Redhat Enterprise Linux Server vulnerabilities

CVE-2018-3136 [LOW] CVE-2018-3136: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu

CVE-2018-17961 [HIGH] CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via v Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

CVE-2018-18310 [MEDIUM] CWE-119 CVE-2018-18310: An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in e An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

CVE-2018-18073 [MEDIUM] CWE-200 CVE-2018-18073: Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

CVE-2018-14649 [CRITICAL] CWE-77 CVE-2018-14649: It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-w It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successf

CVE-2018-18074 [HIGH] CWE-522 CVE-2018-18074: The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

CVE-2018-1000805 [HIGH] CWE-863 CVE-2018-1000805: Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Contr Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

CVE-2018-1000807 [HIGH] CWE-416 CVE-2018-1000807: Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use Aft Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a referen

CVE-2018-1000808 [MEDIUM] CWE-404 CVE-2018-1000808: Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Rel Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as s

CVE-2018-17456 [CRITICAL] CWE-88 CVE-2018-17456: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

CVE-2018-11784 [MEDIUM] CWE-601 CVE-2018-11784: When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

CVE-2018-17972 [MEDIUM] CWE-362 CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

CVE-2018-17581 [MEDIUM] CWE-400 CVE-2018-17581: CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

CVE-2018-14650 [MEDIUM] CWE-732 CVE-2018-14650: It was discovered that sos-collector does not properly set the default permissions of newly created It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

CVE-2018-6034 [HIGH] CWE-125 CVE-2018-6034: Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attac Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-14634 [HIGH] CWE-190 CVE-2018-14634: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileg An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

CVE-2018-15967 [HIGH] CWE-200 CVE-2018-15967: Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Succes Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-6054 [HIGH] CWE-416 CVE-2018-6054: Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potenti Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2018-14633 [HIGH] CWE-121 CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the vi

CVE-2018-6043 [HIGH] CWE-20 CVE-2018-6043: Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 al Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.