.1.9-1
ubuntu/xorg-server<2:1.15.1-0ubuntu2.11+
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<21.1.9
and 27 more
CVE-2023-5455
Ipa: invalid csrf protection
Freeipa Freeipa<4.6.10
Freeipa Freeipa>=4.7.0<4.9.14
Freeipa Freeipa>=4.10.0<4.10.3
Freeipa Freeipa=4.11.0
Freeipa Freeipa=4.11.0-beta1
Fedoraproject Fedora=38
and 54 more
CVE-2023-3972
Insights-client: unsafe handling of temporary files and directories
redhat/insights-client<3.2.2
Redhat Insights-client<3.2.2
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Enterprise Linux Aus=8.6
and 46 more
CVE-2023-3899
Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
Redhat Subscription-manager<1.28.39
Redhat Subscription-manager>=1.29.0<1.29.37
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
and 58 more
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write i...
redhat/xorg-server<21.1.7
X.Org X Server<21.1.7
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.1
and 30 more
CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Esc...
Linux Linux kernel>=5.5.0<5.10.164
Linux Linux kernel>=5.11<5.15.89
Linux Linux kernel>=5.16<6.1.7
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 131 more
CVE-2022-4254
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Fedoraproject Sssd>=1.15.3<2.3.1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux For Ibm Z Systems=7.0
Redhat Enterprise Linux For Power Big Endian=7.0
Redhat Enterprise Linux For Power Little Endian=7.0
and 9 more
CVE-2015-1931
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pla...
Ibm Java Sdk>=5.0.0.0<5.0.16.13
Ibm Java Sdk>=6.0.0.0<6.0.16.7
Ibm Java Sdk>=6.1.0.0<6.1.8.7
Ibm Java Sdk>=7.0.0.0<7.0.9.10
Ibm Java Sdk>=7.1.0.0<7.1.3.10
Ibm Java Sdk>=8.0.0.0<8.0.1.10
and 24 more
CVE-2022-23238
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could al...
Netapp Storagegrid>=11.6.0<11.6.0.3
Canonical Ubuntu Linux=16.04
Centos Centos=7.9
Linux Linux kernel<4.7
Redhat Enterprise Linux Server=7.9
CVE-2022-2739
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fix...
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
Podman Project Podman=1.6.4-32.el7_9
CVE-2022-2738
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixe...
redhat/podman<0:1.6.4-36.el7_9
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
Podman Project Podman=1.6.4-32.el7_9
CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions...
Samba Samba<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Canonical Ubuntu Linux=14.04
and 36 more
CVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly,...
Port389 389-ds-base<1.3.10.2
Redhat Enterprise Linux Desktop=7
Redhat Enterprise Linux For Ibm Z Systems=7.0
Redhat Enterprise Linux For Power Big Endian=7.0
Redhat Enterprise Linux For Power Little Endian=7.0
Redhat Enterprise Linux For Scientific Computing=7.0
and 2 more
CVE-2022-0330
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system ...
redhat/kernel-rt<0:3.10.0-1160.59.1.rt56.1200.el7
redhat/kernel<0:3.10.0-1160.59.1.el7
redhat/kernel<0:3.10.0-514.99.1.el7
redhat/kernel<0:3.10.0-693.99.1.el7
redhat/kernel<0:3.10.0-957.92.1.el7
redhat/kernel<0:3.10.0-1062.63.1.el7
and 246 more
CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
Red Hat Polkit
redhat/polkit<0:0.96-11.el6_10.2
redhat/polkit<0:0.112-26.el7_9.1
redhat/polkit<0:0.112-12.el7_3.1
redhat/polkit<0:0.112-12.el7_4.2
redhat/polkit<0:0.112-18.el7_6.3
and 62 more
CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 58 more
CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 56 more
CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nes...
redhat/kernel-rt<0:3.10.0-1160.45.1.rt56.1185.el7
redhat/kernel<0:3.10.0-1160.45.1.el7
redhat/kernel<0:3.10.0-957.84.1.el7
redhat/kernel<0:3.10.0-1062.59.1.el7
redhat/kernel-rt<0:4.18.0-305.25.1.rt7.97.el8_4
redhat/kernel<0:4.18.0-305.25.1.el8_4
and 209 more
CVE-2022-1227
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image ...
go/github.com/containers/podman/v3<3.4
go/github.com/containers/psgo/internal/proc<1.7.2
go/github.com/containers/psgo<1.7.2
Podman Project Podman<4.0.0
Psgo Project Psgo<1.7.2
Redhat Developer Tools=1.0
and 19 more
CVE-2019-8720
WebKitGTK Memory Corruption Vulnerability
redhat/webkitgtk<2.26.0
WebKitGTK WebKitGTK<2.26.0
Wpewebkit Wpe Webkit<2.26.0
Redhat Codeready Linux Builder=8.0
Redhat Codeready Linux Builder Eus=8.4
and 37 more
CVE-2020-14300
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrec...
Docker Docker=1.13.1
Redhat Enterprise Linux Server=7.0
CVE-2020-14298
Docker Docker=1.13.1
Redhat Openshift Container Platform>=3.0<=3.7.61
Redhat Enterprise Linux Server=7.0
CVE-2020-10751
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrect...
redhat/kernel-rt<0:3.10.0-1160.rt56.1131.el7
redhat/kernel<0:3.10.0-1160.el7
redhat/kernel-rt<0:4.18.0-240.rt7.54.el8
redhat/kernel<0:4.18.0-240.el8
kernel SELinux<5.7
Redhat Enterprise Linux Server=7.0
and 87 more
CVE-2020-10531
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() func...
redhat/chromium-browser<80.0.3987.122
redhat/node<14.3.0
redhat/node<12.17.0
redhat/node<10.21.0
ubuntu/chromium-browser<80.0.3987.149-0ubuntu0.18.04.1
ubuntu/chromium-browser<80.0.3987.122
and 50 more
CVE-2020-6418
Google Chromium V8 Type Confusion Vulnerability
redhat/chromium-browser<0:80.0.3987.122-1.el6_10
debian/chromium
Google Chrome<80.0.3987.122
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Enterprise Linux Desktop=6.0
and 7 more
CVE-2020-6386
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<80.0.3987.116
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Workstation=6.0
and 4 more
CVE-2020-6383
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
<80.0.3987.116
redhat/chromium-browser<0:80.0.3987.122-1.el6_10
redhat/chromium-browser<80.0.3987.116
Google Chrome<80.0.3987.116
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 6 more
CVE-2020-6384
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<0:80.0.3987.122-1.el6_10
Google Chrome<80.0.3987.116
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
and 4 more
CVE-2020-3757
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead t...
redhat/flash-plugin<32.0.0.330
Adobe Flash Player<32.0.0.321
Apple macOS
Microsoft Windows
Adobe Flash Player<32.0.0.314
Linux Linux kernel
and 9 more
CVE-2020-6415
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6416
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6404
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6406
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6408
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6403
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple iPhone OS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 8 more
CVE-2020-6397
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6402
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a cr...
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple macOS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
and 7 more
CVE-2020-6398
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6400
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6393
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6394
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6392
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c...
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6396
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6391
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6385
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203