Vulnerabilities > Redhat > Enterprise Linux Desktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2022-4254 | LDAP Injection vulnerability in multiple products sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | 8.8 |
| 2022-09-29 | CVE-2014-0144 | Improper Input Validation vulnerability in multiple products QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | 8.6 |
| 2022-09-29 | CVE-2014-0147 | Integer Overflow or Wraparound vulnerability in multiple products Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | 6.2 |
| 2022-09-29 | CVE-2014-0148 | Infinite Loop vulnerability in multiple products Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. | 5.5 |
| 2022-09-29 | CVE-2015-1931 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 5.5 |
| 2022-03-25 | CVE-2022-0330 | Improper Preservation of Permissions vulnerability in multiple products A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. | 7.8 |
| 2022-03-04 | CVE-2021-3656 | Missing Authorization vulnerability in multiple products A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. | 8.8 |
| 2022-02-21 | CVE-2021-44142 | Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. | 8.8 |
| 2022-02-18 | CVE-2016-2124 | Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. | 5.9 |
| 2022-02-18 | CVE-2020-25717 | Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. | 8.1 |