Redhat Enterprise Linux Server vulnerabilities

CVE-2016-9583 [HIGH] CWE-125 CVE-2016-9583: An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper befor An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

CVE-2016-9573 [HIGH] CWE-125 CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Convertin An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

CVE-2016-8654 [HIGH] CWE-122 CVE-2016-8654: A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allo A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

CVE-2016-8635 [MEDIUM] CWE-358 CVE-2016-8635: It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

CVE-2016-8626 [MEDIUM] CWE-476 CVE-2016-8626: A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object re A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.

CVE-2017-7518 [HIGH] CWE-250 CVE-2017-7518: A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the tra A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux

CVE-2018-10883 [MEDIUM] CWE-787 CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds writ A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

CVE-2018-14682 [HIGH] CWE-193 CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

CVE-2018-14681 [HIGH] CWE-787 CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KW An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

CVE-2018-14679 [MEDIUM] CWE-193 CVE-2018-14679: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

CVE-2018-14680 [MEDIUM] CWE-20 CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

CVE-2017-15101 [CRITICAL] CWE-121 CVE-2017-15101: A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of lib A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

CVE-2016-9603 [CRITICAL] CWE-122 CVE-2016-9603: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver s A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute a

CVE-2017-2640 [CRITICAL] CWE-787 CVE-2017-2640: An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malic An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

CVE-2017-2620 [CRITICAL] CWE-787 CVE-2017-2620: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of th

CVE-2016-9578 [HIGH] CWE-20 CVE-2016-9578: A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacke A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

CVE-2016-9577 [HIGH] CWE-20 CVE-2016-9577: A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authent A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

CVE-2017-12173 [HIGH] CWE-20 CVE-2017-12173: It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requ It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

CVE-2017-2590 [HIGH] CWE-732 CVE-2017-2590: A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did no A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and de

CVE-2017-2634 [HIGH] CWE-476 CVE-2017-2634: It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation befo It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.