Red Hat Enterprise Linux Desktop RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Enterprise Linux Desktop.
By the Year
In 2024 there have been 5 vulnerabilities in Red Hat Enterprise Linux Desktop with an average score of 7.5 out of ten. Last year Enterprise Linux Desktop had 7 security vulnerabilities published. Right now, Enterprise Linux Desktop is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.75
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 5 | 7.48 |
2023 | 7 | 8.23 |
2022 | 12 | 7.31 |
2021 | 1 | 3.30 |
2020 | 50 | 7.36 |
2019 | 270 | 7.20 |
2018 | 443 | 7.27 |
It may take a day or so for new Enterprise Linux Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Enterprise Linux Desktop Security Vulnerabilities
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation
CVE-2024-1086
7.8 - High
- January 31, 2024
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Dangling pointer
A flaw was found in the X.Org server
CVE-2024-0409
7.8 - High
- January 18, 2024
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
Memory Corruption
A flaw was found in the X.Org server
CVE-2024-0408
5.5 - Medium
- January 18, 2024
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
A flaw was found in X.Org server
CVE-2023-6816
9.8 - Critical
- January 18, 2024
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
Memory Corruption
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA
CVE-2023-5455
6.5 - Medium
- January 10, 2024
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
Session Riding
A flaw was found in PostgreSQL
CVE-2023-5869
8.8 - High
- December 10, 2023
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Integer Overflow or Wraparound
A vulnerability was found in insights-client
CVE-2023-3972
7.8 - High
- November 01, 2023
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
Exposure of Resource to Wrong Sphere
A out-of-bounds write flaw was found in the xorg-x11-server
CVE-2023-5367
7.8 - High
- October 25, 2023
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
Memory Corruption
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization
CVE-2023-3899
7.8 - High
- August 23, 2023
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
AuthZ
A vulnerability was found in X.Org
CVE-2023-0494
7.8 - High
- March 27, 2023
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Dangling pointer
A vulnerability was found in WebKit
CVE-2019-8720
8.8 - High
- March 06, 2023
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Buffer Overflow
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
CVE-2022-4254
8.8 - High
- February 01, 2023
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which
CVE-2015-1931
5.5 - Medium
- September 29, 2022
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
Cleartext Storage of Sensitive Information
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries
CVE-2014-0148
5.5 - Medium
- September 29, 2022
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
Infinite Loop
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could
CVE-2014-0144
8.6 - High
- September 29, 2022
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Improper Input Validation
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots
CVE-2014-0147
6.2 - Medium
- September 29, 2022
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
Integer Overflow or Wraparound
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU
CVE-2022-0330
7.8 - High
- March 25, 2022
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
Improper Preservation of Permissions
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization
CVE-2021-3656
8.8 - High
- March 04, 2022
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
AuthZ
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "
CVE-2021-44142
8.8 - High
- February 21, 2022
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Out-of-bounds Read
A flaw was found in the way samba implemented SMB1 authentication
CVE-2016-2124
5.9 - Medium
- February 18, 2022
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
authentification
A flaw was found in the way Samba maps domain users to local users
CVE-2020-25717
8.1 - High
- February 18, 2022
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Improper Input Validation
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches
CVE-2021-4091
7.5 - High
- February 18, 2022
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
Double-free
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication
CVE-2020-25719
7.2 - High
- February 18, 2022
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
Race Condition
A local privilege escalation vulnerability was found on polkit's pkexec utility
CVE-2021-4034
7.8 - High
- January 28, 2022
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Out-of-bounds Read
In ImageMagick versions before 7.0.9-0
CVE-2020-27769
3.3 - Low
- May 14, 2021
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
A use after free issue was addressed with improved memory management
CVE-2019-8846
8.8 - High
- October 27, 2020
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Dangling pointer
A logic issue was addressed with improved validation
CVE-2020-3864
7.8 - High
- October 27, 2020
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
Origin Validation Error
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8835
8.8 - High
- October 27, 2020
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8844
8.8 - High
- October 27, 2020
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1
CVE-2020-10531
8.8 - High
- March 12, 2020
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Memory Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122
CVE-2020-6418
8.8 - High
- February 27, 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Use after free in speech in Google Chrome prior to 80.0.3987.116
CVE-2020-6386
8.8 - High
- February 27, 2020
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116
CVE-2020-6384
8.8 - High
- February 27, 2020
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Type confusion in V8 in Google Chrome prior to 80.0.3987.116
CVE-2020-6383
8.8 - High
- February 27, 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Adobe Flash Player versions 32.0.0.321 and earlier
CVE-2020-3757
8.8 - High
- February 13, 2020
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Object Type Confusion
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87
CVE-2020-6392
4.3 - Medium
- February 11, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
XSS
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87
CVE-2020-6381
8.8 - High
- February 11, 2020
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Integer Overflow or Wraparound
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87
CVE-2020-6382
8.8 - High
- February 11, 2020
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87
CVE-2020-6385
8.8 - High
- February 11, 2020
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Improper Check for Unusual or Exceptional Conditions
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87
CVE-2020-6390
8.8 - High
- February 11, 2020
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6391
4.3 - Medium
- February 11, 2020
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
XSS
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87
CVE-2020-6396
4.3 - Medium
- February 11, 2020
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87
CVE-2020-6402
8.8 - High
- February 11, 2020
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Improper Input Validation
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87
CVE-2020-6416
8.8 - High
- February 11, 2020
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Improper Input Validation
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87
CVE-2020-6415
8.8 - High
- February 11, 2020
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87
CVE-2020-6408
6.5 - Medium
- February 11, 2020
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
Use after free in audio in Google Chrome prior to 80.0.3987.87
CVE-2020-6406
8.8 - High
- February 11, 2020
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6404
8.8 - High
- February 11, 2020
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87
CVE-2020-6403
4.3 - Medium
- February 11, 2020
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87
CVE-2020-6400
6.5 - Medium
- February 11, 2020
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Side Channel Attack
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87
CVE-2020-6398
8.8 - High
- February 11, 2020
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Use of Uninitialized Resource
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87
CVE-2020-6397
6.5 - Medium
- February 11, 2020
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6394
5.4 - Medium
- February 11, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6393
6.5 - Medium
- February 11, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
AuthZ
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3
CVE-2012-4512
8.8 - High
- February 08, 2020
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
Object Type Confusion
HTTP request smuggling in Node.js 10
CVE-2019-15605
9.8 - Critical
- February 07, 2020
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
HTTP Request Smuggling
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and
CVE-2013-4166
7.5 - High
- February 06, 2020
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
Information Disclosure
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier
CVE-2014-8141
7.8 - High
- January 31, 2020
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Memory Corruption
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier
CVE-2014-8139
7.8 - High
- January 31, 2020
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Memory Corruption
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier
CVE-2014-8140
7.8 - High
- January 31, 2020
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Memory Corruption
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)
CVE-2020-2659
3.7 - Low
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries)
CVE-2020-2654
3.7 - Low
- January 15, 2020
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization)
CVE-2020-2604
8.1 - High
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Marshaling, Unmarshaling
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security)
CVE-2020-2601
6.8 - Medium
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)
CVE-2020-2593
4.8 - Medium
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security)
CVE-2020-2590
3.7 - Low
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization)
CVE-2020-2583
3.7 - Low
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload
CVE-2015-3147
6.5 - Medium
- January 14, 2020
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
insecure temporary file