Redhat Enterprise Linux vulnerabilities

CVE-2017-15116 [MEDIUM] CWE-476 CVE-2017-15116: The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).

CVE-2017-15102 [MEDIUM] CWE-476 CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

CVE-2017-1000111 [HIGH] CVE-2017-1000111: Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously dis Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue

CVE-2017-1000253 [HIGH] CWE-119 CVE-2017-1000253: Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/ Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a se

CVE-2015-7837 [MEDIUM] CWE-254 CVE-2015-7837: The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when bo The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.

CVE-2015-7553 [MEDIUM] CWE-362 CVE-2015-7553: Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.

CVE-2017-10661 [HIGH] CWE-416 CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privile Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

CVE-2017-3106 [HIGH] CWE-704 CVE-2017-3106: Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3085 [HIGH] CWE-601 CVE-2017-3085: Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads t Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CVE-2014-0143 [HIGH] CWE-190 CVE-2014-0143: Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table

CVE-2016-6312 [MEDIUM] CVE-2016-6312: The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat E The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-

CVE-2017-9953 [HIGH] CWE-416 CVE-2017-9953: There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.2 There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

CVE-2017-1000376 [HIGH] CWE-119 CVE-2017-1000376: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code executi libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vuln

CVE-2017-1000366 [HIGH] CWE-119 CVE-2017-1000366: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate th glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploita

CVE-2017-3070 [HIGH] CWE-787 CVE-2017-3070: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3069 [HIGH] CWE-787 CVE-2017-3069: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3071 [HIGH] CWE-416 CVE-2017-3071: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3074 [HIGH] CWE-787 CVE-2017-3074: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3068 [HIGH] CWE-787 CVE-2017-3068: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3072 [HIGH] CWE-787 CVE-2017-3072: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.