Redhat Enterprise Linux Server vulnerabilities

CVE-2018-18345 [MEDIUM] CVE-2018-18345: Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a r Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.

CVE-2018-18353 [MEDIUM] CVE-2018-18353: Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on And Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

CVE-2018-18352 [MEDIUM] CWE-732 CVE-2018-18352: Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prio Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.

CVE-2018-18351 [MEDIUM] CWE-20 CVE-2018-18351: Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google C Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

CVE-2018-18349 [MEDIUM] CWE-732 CVE-2018-18349: Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prio Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

CVE-2018-18344 [MEDIUM] CWE-269 CVE-2018-18344: Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.

CVE-2018-18311 [CRITICAL] CWE-190 CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression t Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-5802 [HIGH] CWE-125 CVE-2018-5802: An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVE-2018-5805 [HIGH] CWE-787 CVE-2018-5805: A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRa A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.

CVE-2018-5806 [MEDIUM] CWE-476 CVE-2018-5806: An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions pr An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5801 [MEDIUM] CWE-476 CVE-2018-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.1 An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5800 [MEDIUM] CWE-193 CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2018-9568 [HIGH] CWE-704 CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

CVE-2018-6152 [CRITICAL] CWE-434 CVE-2018-6152: The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as s The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

CVE-2018-16863 [HIGH] CVE-2018-16863: It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploi It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

CVE-2018-15981 [CRITICAL] CWE-704 CVE-2018-15981: Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploit Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2018-8786 [CRITICAL] CWE-680 CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

CVE-2018-8787 [CRITICAL] CWE-680 CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Ov FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

CVE-2018-15978 [HIGH] CWE-125 CVE-2018-15978: Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful ex Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12121 [HIGH] CWE-400 CVE-2018-12121: Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with la Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack pote