Redhat Enterprise Linux Workstation vulnerabilities

CVE-2018-2798 [MEDIUM] CVE-2018-2798: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: A Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Jav

CVE-2018-2790 [LOW] CVE-2018-2790: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu

CVE-2018-10194 [HIGH] CWE-119 CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Gho The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

CVE-2018-6797 [CRITICAL] CWE-787 CVE-2018-6797: An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-bas An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

CVE-2018-6798 [HIGH] CWE-125 CVE-2018-6798: An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expre An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

CVE-2018-10119 [HIGH] CWE-416 CVE-2018-10119: sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrec sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper f

CVE-2018-10120 [HIGH] CWE-129 CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a

CVE-2018-1100 [HIGH] CWE-120 CVE-2018-1100: zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpat zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.

CVE-2018-1000156 [HIGH] CWE-20 CVE-2018-1000156: GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, spec GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common anc

CVE-2017-7000 [HIGH] CWE-119 CVE-2017-7000: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2018-4117 [MEDIUM] CWE-200 CVE-2018-4117: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy an

CVE-2018-1094 [MEDIUM] CWE-476 CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.

CVE-2018-7566 [HIGH] CWE-119 CVE-2018-7566: The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write opera The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

CVE-2018-1083 [HIGH] CWE-120 CVE-2018-1083: Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functio Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to

CVE-2018-1312 [CRITICAL] CWE-287 CVE-2018-1312: In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

CVE-2018-8976 [MEDIUM] CWE-125 CVE-2018-8976: In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::I In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

CVE-2018-1000140 [CRITICAL] CWE-787 CVE-2018-1000140: rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

CVE-2018-8905 [HIGH] CWE-787 CVE-2018-8905: In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c v In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.

CVE-2018-8945 [MEDIUM] CWE-20 CVE-2018-8945: The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd) The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

CVE-2018-8088 [CRITICAL] CVE-2018-8088: org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote att org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.