rpm package
almalinux/accountsservice-devel
pkg:rpm/almalinux/accountsservice-devel
Vulnerabilities (40)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-1799 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Apr 2, 2021 | A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able | ||
| CVE-2021-1789 | — | KEV | < 0.6.55-2.el8 | 0.6.55-2.el8 | Apr 2, 2021 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web co | |
| CVE-2021-1788 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Apr 2, 2021 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web | ||
| CVE-2021-1765 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Apr 2, 2021 | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. | ||
| CVE-2020-29623 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Apr 2, 2021 | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unabl | ||
| CVE-2021-28650 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Mar 17, 2021 | autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists becaus | ||
| CVE-2020-13558 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Mar 3, 2021 | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | ||
| CVE-2020-36241 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Feb 5, 2021 | autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | ||
| CVE-2020-27918 | — | < 0.6.55-2.el8 | 0.6.55-2.el8 | Dec 8, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le | ||
| CVE-2020-13584 | — | < 0.6.55-1.el8 | 0.6.55-1.el8 | Dec 3, 2020 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | ||
| CVE-2020-13543 | — | < 0.6.55-1.el8 | 0.6.55-1.el8 | Dec 3, 2020 | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerab | ||
| CVE-2020-9983 | — | < 0.6.55-1.el8 | 0.6.55-1.el8 | Oct 16, 2020 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | ||
| CVE-2020-9951 | — | < 0.6.55-1.el8 | 0.6.55-1.el8 | Oct 16, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2020-9948 | — | < 0.6.55-1.el8 | 0.6.55-1.el8 | Oct 16, 2020 | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2019-13012 | — | < 0.6.55-1.el8 | 0.6.55-1.el8 | Jun 28, 2019 | The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, | ||
| CVE-2019-12449 | — | < 0.6.50-8.el8 | 0.6.50-8.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | ||
| CVE-2019-12448 | — | < 0.6.50-8.el8 | 0.6.50-8.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | ||
| CVE-2019-12447 | — | < 0.6.50-8.el8 | 0.6.50-8.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | ||
| CVE-2019-3825 | — | < 0.6.50-8.el8 | 0.6.50-8.el8 | Feb 6, 2019 | A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | ||
| CVE-2018-20337 | — | < 0.6.50-8.el8 | 0.6.50-8.el8 | Dec 21, 2018 | There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. |
- CVE-2021-1799Apr 2, 2021affected < 0.6.55-2.el8fixed 0.6.55-2.el8
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able
- affected < 0.6.55-2.el8fixed 0.6.55-2.el8
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web co
- CVE-2021-1788Apr 2, 2021affected < 0.6.55-2.el8fixed 0.6.55-2.el8
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web
- CVE-2021-1765Apr 2, 2021affected < 0.6.55-2.el8fixed 0.6.55-2.el8
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
- CVE-2020-29623Apr 2, 2021affected < 0.6.55-2.el8fixed 0.6.55-2.el8
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unabl
- CVE-2021-28650Mar 17, 2021affected < 0.6.55-2.el8fixed 0.6.55-2.el8
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists becaus
- CVE-2020-13558Mar 3, 2021affected < 0.6.55-2.el8fixed 0.6.55-2.el8
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
- CVE-2020-36241Feb 5, 2021affected < 0.6.55-2.el8fixed 0.6.55-2.el8
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
- CVE-2020-27918Dec 8, 2020affected < 0.6.55-2.el8fixed 0.6.55-2.el8
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le
- CVE-2020-13584Dec 3, 2020affected < 0.6.55-1.el8fixed 0.6.55-1.el8
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
- CVE-2020-13543Dec 3, 2020affected < 0.6.55-1.el8fixed 0.6.55-1.el8
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerab
- CVE-2020-9983Oct 16, 2020affected < 0.6.55-1.el8fixed 0.6.55-1.el8
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
- CVE-2020-9951Oct 16, 2020affected < 0.6.55-1.el8fixed 0.6.55-1.el8
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2020-9948Oct 16, 2020affected < 0.6.55-1.el8fixed 0.6.55-1.el8
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-13012Jun 28, 2019affected < 0.6.55-1.el8fixed 0.6.55-1.el8
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL,
- CVE-2019-12449May 29, 2019affected < 0.6.50-8.el8fixed 0.6.50-8.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
- CVE-2019-12448May 29, 2019affected < 0.6.50-8.el8fixed 0.6.50-8.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
- CVE-2019-12447May 29, 2019affected < 0.6.50-8.el8fixed 0.6.50-8.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
- CVE-2019-3825Feb 6, 2019affected < 0.6.50-8.el8fixed 0.6.50-8.el8
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
- CVE-2018-20337Dec 21, 2018affected < 0.6.50-8.el8fixed 0.6.50-8.el8
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
Page 2 of 2