Redhat Enterprise Linux Server vulnerabilities

CVE-2018-17474 [HIGH] CWE-416 CVE-2018-17474: Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a re Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-17475 [MEDIUM] CVE-2018-17475: Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6082 [MEDIUM] CWE-200 CVE-2018-6082: Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325 Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

CVE-2018-17476 [MEDIUM] CVE-2018-17476: Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attack Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

CVE-2018-6077 [MEDIUM] CWE-200 CVE-2018-6077: Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrom Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-17477 [MEDIUM] CVE-2018-17477: Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote att Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.

CVE-2018-17471 [MEDIUM] CVE-2018-17471: Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote at Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

CVE-2018-6078 [MEDIUM] CWE-20 CVE-2018-6078: Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allow Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2018-6070 [MEDIUM] CWE-79 CVE-2018-6070: Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an at Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

CVE-2018-6079 [MEDIUM] CWE-200 CVE-2018-6079: Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome pri Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-6080 [MEDIUM] CWE-269 CVE-2018-6080: Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a r Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

CVE-2018-17467 [MEDIUM] CWE-459 CVE-2018-17467: Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-17468 [MEDIUM] CWE-200 CVE-2018-17468: Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.35 Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

CVE-2018-19115 [CRITICAL] CWE-787 CVE-2018-19115: keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.

CVE-2018-19107 [MEDIUM] CWE-125 CVE-2018-19107: In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image read In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

CVE-2018-19108 [MEDIUM] CWE-835 CVE-2018-19108: In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.

CVE-2018-19058 [MEDIUM] CWE-670 CVE-2018-19058: An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to deni An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVE-2018-18897 [MEDIUM] CWE-772 CVE-2018-18897: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfil An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

CVE-2018-14660 [MEDIUM] CWE-400 CVE-2018-14660: A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage o A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.

CVE-2018-14653 [HIGH] CWE-122 CVE-2018-14653: The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflo The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.