Redhat Enterprise Linux Server Aus vulnerabilities

CVE-2019-3835 [MEDIUM] CWE-648 CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript bef It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

CVE-2019-3838 [MEDIUM] CWE-648 CVE-2019-3838: It was found that the forceput operator could be extracted from the DefineResource method in ghostsc It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

CVE-2019-3855 [HIGH] CWE-190 CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-7221 [HIGH] CWE-416 CVE-2019-7221: The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

CVE-2019-6116 [HIGH] CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system op In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

CVE-2019-7222 [MEDIUM] CVE-2019-7222: The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

CVE-2019-9903 [MEDIUM] CWE-787 CVE-2019-9903: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumpt PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta

CVE-2019-3816 [HIGH] CWE-22 CVE-2019-3816: Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because t Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

CVE-2019-9636 [CRITICAL] CVE-2019-9636: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encod Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A sp

CVE-2018-12390 [CRITICAL] CWE-119 CVE-2018-12390: Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firef Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 6

CVE-2018-18498 [CRITICAL] CWE-190 CVE-2018-18498: A potential vulnerability leading to an integer overflow can occur during buffer size calculations f A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

CVE-2018-12405 [CRITICAL] CWE-119 CVE-2018-12405: Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firef Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox <

CVE-2018-12392 [CRITICAL] CVE-2018-12392: When manipulating user events in nested loops while opening a document through script, it is possibl When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

CVE-2018-18493 [CRITICAL] CWE-119 CVE-2018-18493: A buffer overflow can occur in the Skia library during buffer offset calculations with hardware acce A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

CVE-2018-18492 [CRITICAL] CWE-416 CVE-2018-18492: A use-after-free vulnerability can occur after deleting a selection element due to a weak reference A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

CVE-2018-12389 [HIGH] CWE-119 CVE-2018-12389: Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. So Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.

CVE-2018-12393 [HIGH] CWE-190 CVE-2018-12393: A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox

CVE-2018-18494 [MEDIUM] CWE-346 CVE-2018-18494: A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascr A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

CVE-2018-12396 [MEDIUM] CWE-732 CVE-2018-12396: A vulnerability where a WebExtension can run content scripts in disallowed contexts following naviga A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.