Redhat Enterprise Linux vulnerabilities

CVE-2016-9895 [MEDIUM] CWE-254 CVE-2016-9895: Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) th Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2018-11235 [HIGH] CWE-22 CVE-2018-11235: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x b In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then ap

CVE-2018-1000199 [MEDIUM] CWE-119 CVE-2018-1000199: The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoin The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad

CVE-2018-1126 [CRITICAL] CVE-2018-1126: procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading t procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

CVE-2018-1124 [HIGH] CWE-122 CVE-2018-1124: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corrup procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

CVE-2018-1111 [HIGH] CWE-77 CVE-2018-1111: DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a comman DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on syst

CVE-2018-1087 [HIGH] CWE-250 CVE-2018-1087: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and e

CVE-2018-10184 [HIGH] CWE-119 CVE-2018-10184: An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against th An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented int

CVE-2017-2591 [HIGH] CWE-122 CVE-2017-2591: 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniquen 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP ser

CVE-2018-10393 [HIGH] CWE-125 CVE-2018-10393: bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

CVE-2018-10392 [HIGH] CWE-125 CVE-2018-10392: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

CVE-2018-1059 [MEDIUM] CWE-200 CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range i The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

CVE-2018-1079 [MEDIUM] CWE-552 CVE-2018-1079: pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user mali pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary fil

CVE-2018-6914 [HIGH] CWE-22 CVE-2018-6914: Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2. Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.

CVE-2018-8778 [HIGH] CWE-134 CVE-2018-8778: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

CVE-2018-8777 [HIGH] CWE-400 CVE-2018-8777: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

CVE-2017-15715 [HIGH] CWE-20 CVE-2017-15715: In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newli In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

CVE-2017-15710 [HIGH] CWE-787 CVE-2017-15710: In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configur In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate

CVE-2018-1301 [MEDIUM] CWE-119 CVE-2018-1301: A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due t A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server us

CVE-2018-1283 [MEDIUM] CVE-2018-1283: In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI a In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the A