Redhat: >> Enterprise Linux >> 8.0 Security Vulnerabilities
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-03
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-03-03
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-03
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-02-25
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-02-25
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-02-25