Redhat Enterprise Linux Desktop vulnerabilities

CVE-2018-6077 [MEDIUM] CWE-200 CVE-2018-6077: Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrom Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-17477 [MEDIUM] CVE-2018-17477: Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote att Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.

CVE-2018-17471 [MEDIUM] CVE-2018-17471: Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote at Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

CVE-2018-6078 [MEDIUM] CWE-20 CVE-2018-6078: Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allow Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2018-6070 [MEDIUM] CWE-79 CVE-2018-6070: Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an at Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

CVE-2018-6079 [MEDIUM] CWE-200 CVE-2018-6079: Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome pri Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-6080 [MEDIUM] CWE-269 CVE-2018-6080: Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a r Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

CVE-2018-17467 [MEDIUM] CWE-459 CVE-2018-17467: Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-17468 [MEDIUM] CWE-200 CVE-2018-17468: Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.35 Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

CVE-2018-19107 [MEDIUM] CWE-125 CVE-2018-19107: In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image read In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

CVE-2018-19108 [MEDIUM] CWE-835 CVE-2018-19108: In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.

CVE-2018-19058 [MEDIUM] CWE-670 CVE-2018-19058: An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to deni An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVE-2018-18897 [MEDIUM] CWE-772 CVE-2018-18897: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfil An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

CVE-2016-2125 [MEDIUM] CWE-287 CVE-2016-2125: It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets wh It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

CVE-2018-15688 [HIGH] CWE-120 CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to ov A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

CVE-2018-14665 [MEDIUM] CWE-863 CVE-2018-14665: A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

CVE-2018-18585 [MEDIUM] CWE-476 CVE-2018-18585: chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

CVE-2018-18559 [HIGH] CWE-362 CVE-2018-18559: In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_ In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister ac

CVE-2018-18284 [HIGH] CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via v Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

CVE-2018-18521 [MEDIUM] CWE-369 CVE-2018-18521: Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allo Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.