Redhat Enterprise Linux Server vulnerabilities

CVE-2018-3058 [MEDIUM] CVE-2018-3058: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versio Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can

CVE-2018-3081 [MEDIUM] CVE-2018-3081: Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Support Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful att

CVE-2018-2973 [MEDIUM] CVE-2018-2973: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Sup Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attack

CVE-2018-2940 [MEDIUM] CVE-2018-2940: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Suc

CVE-2018-2767 [LOW] CVE-2018-2767: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encrypt Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t

CVE-2018-3066 [LOW] CVE-2018-3066: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Support Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerab

CVE-2018-2952 [LOW] CVE-2018-2952: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: C Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise J

CVE-2018-14362 [CRITICAL] CWE-119 CVE-2018-14362: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid c An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

CVE-2018-14357 [CRITICAL] CWE-78 CVE-2018-14357: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

CVE-2018-14354 [CRITICAL] CWE-78 CVE-2018-14354: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

CVE-2018-10861 [HIGH] CWE-285 CVE-2018-10861: A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

CVE-2018-1128 [HIGH] CWE-294 CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulner It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, lumino

CVE-2018-1129 [MEDIUM] CWE-284 CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An a A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

CVE-2018-10872 [MEDIUM] CWE-250 CVE-2018-10872: A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch opera A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use th

CVE-2018-3693 [MEDIUM] CVE-2018-3693: Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

CVE-2018-4945 [HIGH] CWE-704 CVE-2018-4945: Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful e Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5002 [HIGH] CWE-787 CVE-2018-5002: Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5001 [MEDIUM] CWE-125 CVE-2018-5001: Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Success Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5000 [MEDIUM] CWE-190 CVE-2018-5000: Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successfu Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-13785 [MEDIUM] CWE-190 CVE-2018-13785: In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.