Redhat Enterprise Linux Server Tus vulnerabilities

CVE-2018-5146 [HIGH] CWE-787 CVE-2018-5146: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own co An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2018-5162 [HIGH] CWE-311 CVE-2018-5162: Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vu Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVE-2018-5185 [MEDIUM] CWE-311 CVE-2018-5185: Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerabili Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVE-2018-5161 [MEDIUM] CWE-20 CVE-2018-5161: Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulne Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVE-2018-5170 [MEDIUM] CWE-20 CVE-2018-5170: It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVE-2018-5168 [MEDIUM] CVE-2018-5168: Sites can bypass security checks on permissions to install lightweight themes by manipulating the "b Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and F

CVE-2018-12020 [HIGH] CWE-706 CVE-2018-12020: mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed character

CVE-2018-1000199 [MEDIUM] CWE-119 CVE-2018-1000199: The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoin The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad

CVE-2018-1126 [CRITICAL] CVE-2018-1126: procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading t procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

CVE-2018-3639 [MEDIUM] CWE-203 CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory rea Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVE-2018-1087 [HIGH] CWE-250 CVE-2018-1087: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and e

CVE-2018-10675 [HIGH] CWE-416 CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

CVE-2018-10393 [HIGH] CWE-125 CVE-2018-10393: bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

CVE-2018-10392 [HIGH] CWE-125 CVE-2018-10392: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

CVE-2017-2885 [CRITICAL] CWE-787 CVE-2017-2885: An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A special An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

CVE-2017-17833 [CRITICAL] CWE-119 CVE-2017-17833: OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue whi OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

CVE-2018-1106 [MEDIUM] CWE-287 CVE-2018-1106: An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without a An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

CVE-2018-2794 [HIGH] CVE-2018-2794: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supporte Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful

CVE-2018-2755 [HIGH] CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful a

CVE-2018-2814 [HIGH] CVE-2018-2814: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful