Redhat Enterprise Linux Desktop vulnerabilities

CVE-2018-5345 [HIGH] CWE-787 CVE-2018-5345: A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attacker A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

CVE-2018-5344 [HIGH] CWE-362 CVE-2018-5344: In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

CVE-2018-4871 [HIGH] CWE-125 CVE-2018-4871: An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerabili An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensi

CVE-2017-15129 [MEDIUM] CWE-362 CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel befor A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an

CVE-2017-18017 [CRITICAL] CWE-416 CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVE-2017-16997 [HIGH] CWE-426 CVE-2017-16997: elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPA elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated

CVE-2017-17405 [HIGH] CWE-78 CVE-2017-17405: Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malici

CVE-2017-11305 [MEDIUM] CVE-2017-11305: A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unint A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

CVE-2017-1000407 [HIGH] CWE-754 CVE-2017-1000407: The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic po The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

CVE-2017-11215 [CRITICAL] CWE-416 CVE-2017-11215: An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information

CVE-2017-3112 [CRITICAL] CWE-125 CVE-2017-3112: An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability oc An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the

CVE-2017-11225 [CRITICAL] CWE-416 CVE-2017-11225: An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hi

CVE-2017-11213 [CRITICAL] CWE-125 CVE-2017-11213: An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability oc An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an in

CVE-2017-3114 [CRITICAL] CWE-125 CVE-2017-3114: An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability oc An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during acce

CVE-2017-1000410 [HIGH] CVE-2017-1000410: The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of th

CVE-2017-15121 [MEDIUM] CWE-20 CVE-2017-15121: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an app A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

CVE-2017-11281 [CRITICAL] CWE-119 CVE-2017-11281: Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

CVE-2017-11282 [CRITICAL] CWE-119 CVE-2017-11282: Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Succes Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

CVE-2017-14746 [CRITICAL] CWE-416 CVE-2017-14746: Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

CVE-2017-15275 [HIGH] CWE-119 CVE-2017-15275: Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failur Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.