Redhat Enterprise Linux Server Aus vulnerabilities

CVE-2018-1000001 [HIGH] CWE-787 CVE-2018-1000001: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be use In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

CVE-2018-5750 [MEDIUM] CWE-200 CVE-2018-5750: The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows lo The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

CVE-2018-5748 [HIGH] CWE-400 CVE-2018-5748: qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) vi qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

CVE-2018-1000007 [CRITICAL] CVE-2018-1000007: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` respo

CVE-2018-5950 [MEDIUM] CWE-79 CVE-2018-5950: Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attack Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

CVE-2018-5683 [MEDIUM] CWE-125 CVE-2018-5683: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of servi The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

CVE-2018-2633 [HIGH] CVE-2018-2633: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,

CVE-2018-2637 [HIGH] CVE-2018-2637: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,

CVE-2018-2562 [HIGH] CVE-2018-2562: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supp Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera

CVE-2018-2668 [MEDIUM] CVE-2018-2668: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner

CVE-2018-2599 [MEDIUM] CVE-2018-2599: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java S

CVE-2018-2678 [MEDIUM] CVE-2018-2678: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,

CVE-2018-2602 [MEDIUM] CVE-2018-2602: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Sup Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Jav

CVE-2018-2588 [MEDIUM] CVE-2018-2588: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE,

CVE-2018-2641 [MEDIUM] CVE-2018-2641: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successf

CVE-2018-2603 [MEDIUM] CVE-2018-2603: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Jav

CVE-2018-2622 [MEDIUM] CVE-2018-2622: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit

CVE-2018-2663 [MEDIUM] CVE-2018-2663: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Jav

CVE-2018-2618 [MEDIUM] CVE-2018-2618: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE

CVE-2018-2677 [MEDIUM] CVE-2018-2677: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful