Redhat Enterprise Linux Server vulnerabilities

CVE-2017-2618 [MEDIUM] CWE-193 CVE-2017-2618: A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr fil A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

CVE-2017-2633 [MEDIUM] CWE-120 CVE-2017-2633: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC disp An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

CVE-2017-15097 [MEDIUM] CWE-59 CVE-2017-15097: Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attack Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

CVE-2017-2626 [MEDIUM] CWE-331 CVE-2017-2626: It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

CVE-2017-2625 [MEDIUM] CWE-331 CVE-2017-2625: It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. O It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

CVE-2017-2616 [MEDIUM] CWE-267 CVE-2017-2616: A race condition was found in util-linux before 2.32.1 in the way su handled the management of child A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

CVE-2018-10878 [HIGH] CWE-787 CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds writ A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

CVE-2017-7537 [HIGH] CWE-592 CVE-2017-7537: It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

CVE-2018-10879 [HIGH] CWE-416 CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in e A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

CVE-2018-10901 [HIGH] CWE-665 CVE-2018-10901: A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the G A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their

CVE-2017-12163 [HIGH] CWE-200 CVE-2017-12163: An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

CVE-2017-12150 [HIGH] CWE-300 CVE-2017-12150: It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce " It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

CVE-2017-7562 [MEDIUM] CWE-287 CVE-2017-7562: An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled t An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

CVE-2018-10881 [MEDIUM] CWE-787 CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound acces A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

CVE-2017-18344 [MEDIUM] CWE-125 CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.1 The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel bui

CVE-2017-12171 [MEDIUM] CWE-284 CVE-2017-12171: A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comme A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

CVE-2018-13988 [MEDIUM] CWE-125 CVE-2018-13988: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

CVE-2018-10906 [HIGH] CWE-285 CVE-2018-10906: In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, acc

CVE-2018-5007 [HIGH] CWE-704 CVE-2018-5007: Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful e Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5008 [HIGH] CWE-125 CVE-2018-5008: Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Success Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.