Redhat Enterprise Linux Server Aus vulnerabilities

CVE-2018-15911 [HIGH] CWE-908 CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

CVE-2018-15909 [HIGH] CWE-704 CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

CVE-2018-15908 [HIGH] CVE-2018-15908: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript fil In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

CVE-2015-5160 [MEDIUM] CWE-200 CVE-2015-5160: libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

CVE-2018-10873 [HIGH] CWE-119 CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for dema A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

CVE-2018-5390 [HIGH] CWE-400 CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() an Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVE-2016-9583 [HIGH] CWE-125 CVE-2016-9583: An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper befor An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

CVE-2016-9573 [HIGH] CWE-125 CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Convertin An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

CVE-2016-8654 [HIGH] CWE-122 CVE-2016-8654: A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allo A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

CVE-2016-8635 [MEDIUM] CWE-358 CVE-2016-8635: It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

CVE-2017-7518 [HIGH] CWE-250 CVE-2017-7518: A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the tra A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux

CVE-2017-15101 [CRITICAL] CWE-121 CVE-2017-15101: A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of lib A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

CVE-2016-9603 [CRITICAL] CWE-122 CVE-2016-9603: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver s A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute a

CVE-2017-2640 [CRITICAL] CWE-787 CVE-2017-2640: An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malic An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

CVE-2017-2620 [CRITICAL] CWE-787 CVE-2017-2620: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of th

CVE-2017-12151 [HIGH] CWE-300 CVE-2017-12151: A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encr A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

CVE-2016-9578 [HIGH] CWE-20 CVE-2016-9578: A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacke A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

CVE-2016-9577 [HIGH] CWE-20 CVE-2016-9577: A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authent A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

CVE-2017-12173 [HIGH] CWE-20 CVE-2017-12173: It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requ It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

CVE-2017-2590 [HIGH] CWE-732 CVE-2017-2590: A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did no A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and de