Redhat Enterprise Linux vulnerabilities

CVE-2018-1128 [HIGH] CWE-294 CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulner It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, lumino

CVE-2018-1129 [MEDIUM] CWE-284 CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An a A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

CVE-2018-10872 [MEDIUM] CWE-250 CVE-2018-10872: A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch opera A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use th

CVE-2018-3693 [MEDIUM] CVE-2018-3693: Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

CVE-2018-10892 [MEDIUM] CWE-250 CVE-2018-10892: The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not b The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

CVE-2018-3760 [HIGH] CWE-22 CVE-2018-3760: There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3 There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release s

CVE-2018-3665 [MEDIUM] CWE-200 CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based micropro System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

CVE-2018-10850 [MEDIUM] CWE-362 CVE-2018-10850: 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-ba 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

CVE-2017-7786 [CRITICAL] CWE-119 CVE-2017-7786: A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2017-5396 [CRITICAL] CWE-416 CVE-2017-5396: A use-after-free vulnerability in the Media Decoder when working with media files when some events a A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

CVE-2017-5442 [CRITICAL] CWE-416 CVE-2017-5442: A use-after-free vulnerability during changes in style when manipulating DOM elements. This results A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5433 [CRITICAL] CWE-416 CVE-2017-5433: A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation element A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5432 [CRITICAL] CWE-416 CVE-2017-5432: A use-after-free vulnerability occurs during certain text input selection resulting in a potentially A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7785 [CRITICAL] CWE-119 CVE-2017-7785: A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attribute A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2017-5428 [CRITICAL] CWE-190 CVE-2017-5428: An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for t An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Fir

CVE-2017-7792 [CRITICAL] CWE-119 CVE-2017-7792: A buffer overflow will occur when viewing a certificate in the certificate manager if the certificat A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2017-5410 [CRITICAL] CWE-119 CVE-2017-5410: Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScri Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVE-2017-7793 [CRITICAL] CWE-416 CVE-2017-7793: A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window a A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVE-2018-5096 [CRITICAL] CWE-416 CVE-2018-5096: A use-after-free vulnerability can occur while editing events in form elements on a page, resulting A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.

CVE-2017-7802 [CRITICAL] CWE-416 CVE-2017-7802: A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an ima A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.