Red Hat Enterprise Linux Server RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
By the Year
In 2023 there have been 5 vulnerabilities in Red Hat Enterprise Linux Server with an average score of 8.2 out of ten. Last year Enterprise Linux Server had 14 security vulnerabilities published. Right now, Enterprise Linux Server is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.91.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 5 | 8.20 |
2022 | 14 | 7.29 |
2021 | 1 | 3.70 |
2020 | 51 | 7.41 |
2019 | 284 | 7.20 |
2018 | 444 | 7.20 |
It may take a day or so for new Enterprise Linux Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Enterprise Linux Server Security Vulnerabilities
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization
CVE-2023-3899
7.8 - High
- August 23, 2023
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
AuthZ
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel
CVE-2023-0179
7.8 - High
- March 27, 2023
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
Integer Overflow or Wraparound
A vulnerability was found in X.Org
CVE-2023-0494
7.8 - High
- March 27, 2023
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Dangling pointer
A vulnerability was found in WebKit
CVE-2019-8720
8.8 - High
- March 06, 2023
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Buffer Overflow
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
CVE-2022-4254
8.8 - High
- February 01, 2023
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots
CVE-2014-0147
6.2 - Medium
- September 29, 2022
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
Integer Overflow or Wraparound
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could
CVE-2014-0144
8.6 - High
- September 29, 2022
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Improper Input Validation
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries
CVE-2014-0148
5.5 - Medium
- September 29, 2022
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
Infinite Loop
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which
CVE-2015-1931
5.5 - Medium
- September 29, 2022
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
Cleartext Storage of Sensitive Information
The version of podman as released for Red Hat Enterprise Linux 7 Extras
CVE-2022-2738
7.5 - High
- September 01, 2022
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
Dangling pointer
The version of podman as released for Red Hat Enterprise Linux 7 Extras
CVE-2022-2739
5.3 - Medium
- September 01, 2022
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.
Cleartext Storage of Sensitive Information
A privilege escalation flaw was found in Podman
CVE-2022-1227
8.8 - High
- April 29, 2022
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Improper Privilege Management
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU
CVE-2022-0330
7.8 - High
- March 25, 2022
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
Improper Preservation of Permissions
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization
CVE-2021-3656
8.8 - High
- March 04, 2022
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
AuthZ
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "
CVE-2021-44142
8.8 - High
- February 21, 2022
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Out-of-bounds Read
A flaw was found in the way samba implemented SMB1 authentication
CVE-2016-2124
5.9 - Medium
- February 18, 2022
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
authentification
A flaw was found in the way Samba maps domain users to local users
CVE-2020-25717
8.1 - High
- February 18, 2022
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Improper Input Validation
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches
CVE-2021-4091
7.5 - High
- February 18, 2022
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
Double-free
A local privilege escalation vulnerability was found on polkit's pkexec utility
CVE-2021-4034
7.8 - High
- January 28, 2022
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Out-of-bounds Read
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1
CVE-2019-14850
3.7 - Low
- March 18, 2021
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
Network Amplification
A use after free issue was addressed with improved memory management
CVE-2019-8846
8.8 - High
- October 27, 2020
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Dangling pointer
A logic issue was addressed with improved validation
CVE-2020-3864
7.8 - High
- October 27, 2020
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
Origin Validation Error
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8835
8.8 - High
- October 27, 2020
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8844
8.8 - High
- October 27, 2020
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc
CVE-2020-14300
8.8 - High
- July 13, 2020
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.
Improper Check for Dropped Privileges
The version of docker as released for Red Hat Enterprise Linux 7 Extras
CVE-2020-14298
8.8 - High
- July 13, 2020
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
Improper Check for Dropped Privileges
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed
CVE-2020-10751
6.1 - Medium
- May 26, 2020
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
Acceptance of Extraneous Untrusted Data With Trusted Data
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1
CVE-2020-10531
8.8 - High
- March 12, 2020
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Memory Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122
CVE-2020-6418
8.8 - High
- February 27, 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Use after free in speech in Google Chrome prior to 80.0.3987.116
CVE-2020-6386
8.8 - High
- February 27, 2020
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116
CVE-2020-6384
8.8 - High
- February 27, 2020
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Type confusion in V8 in Google Chrome prior to 80.0.3987.116
CVE-2020-6383
8.8 - High
- February 27, 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Adobe Flash Player versions 32.0.0.321 and earlier
CVE-2020-3757
8.8 - High
- February 13, 2020
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Object Type Confusion
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free
CVE-2020-8945
7.5 - High
- February 12, 2020
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
Dangling pointer
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87
CVE-2020-6402
8.8 - High
- February 11, 2020
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Improper Input Validation
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87
CVE-2020-6416
8.8 - High
- February 11, 2020
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Improper Input Validation
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87
CVE-2020-6415
8.8 - High
- February 11, 2020
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87
CVE-2020-6408
6.5 - Medium
- February 11, 2020
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
Use after free in audio in Google Chrome prior to 80.0.3987.87
CVE-2020-6406
8.8 - High
- February 11, 2020
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6404
8.8 - High
- February 11, 2020
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87
CVE-2020-6403
4.3 - Medium
- February 11, 2020
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87
CVE-2020-6400
6.5 - Medium
- February 11, 2020
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Side Channel Attack
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87
CVE-2020-6398
8.8 - High
- February 11, 2020
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Use of Uninitialized Resource
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87
CVE-2020-6397
6.5 - Medium
- February 11, 2020
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6394
5.4 - Medium
- February 11, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6393
6.5 - Medium
- February 11, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
AuthZ
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87
CVE-2020-6392
4.3 - Medium
- February 11, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
XSS
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87
CVE-2020-6396
4.3 - Medium
- February 11, 2020
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6391
4.3 - Medium
- February 11, 2020
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
XSS
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87
CVE-2020-6390
8.8 - High
- February 11, 2020
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87
CVE-2020-6385
8.8 - High
- February 11, 2020
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Improper Check for Unusual or Exceptional Conditions
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87
CVE-2020-6382
8.8 - High
- February 11, 2020
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87
CVE-2020-6381
8.8 - High
- February 11, 2020
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Integer Overflow or Wraparound
HTTP request smuggling in Node.js 10
CVE-2019-15605
9.8 - Critical
- February 07, 2020
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
HTTP Request Smuggling
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and
CVE-2013-4166
7.5 - High
- February 06, 2020
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
Information Disclosure
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier
CVE-2014-8141
7.8 - High
- January 31, 2020
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Memory Corruption
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier
CVE-2014-8140
7.8 - High
- January 31, 2020
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Memory Corruption
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier
CVE-2014-8139
7.8 - High
- January 31, 2020
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Memory Corruption
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization)
CVE-2020-2583
3.7 - Low
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security)
CVE-2020-2590
3.7 - Low
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)
CVE-2020-2593
4.8 - Medium
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security)
CVE-2020-2601
6.8 - Medium
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization)
CVE-2020-2604
8.1 - High
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Marshaling, Unmarshaling
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)
CVE-2020-2659
3.7 - Low
- January 15, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload
CVE-2015-3147
6.5 - Medium
- January 14, 2020
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
insecure temporary file
BSD mailx 8.1.2 and earlier
CVE-2014-7844
7.8 - High
- January 14, 2020
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
Injection
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c
CVE-2020-6851
7.5 - High
- January 13, 2020
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
Memory Corruption
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3
CVE-2019-17024
8.8 - High
- January 08, 2020
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Memory Corruption
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters
CVE-2019-17022
6.1 - Medium
- January 08, 2020
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
XSS
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash
CVE-2019-17017
8.8 - High
- January 08, 2020
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Object Type Confusion
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule
CVE-2019-17016
6.1 - Medium
- January 08, 2020
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
XSS
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-19925
7.5 - High
- December 24, 2019
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
Unrestricted File Upload
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in
CVE-2019-19923
7.5 - High
- December 24, 2019
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
NULL Pointer Dereference
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors
CVE-2019-19926
7.5 - High
- December 23, 2019
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
NULL Pointer Dereference
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs
CVE-2018-1311
8.1 - High
- December 18, 2019
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
Dangling pointer
A type confusion issue was addressed with improved memory handling
CVE-2019-8506
8.8 - High
- December 18, 2019
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Object Type Confusion
A memory corruption issue was addressed with improved state management
CVE-2019-8535
8.8 - High
- December 18, 2019
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
A memory corruption issue was addressed with improved memory handling
CVE-2019-8536
8.8 - High
- December 18, 2019
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
A memory corruption issue was addressed with improved memory handling
CVE-2019-8544
8.8 - High
- December 18, 2019
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8669
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8672
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8676
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8684
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8688
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8689
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8814
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8815
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling
CVE-2019-8816
8.8 - High
- December 18, 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
exprListAppendList in window.c in SQLite 3.30.1
CVE-2019-19880
7.5 - High
- December 18, 2019
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
NULL Pointer Dereference
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79
CVE-2019-13730
8.8 - High
- December 10, 2019
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79
CVE-2019-13734
8.8 - High
- December 10, 2019
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79
CVE-2019-13764
8.8 - High
- December 10, 2019
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79
CVE-2019-13745
6.5 - Medium
- December 10, 2019
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79
CVE-2019-13743
6.5 - Medium
- December 10, 2019
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79
CVE-2019-13741
8.8 - High
- December 10, 2019
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.
XSS
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79
CVE-2019-13740
6.5 - Medium
- December 10, 2019
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Origin Validation Error
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79
CVE-2019-13739
6.5 - Medium
- December 10, 2019
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79
CVE-2019-13738
6.5 - Medium
- December 10, 2019
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Improper Privilege Management
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79
CVE-2019-13737
6.5 - Medium
- December 10, 2019
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Information Disclosure
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79
CVE-2019-13736
8.8 - High
- December 10, 2019
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Desktop or by Red Hat? Click the Watch button to subscribe.
Red Hat Enterprise Linux Server
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
