CVE Summary
The following CVE are available for all releases offered through Unbreakable Linux Network (ULN).
Synopsis
CVE-2019-9796** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-20
CVE-2019-9795** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-20
CVE-2019-9793** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-20
CVE-2019-9792** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-20
CVE-2019-9791** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-20
CVE-2019-9790** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-20
CVE-2019-9788** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-20
CVE-2019-8308Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /procin the apply_extra script sandbox, which allows attackers to modify a host-side executable file.2019-02-12
CVE-2019-6778** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-02-22
CVE-2019-6486Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.2019-01-24
CVE-2019-6454** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-02-19
CVE-2019-6133In PolicyKit (aka polkit) 0.115, the start time protection mechanismcan be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.2019-01-11
CVE-2019-6116** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-01-31
CVE-2019-5785** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-02-19
CVE-2019-5736runc through 1.0-rc6, as used in Docker before 18.09.2 and otherproducts, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.2019-02-11
CVE-2019-5489The mincore() implementation in mm/mincore.c in the Linux kernelthrough 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.2019-01-07
CVE-2019-3838** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-21
CVE-2019-3835** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-21
CVE-2019-3815A memory leak was discovered in the backport of fixes forCVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.2019-01-28
CVE-2019-3813** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-01-31
CVE-2019-3804** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-12
CVE-2019-2422Vulnerability in the Java SE component of Oracle Java SE(subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note:\ This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).2019-01-16
CVE-2019-0816** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2019-03-18
CVE-2018-9568In sk_clone_lock of sock.c, there is a possible memory corruption dueto type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android2018-12-06
CVE-2018-9516In hid_debug_events_read of drivers/hid/hid-debug.c, there is apossible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product:\ Android Versions: Android kernel Android ID: A-71361580.2018-11-06
CVE-2018-9363In the hidp_process_report in bluetooth, there is an integer overflow.This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-658535882018-11-06
CVE-2018-8945The bfd_section_from_shdr function in elf.c in the Binary FileDescriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.2018-03-22
CVE-2018-8897A statement in the System Programming Guide of the Intel 64 and IA-32Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.2018-05-08
CVE-2018-8781The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linuxkernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.2018-04-23
CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. 2018-07-30
CVE-2018-8043The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c inthe Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).2018-03-10
CVE-2018-7995** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-03-09
CVE-2018-7858Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGAEmulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.2018-03-12
CVE-2018-7757Memory leak in the sas_smp_get_phy_events function indrivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.2018-03-08
CVE-2018-7755An issue was discovered in the fd_locked_ioctl function indrivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.2018-03-08
CVE-2018-7750 transport.py in the SSH server implementation of Paramiko before1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. 2018-07-30
CVE-2018-7740The resv_map_release function in mm/hugetlb.c in the Linux kernelthrough 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.2018-03-07
CVE-2018-7727An issue was discovered in ZZIPlib 0.13.68. There is a memory leaktriggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.2018-03-06
CVE-2018-7726An issue was discovered in ZZIPlib 0.13.68. There is a bus error causedby the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-03-06
CVE-2018-7725An issue was discovered in ZZIPlib 0.13.68. An invalid memory addressdereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.2018-03-06
CVE-2018-7643The display_debug_ranges function in dwarf.c in GNU Binutils 2.30allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.2018-03-02
CVE-2018-7642The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.2018-03-02
CVE-2018-7569dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), asdistributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.2018-02-28
CVE-2018-7568The parse_die function in dwarf1.c in the Binary File Descriptor (BFD)library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.2018-02-28
CVE-2018-7566The Linux kernel 4.15 has a Buffer Overflow via anSNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.2018-03-30
CVE-2018-7550The load_multiboot function in hw/i386/multiboot.c in Quick Emulator(aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.2018-03-01
CVE-2018-7549In params.c in zsh through 5.4.2, there is a crash during a copy of anempty hash table, as demonstrated by typeset -p.2018-02-27
CVE-2018-7541An issue was discovered in Xen through 4.10.x allowing guest OS usersto cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.2018-02-27
CVE-2018-7540An issue was discovered in Xen through 4.10.x allowing x86 PV guest OSusers to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.2018-02-27
CVE-2018-7492A NULL pointer dereference was found in the net/rds/rdma.c__rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.2018-02-26
1 - 50Next

Copyright (c) 2015, 2018, Oracle Corporation. All Rights Reserved.