Redhat Enterprise Linux vulnerabilities

CVE-2016-10730 [HIGH] CWE-264 CVE-2016-10730: An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a cl An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.

CVE-2016-10729 [HIGH] CWE-77 CVE-2016-10729: An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a cl An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

CVE-2018-18584 [MEDIUM] CWE-787 CVE-2018-18584: In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer i In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

CVE-2018-18438 [MEDIUM] CWE-190 CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer d Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

CVE-2018-12372 [MEDIUM] CWE-200 CVE-2018-12372: Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when include Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.

CVE-2018-12374 [MEDIUM] CWE-200 CVE-2018-12374: Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.

CVE-2018-12373 [MEDIUM] CWE-200 CVE-2018-12373: dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included i dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.

CVE-2018-10933 [CRITICAL] CWE-592 CVE-2018-10933: A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A m A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

CVE-2018-17456 [CRITICAL] CWE-88 CVE-2018-17456: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

CVE-2018-14648 [HIGH] CWE-400 CVE-2018-14648: A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive C A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.

CVE-2018-11763 [MEDIUM] CVE-2018-11763: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can oc In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

CVE-2018-14645 [HIGH] CWE-125 CVE-2018-14645: A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An ou A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

CVE-2016-7056 [MEDIUM] CWE-385 CVE-2016-7056: A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with l A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

CVE-2018-14618 [CRITICAL] CVE-2018-14618: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The in curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate outpu

CVE-2018-16540 [HIGH] CWE-416 CVE-2018-16540: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

CVE-2018-16542 [MEDIUM] CWE-787 CVE-2018-16542: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insu In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

CVE-2018-10928 [HIGH] CWE-59 CVE-2018-10928: A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink dest A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

CVE-2018-10926 [HIGH] CWE-20 CVE-2018-10926: A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

CVE-2018-10930 [MEDIUM] CWE-20 CVE-2018-10930: A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

CVE-2018-14622 [HIGH] CWE-252 CVE-2018-14622: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new conne