Redhat Enterprise Linux Desktop vulnerabilities

CVE-2018-6764 [HIGH] CWE-346 CVE-2018-6764: util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which al util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

CVE-2018-7225 [CRITICAL] CWE-190 CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

CVE-2018-7208 [HIGH] CWE-20 CVE-2018-7208: In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka li In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object

CVE-2018-1049 [MEDIUM] CWE-362 CVE-2018-1049: In systemd prior to 234 a race condition exists between .mount and .automount units such that automo In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

CVE-2018-6927 [HIGH] CWE-190 CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attacker The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

CVE-2018-6871 [CRITICAL] CVE-2018-6871: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =W LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

CVE-2018-1000026 [HIGH] CWE-20 CVE-2018-1000026: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2

CVE-2018-4877 [CRITICAL] CWE-416 CVE-2018-4877: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerab A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

CVE-2018-4878 [HIGH] CWE-416 CVE-2018-4878: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerab A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

CVE-2018-6560 [HIGH] CWE-436 CVE-2018-6560: In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

CVE-2018-6485 [CRITICAL] CWE-190 CVE-2018-6485: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C L An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

CVE-2018-1000001 [HIGH] CWE-787 CVE-2018-1000001: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be use In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

CVE-2018-5750 [MEDIUM] CWE-200 CVE-2018-5750: The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows lo The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

CVE-2018-5748 [HIGH] CWE-400 CVE-2018-5748: qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) vi qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

CVE-2018-1000007 [CRITICAL] CVE-2018-1000007: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` respo

CVE-2018-5950 [MEDIUM] CWE-79 CVE-2018-5950: Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attack Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

CVE-2018-5683 [MEDIUM] CWE-125 CVE-2018-5683: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of servi The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

CVE-2018-2633 [HIGH] CVE-2018-2633: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,

CVE-2018-2637 [HIGH] CVE-2018-2637: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,

CVE-2018-2562 [HIGH] CVE-2018-2562: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supp Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera