Redhat Enterprise Linux Server Eus vulnerabilities

CVE-2018-3139 [LOW] CVE-2018-3139: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Success

CVE-2018-3136 [LOW] CVE-2018-3136: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu

CVE-2018-17961 [HIGH] CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via v Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

CVE-2018-18073 [MEDIUM] CWE-200 CVE-2018-18073: Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

CVE-2018-1000805 [HIGH] CWE-863 CVE-2018-1000805: Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Contr Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

CVE-2018-17456 [CRITICAL] CWE-88 CVE-2018-17456: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

CVE-2018-11784 [MEDIUM] CWE-601 CVE-2018-11784: When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

CVE-2018-17972 [MEDIUM] CWE-362 CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

CVE-2018-14650 [MEDIUM] CWE-732 CVE-2018-14650: It was discovered that sos-collector does not properly set the default permissions of newly created It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

CVE-2018-14634 [HIGH] CWE-190 CVE-2018-14634: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileg An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

CVE-2018-17183 [HIGH] CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used b Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.

CVE-2018-11781 [HIGH] CWE-94 CVE-2018-11781: Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

CVE-2018-14638 [HIGH] CWE-400 CVE-2018-14638: A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_pa A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.

CVE-2018-16802 [HIGH] CVE-2018-16802: An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" che An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

CVE-2016-7035 [HIGH] CWE-285 CVE-2016-7035: An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

CVE-2018-14624 [HIGH] CWE-20 CVE-2018-14624: A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The l A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.

CVE-2018-5391 [HIGH] CWE-400 CVE-2018-5391: The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of speci The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current

CVE-2018-16511 [HIGH] CWE-704 CVE-2018-16511: An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be use An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

CVE-2018-16540 [HIGH] CWE-416 CVE-2018-16540: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

CVE-2018-16509 [HIGH] CWE-184 CVE-2018-16509: An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" che An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.