Redhat Enterprise Linux Server vulnerabilities

CVE-2018-10923 [HIGH] CWE-20 CVE-2018-10923: It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a g It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.

CVE-2018-10911 [HIGH] CWE-190 CVE-2018-10911: A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key lengt A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.

CVE-2018-10926 [HIGH] CWE-20 CVE-2018-10926: A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

CVE-2018-10930 [MEDIUM] CWE-20 CVE-2018-10930: A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

CVE-2018-10913 [MEDIUM] CWE-209 CVE-2018-10913: An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

CVE-2018-10914 [MEDIUM] CWE-476 CVE-2018-10914: It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

CVE-2018-16435 [MEDIUM] CWE-190 CVE-2018-16435: Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet f Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

CVE-2018-16402 [CRITICAL] CWE-415 CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

CVE-2018-12828 [CRITICAL] CVE-2018-12828: Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vul Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.

CVE-2018-12825 [CRITICAL] CVE-2018-12825: Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitat Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.

CVE-2018-12827 [HIGH] CWE-125 CVE-2018-12827: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-12826 [HIGH] CWE-125 CVE-2018-12826: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-16062 [MEDIUM] CWE-125 CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attacker dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

CVE-2018-12824 [MEDIUM] CWE-125 CVE-2018-12824: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2017-15398 [CRITICAL] CWE-119 CVE-2017-15398: A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.

CVE-2017-15410 [HIGH] CWE-416 CVE-2017-15410: Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potenti Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2017-15411 [HIGH] CWE-416 CVE-2017-15411: Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potenti Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2017-15412 [HIGH] CWE-416 CVE-2017-15412: Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other pro Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2017-15399 [HIGH] CWE-416 CVE-2017-15399: A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potential A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2017-15407 [HIGH] CWE-787 CVE-2017-15407: Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a re Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.