logo
DATABASE RESOURCES PRICING ABOUT US

RHEL 8 : GNOME (RHSA-2021:4381)

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4381 advisory. - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788, CVE-2021-30795) - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete fix) (CVE-2020-36241) - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801) - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871) - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749, CVE-2021-30799) - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related