Redhat Enterprise Linux Desktop vulnerabilities

CVE-2018-17972 [MEDIUM] CWE-362 CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

CVE-2018-17581 [MEDIUM] CWE-400 CVE-2018-17581: CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

CVE-2018-14650 [MEDIUM] CWE-732 CVE-2018-14650: It was discovered that sos-collector does not properly set the default permissions of newly created It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

CVE-2018-6034 [HIGH] CWE-125 CVE-2018-6034: Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attac Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-14634 [HIGH] CWE-190 CVE-2018-14634: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileg An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

CVE-2018-15967 [HIGH] CWE-200 CVE-2018-15967: Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Succes Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-6054 [HIGH] CWE-416 CVE-2018-6054: Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potenti Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2018-6043 [HIGH] CWE-20 CVE-2018-6043: Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 al Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.

CVE-2018-6035 [HIGH] CWE-200 CVE-2018-6035: Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

CVE-2018-6031 [HIGH] CWE-416 CVE-2018-6031: Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potent Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2018-6033 [HIGH] CWE-20 CVE-2018-6033: Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote a Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

CVE-2018-14647 [HIGH] CWE-335 CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Thi Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in P

CVE-2018-6040 [MEDIUM] CWE-732 CVE-2018-6040: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.

CVE-2018-6052 [MEDIUM] CWE-200 CVE-2018-6052: Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0. Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.

CVE-2018-6036 [MEDIUM] CWE-20 CVE-2018-6036: Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.

CVE-2018-6032 [MEDIUM] CWE-20 CVE-2018-6032: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

CVE-2018-6037 [MEDIUM] CWE-200 CVE-2018-6037: Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote at Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.

CVE-2018-6038 [MEDIUM] CWE-119 CVE-2018-6038: Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to p Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-6042 [MEDIUM] CWE-20 CVE-2018-6042: Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker t Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6051 [MEDIUM] CWE-79 CVE-2018-6051: XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the sam XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.