Redhat Enterprise Linux Desktop vulnerabilities

CVE-2018-18500 [CRITICAL] CWE-416 CVE-2018-18500: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML e A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

CVE-2018-18501 [CRITICAL] CWE-119 CVE-2018-18501: Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firef Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox <

CVE-2018-18505 [CRITICAL] CVE-2018-18505: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authenti An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later chann

CVE-2018-18506 [MEDIUM] CVE-2018-18506: When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file o When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attack

CVE-2019-3813 [HIGH] CWE-193 CVE-2019-3813: Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one e Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

CVE-2019-1000020 [MEDIUM] CWE-835 CVE-2019-1000020: libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploi

CVE-2019-7317 [MEDIUM] CWE-416 CVE-2019-7317: png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_fu png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

CVE-2019-1000019 [MEDIUM] CWE-125 CVE-2019-1000019: libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially

CVE-2019-7310 [HIGH] CWE-125 CVE-2019-7310: In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::ge In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

CVE-2019-7150 [MEDIUM] CWE-125 CVE-2019-7150: An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlat An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

CVE-2019-3815 [LOW] CVE-2019-3815: A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Re

CVE-2018-16881 [HIGH] CWE-190 CVE-2018-16881: A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

CVE-2018-15982 [HIGH] CWE-416 CVE-2018-15982: Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulne Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3144 [HIGH] CWE-400 CVE-2017-3144: A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exha A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not

CVE-2017-3137 [HIGH] CWE-617 CVE-2017-3137: Mistaken assumptions about the ordering of records in the answer section of a response containing CN Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc

CVE-2018-5733 [HIGH] CWE-190 CVE-2018-5733: A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

CVE-2017-3145 [HIGH] CWE-416 CVE-2017-3145: BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in s BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

CVE-2018-5740 [HIGH] CWE-617 CVE-2018-5740: "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect e "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND

CVE-2019-2529 [MEDIUM] CVE-2019-2529: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner

CVE-2019-2455 [MEDIUM] CVE-2019-2455: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supporte Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabi