Redhat Enterprise Linux Workstation vulnerabilities

CVE-2018-14599 [CRITICAL] CWE-193 CVE-2018-14599: An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulner An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

CVE-2018-10858 [HIGH] CWE-20 CVE-2018-10858: A heap-buffer overflow was found in the way samba clients processed extra long filename in a directo A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVE-2018-1139 [HIGH] CWE-20 CVE-2018-1139: A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authenticati A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

CVE-2018-10846 [MEDIUM] CWE-385 CVE-2018-10846: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM at A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

CVE-2018-10844 [MEDIUM] CWE-385 CVE-2018-10844: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

CVE-2018-10845 [MEDIUM] CWE-385 CVE-2018-10845: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

CVE-2018-10902 [HIGH] CWE-416 CVE-2018-10902: It was found that the raw midi kernel driver does not protect against concurrent access which leads It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.

CVE-2018-1517 [HIGH] CWE-20 CVE-2018-1517: A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.

CVE-2015-5160 [MEDIUM] CWE-200 CVE-2015-5160: libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

CVE-2018-1656 [MEDIUM] CWE-22 CVE-2018-1656: The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Techn The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.

CVE-2018-10873 [HIGH] CWE-119 CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for dema A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

CVE-2018-15473 [MEDIUM] CWE-362 CVE-2018-15473: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVE-2018-10915 [HIGH] CWE-89 CVE-2018-10915: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to prop A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher pri

CVE-2018-5390 [HIGH] CWE-400 CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() an Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVE-2018-1336 [HIGH] CWE-835 CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an in An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

CVE-2015-9262 [CRITICAL] CWE-119 CVE-2015-9262: _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause deni _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

CVE-2018-10897 [HIGH] CWE-59 CVE-2018-10897: A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sani A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on

CVE-2016-9579 [HIGH] CWE-20 CVE-2016-9579: A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

CVE-2016-9583 [HIGH] CWE-125 CVE-2016-9583: An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper befor An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

CVE-2016-9573 [HIGH] CWE-125 CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Convertin An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.