Redhat Enterprise Linux Server Eus vulnerabilities

CVE-2018-16542 [MEDIUM] CWE-787 CVE-2018-16542: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insu In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

CVE-2018-16541 [MEDIUM] CWE-416 CVE-2018-16541: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

CVE-2018-16539 [MEDIUM] CWE-200 CVE-2018-16539: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

CVE-2018-14622 [HIGH] CWE-252 CVE-2018-14622: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new conne

CVE-2018-15911 [HIGH] CWE-908 CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

CVE-2018-15909 [HIGH] CWE-704 CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

CVE-2018-15910 [HIGH] CWE-704 CVE-2018-15910: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a ty In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

CVE-2018-15908 [HIGH] CVE-2018-15908: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript fil In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

CVE-2015-5160 [MEDIUM] CWE-200 CVE-2015-5160: libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

CVE-2018-10873 [HIGH] CWE-119 CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for dema A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

CVE-2018-10915 [HIGH] CWE-89 CVE-2018-10915: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to prop A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher pri

CVE-2018-5390 [HIGH] CWE-400 CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() an Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVE-2016-9583 [HIGH] CWE-125 CVE-2016-9583: An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper befor An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

CVE-2016-9573 [HIGH] CWE-125 CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Convertin An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

CVE-2016-8654 [HIGH] CWE-122 CVE-2016-8654: A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allo A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

CVE-2016-8635 [MEDIUM] CWE-358 CVE-2016-8635: It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

CVE-2017-7518 [HIGH] CWE-250 CVE-2017-7518: A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the tra A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux

CVE-2017-15101 [CRITICAL] CWE-121 CVE-2017-15101: A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of lib A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

CVE-2016-9603 [CRITICAL] CWE-122 CVE-2016-9603: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver s A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute a

CVE-2017-2640 [CRITICAL] CWE-787 CVE-2017-2640: An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malic An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.