Redhat Enterprise Linux Server vulnerabilities

CVE-2017-3136 [MEDIUM] CWE-617 CVE-2017-3136: A query with a specific set of characteristics could cause a server using DNS64 to encounter an asse A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6,

CVE-2017-3135 [MEDIUM] CWE-476 CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.

CVE-2019-2503 [MEDIUM] CVE-2019-2503: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handli Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL S

CVE-2019-2422 [LOW] CVE-2019-2422: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versio Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction fr

CVE-2019-2449 [LOW] CVE-2019-2449: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported v Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Succ

CVE-2017-3142 [LOW] CWE-20 CVE-2017-3142: An attacker who is able to send and receive messages to an authoritative DNS server and who has know An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providi

CVE-2018-14662 [MEDIUM] CWE-285 CVE-2018-14662: It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions co It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

CVE-2018-16846 [MEDIUM] CWE-770 CVE-2018-16846: It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

CVE-2018-16886 [HIGH] CWE-287 CVE-2018-16886: etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authenticati etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any va

CVE-2018-20699 [MEDIUM] CWE-400 CVE-2018-20699: Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

CVE-2018-16865 [HIGH] CWE-770 CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versio

CVE-2018-16864 [HIGH] CWE-770 CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

CVE-2019-6133 [MEDIUM] CWE-362 CVE-2019-6133: In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork( In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

CVE-2018-16866 [LOW] CWE-125 CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that term An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

CVE-2018-16068 [CRITICAL] CWE-20 CVE-2018-16068: Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to poten Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2018-6127 [CRITICAL] CWE-416 CVE-2018-6127: Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attac Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2018-6084 [HIGH] CWE-20 CVE-2018-6084: Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359 Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

CVE-2018-6144 [HIGH] CWE-787 CVE-2018-6144: Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perfo Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.

CVE-2016-9651 [HIGH] CWE-94 CVE-2016-9651: A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55. A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2018-6111 [HIGH] CWE-20 CVE-2018-6111: An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359. An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.