Redhat Enterprise Linux vulnerabilities

CVE-2018-10936 [HIGH] CWE-297 CVE-2018-10936: A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Fac A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it

CVE-2011-2767 [CRITICAL] CWE-94 CVE-2011-2767: mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user- mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context

CVE-2015-5160 [MEDIUM] CWE-200 CVE-2015-5160: libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

CVE-2017-7518 [HIGH] CWE-250 CVE-2017-7518: A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the tra A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux

CVE-2018-10883 [MEDIUM] CWE-787 CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds writ A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

CVE-2017-15118 [CRITICAL] CWE-121 CVE-2017-15118: A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2. A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overf

CVE-2017-12151 [HIGH] CWE-300 CVE-2017-12151: A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encr A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

CVE-2017-2590 [HIGH] CWE-732 CVE-2017-2590: A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did no A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and de

CVE-2017-2618 [MEDIUM] CWE-193 CVE-2017-2618: A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr fil A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

CVE-2017-2623 [MEDIUM] CWE-295 CVE-2017-2623: It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG sig It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.

CVE-2018-10882 [MEDIUM] CWE-787 CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

CVE-2017-2625 [MEDIUM] CWE-331 CVE-2017-2625: It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. O It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

CVE-2018-10879 [HIGH] CWE-416 CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in e A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

CVE-2017-7562 [MEDIUM] CWE-287 CVE-2017-7562: An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled t An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

CVE-2017-12171 [MEDIUM] CWE-284 CVE-2017-12171: A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comme A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

CVE-2018-1002200 [MEDIUM] CWE-22 CVE-2018-1002200: plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to ar plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-10880 [MEDIUM] CWE-787 CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

CVE-2018-10869 [HIGH] CWE-552 CVE-2018-10869: redhat-certification does not properly restrict files that can be download through the /download pag redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CVE-2018-10877 [MEDIUM] CWE-125 CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() fun Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

CVE-2018-10840 [MEDIUM] CWE-122 CVE-2018-10840: Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_ent Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.