rpm package
almalinux/vala-devel
pkg:rpm/almalinux/vala-devel
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-13584 | — | < 0.40.19-2.el8 | 0.40.19-2.el8 | Dec 3, 2020 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | ||
| CVE-2020-13543 | — | < 0.40.19-2.el8 | 0.40.19-2.el8 | Dec 3, 2020 | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerab | ||
| CVE-2020-9983 | — | < 0.40.19-2.el8 | 0.40.19-2.el8 | Oct 16, 2020 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | ||
| CVE-2020-9951 | — | < 0.40.19-2.el8 | 0.40.19-2.el8 | Oct 16, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2020-9948 | — | < 0.40.19-2.el8 | 0.40.19-2.el8 | Oct 16, 2020 | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2019-13012 | — | < 0.40.19-2.el8 | 0.40.19-2.el8 | Jun 28, 2019 | The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, | ||
| CVE-2019-12449 | — | < 0.40.19-1.el8 | 0.40.19-1.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | ||
| CVE-2019-12448 | — | < 0.40.19-1.el8 | 0.40.19-1.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | ||
| CVE-2019-12447 | — | < 0.40.19-1.el8 | 0.40.19-1.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | ||
| CVE-2019-3825 | — | < 0.40.19-1.el8 | 0.40.19-1.el8 | Feb 6, 2019 | A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | ||
| CVE-2018-20337 | — | < 0.40.19-1.el8 | 0.40.19-1.el8 | Dec 21, 2018 | There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. |
- CVE-2020-13584Dec 3, 2020affected < 0.40.19-2.el8fixed 0.40.19-2.el8
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
- CVE-2020-13543Dec 3, 2020affected < 0.40.19-2.el8fixed 0.40.19-2.el8
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerab
- CVE-2020-9983Oct 16, 2020affected < 0.40.19-2.el8fixed 0.40.19-2.el8
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
- CVE-2020-9951Oct 16, 2020affected < 0.40.19-2.el8fixed 0.40.19-2.el8
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2020-9948Oct 16, 2020affected < 0.40.19-2.el8fixed 0.40.19-2.el8
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-13012Jun 28, 2019affected < 0.40.19-2.el8fixed 0.40.19-2.el8
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL,
- CVE-2019-12449May 29, 2019affected < 0.40.19-1.el8fixed 0.40.19-1.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
- CVE-2019-12448May 29, 2019affected < 0.40.19-1.el8fixed 0.40.19-1.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
- CVE-2019-12447May 29, 2019affected < 0.40.19-1.el8fixed 0.40.19-1.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
- CVE-2019-3825Feb 6, 2019affected < 0.40.19-1.el8fixed 0.40.19-1.el8
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
- CVE-2018-20337Dec 21, 2018affected < 0.40.19-1.el8fixed 0.40.19-1.el8
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.