Redhat Enterprise Linux Server Eus vulnerabilities

CVE-2017-2620 [CRITICAL] CWE-787 CVE-2017-2620: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of th

CVE-2017-12151 [HIGH] CWE-300 CVE-2017-12151: A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encr A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

CVE-2016-9578 [HIGH] CWE-20 CVE-2016-9578: A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacke A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

CVE-2016-9577 [HIGH] CWE-20 CVE-2016-9577: A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authent A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

CVE-2017-12173 [HIGH] CWE-20 CVE-2017-12173: It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requ It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

CVE-2017-2590 [HIGH] CWE-732 CVE-2017-2590: A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did no A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and de

CVE-2017-2618 [MEDIUM] CWE-193 CVE-2017-2618: A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr fil A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

CVE-2017-2633 [MEDIUM] CWE-120 CVE-2017-2633: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC disp An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

CVE-2017-15097 [MEDIUM] CWE-59 CVE-2017-15097: Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attack Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

CVE-2017-2626 [MEDIUM] CWE-331 CVE-2017-2626: It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

CVE-2017-2625 [MEDIUM] CWE-331 CVE-2017-2625: It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. O It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

CVE-2017-2616 [MEDIUM] CWE-267 CVE-2017-2616: A race condition was found in util-linux before 2.32.1 in the way su handled the management of child A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

CVE-2017-18344 [MEDIUM] CWE-125 CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.1 The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel bui

CVE-2018-14362 [CRITICAL] CWE-119 CVE-2018-14362: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid c An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

CVE-2018-14357 [CRITICAL] CWE-78 CVE-2018-14357: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

CVE-2018-14354 [CRITICAL] CWE-78 CVE-2018-14354: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

CVE-2018-3693 [MEDIUM] CVE-2018-3693: Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

CVE-2017-2615 [CRITICAL] CWE-787 CVE-2017-2615: Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-o Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privi

CVE-2018-10850 [MEDIUM] CWE-362 CVE-2018-10850: 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-ba 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

CVE-2017-7786 [CRITICAL] CWE-119 CVE-2017-7786: A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.