Improper Access Control

The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged us...

Out-Of-Bounds Read

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

Information Disclosure

php is vulnerable to information disclosure. The vulnerability exists as the phpinfo implementation in ext/standard/info.c does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF...

Arbitrary Code Execution

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Privilege Escalation

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

Denial Of Service (DoS)

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One ASN.1 parsing and structures management, and Distinguished Encoding Rules DER...

Denial Of Service (DoS) Through A Race Condition

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU Last-Recently Used list under certai...

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled...

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

Unauthorized Access

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

Sandbox Restrictions Bypass

OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger...

Denial Of Service (DoS)

Tcl Tool Command Language provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of...

Spoofing Vulnerability

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Information Disclosure

kernel-rt is vulnerable to information disclosure. Local users are able to obtain confidential information from the kernel stack memory via recvfrom or recvmsgsystem call on an RDS socket. due to failure to initialize certain structure member in the rdsrecvmsg function in net/rds/recv.c...

Authorization Bypass

libxslt.so is vulnerable to authorization bypass. The callers of xsltCheckRead and xsltCheckWrite allow access upon receiving a -1 error code, which is invalid for a URL but is subsequently loaded...

Cross-Site Request Forgery (CSRF)

wordpress is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it does not have any CSRF protections in place to prevent forged request when posting comments. Moreover, a lack of comment content filtering when an administrative user posts a comment, allows a remote attack...

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. A local attacker is able to cause a kernel panic by sending a malicious DBUS message which would cause a stack-based buffer overflow in the function busprocessobject in bus-objects.c...

Arbitrary Command Execution

ghostscript is vulnerable to arbitrary command execution. An incomplete fix for CVE-2018-16509 allows an attacker to exploit another variant of the vulnerability and bypass the -dSAFER protection to execute arbitrary command via malicious PostScript documents...

Information Disclosure

Linux kernel that is built with CONFIGPOSIXTIMERES and CONFIGCHECKPOINTRESTORE is vulnerable to information disclosure. An out-of-bounds access in the showtimer function in the timercreate syscall implementation in kernel/time/posix-timers.c allows userspace applications to read arbitrary kernel...

Arbitrary Code Execution

patch is vulnerable to arbitrary code execution attacks. The vulnerability exists as GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitabl...

ASLR Bypass

kernel-rt is vulnerable to ASLR bypass attacks. The vulnerability exists as the archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the...

Information Disclosure

ansible is vulnerable to information disclosure. The application doesn't properly enforce the nolog flag, meaning that sensitive information that has been passed to the task will be logged by the system. This allows a malicious user with access to the logs can gain access to this sensitive...

Remote Code Execution (RCE)

rh-git29-git is vulnerable to remote code execution RCE attacks. The vulnerability exists as a malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a U...

TLS Session Resumption Client Certificate Bypass

libcurl.so is vulnerable to TLS session resumption client certificate bypass attacks. The vulnerability exists in Curlclonesslconfig of lib/vtls/vtls.c where libcurl.so does not prevent the TLS session resumption if the client certificate has been replaced...

Denial Of Service (DoS)

commons-fileupload is vulnerable to denial of service attacks. The vulnerability can be triggered because the HTTP server does not properly filter the file upload requests which has the size of MIME boundary close to the size of the buffer in MultipartStream...

Privilege Escalation

kernel-rt is vulnerable to privilege escalation attacks. The vulnerability exists as arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges...

Authorization Bypass

kernel-rt is vulnerable to authorization bypass attacks. The vulnerability exists as the Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability...

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of servi...

Denial Of Service (DoS)

Linux kernel-rt is vulnerable to denial of service. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate th...

Authorization Bypass

httpd24-httpd is vulnerable to authorization bypass attacks. The vulnerability exists as the modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding...

Authorization Bypass

hplip is vulnerable to authorization bypass. The checkpermissionv1 function in base/pkit.py does not properly use D-Bus for communications with a polkit authority. A race condition in the PolkitUnixProcess PolkitSubject allows a local user to bypass access restrictions via a setuid or pkexec...

Authorization Bypass

gnutls is vulnerable to authorization bypass attacks. The vulnerability exists as GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a...

Denial Of Service

The httpd packages is susceptible to a denial of service. The vulnerability is possible due to a NULL pointer dereference flaw in the modcache httpd module. A malicious HTTP server causes the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

Denial Of Service (Dos)

libxml2 is vulnerable to denial of service. An attacker is able to crash the application via a malicious XML document containing malformed XPath expressions...

Denial Of Service (DoS)

GnuTLS is vulnerable to denial of service. A buffer over-read occurs in the gnutlsciphertext2compressed function in lib/gnutlscipher.c when CBC-mode cipher suites are used. This allows a remote attacker to crash the process via a crafted padding length...

XML External Entity (XXE) To Read Files

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

Denial Of Service (DoS)

openjpeg is vulnerable to denial of service. A remote attacker is able to crash the process, or potentially execute arbitrary code in the context of the process worker, via a malicious OpenJPEG image to cause a heap-based buffer overflow...

Remote Code Execution (RCE)

php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...

Denial Of Service (DoS)

openipmi is vulnerable to denial of service DoS attacks. The vulnerability exists as ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid...

Denial Of Service (DoS)

node is vulnerable to denial of service DoS attacks. The vulnerability exists when a malicious user sends headers while keeping HTTP/HTTPS connections alive for a long period of time...

Cross-site Scripting (XSS)

tomcat-http is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the assumption that the Accept-Language header value received conforms to RFC 2616, allowing XSS attacks...

Directory Traversal

tomcat-util is vulnerable to directory traversal attacks. The vulnerability exists due to the ability to include ../, ..\, and ..%5C characters in the URL, allowing directory traversal attacks...

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. A malicious DHCP server in the adjacent network is able to corrupt heap memory in the DHCPv6 client via a crafted options packet, resulting in a denial of service condition or possible code execution...

Sensitive Information Leakage

IdentityServer3 is vulnerable to sensitive information leakage. The leakage of identityserver responses is possible because there is a flaw in Angular expression on the authorize response page...

Denial Of Service (DoS)

libcurl.so is vulnerable to denial of service DoS attacks. The attacks exist due to performing multiplication without validating the size of buffer allocation causing an out-of-bounds write...

Denial Of Service (DoS)

libgd.so is vulnerable to denial of service DoS attacks. The library contains a memory leak during interpolation, allowing a malicious user to cause a DoS condition by calling the gdImageScaleTwoPass function in gdinterpolation.c...