Redhat Enterprise Linux vulnerabilities

CVE-2018-20685 [MEDIUM] CWE-863 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrict In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVE-2018-20662 [MEDIUM] CWE-20 CVE-2018-20662: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (applica In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

CVE-2018-20650 [MEDIUM] CWE-20 CVE-2018-20650: A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of ser A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

CVE-2018-16884 [HIGH] CWE-416 CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privil

CVE-2018-18314 [CRITICAL] CWE-119 CVE-2018-18314: Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid writ Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 [CRITICAL] CWE-125 CVE-2018-18313: Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18311 [CRITICAL] CWE-190 CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression t Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18312 [CRITICAL] CWE-119 CVE-2018-18312: Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression t Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-12121 [HIGH] CWE-400 CVE-2018-12121: Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with la Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack pote

CVE-2018-16862 [MEDIUM] CWE-200 CVE-2018-16862: A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

CVE-2018-16395 [CRITICAL] CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x befor An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument conta

CVE-2018-16396 [HIGH] CVE-2018-16396: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x befo An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

CVE-2018-16850 [CRITICAL] CWE-89 CVE-2018-16850: postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

CVE-2018-19215 [HIGH] CWE-125 CVE-2018-19215: Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/pre Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.

CVE-2018-19214 [HIGH] CWE-125 CVE-2018-19214: Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/pre Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.

CVE-2018-19208 [MEDIUM] CWE-476 CVE-2018-19208: In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTabl In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

CVE-2018-14667 [CRITICAL] CWE-94 CVE-2018-14667: The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via th The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

CVE-2018-18897 [MEDIUM] CWE-772 CVE-2018-18897: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfil An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

CVE-2018-14651 [HIGH] CVE-2018-14651: It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CV It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

CVE-2018-18751 [CRITICAL] CWE-415 CVE-2018-18751: An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.