CVE Summary
The following CVE are available for all releases offered through Unbreakable Linux Network (ULN).
Synopsis
CVE-2018-2633Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded:\ 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).2018-02-26
CVE-2018-2629Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded:\ 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).2018-02-26
CVE-2018-2618Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded:\ 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).2018-02-26
CVE-2018-2603Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded:\ 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).2018-02-26
CVE-2018-2602Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).2018-02-26
CVE-2018-2599Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded:\ 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).2018-02-26
CVE-2018-2588Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded:\ 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).2018-02-26
CVE-2018-2582 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-01-16
CVE-2018-2579Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded:\ 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).2018-02-26
CVE-2018-1068A flaw was found in the Linux 4.x kernel's implementation of 32-bitsyscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.2018-04-17
CVE-2018-1063Context relabeling of filesystems is vulnerable to symbolic linkattack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.2018-04-12
CVE-2018-1054An out-of-bounds memory read flaw was found in the way 389-ds-basehandled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.2018-03-13
CVE-2018-1049 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-05-09
CVE-2018-1000004In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions arace condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.2018-04-12
CVE-2018-1000001In glibc 2.26 and earlier there is confusion in the usage of getcwd()by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.2018-04-12
CVE-2017-9800 A maliciously constructed svn+ssh:// URL would cause Subversionclients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. 2017-08-10
CVE-2017-9798Apache httpd allows remote attackers to read secret data from processmemory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.2017-09-18
CVE-2017-9788 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the valueplaceholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. 2017-07-11
CVE-2017-9776Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc inpdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.2017-06-21
CVE-2017-9775Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.2017-06-21
CVE-2017-9725In all Qualcomm products with Android releases from CAF using theLinux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.2018-04-12
CVE-2017-9524 The qemu-nbd server in QEMU (aka Quick Emulator), when built with theNetwork Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. 2017-05-26
CVE-2017-9462In Mercurial before 4.1.3, hg serve --stdio allows remoteauthenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. 2017-04-18
CVE-2017-9461 smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial ofservice vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. 2017-02-16
CVE-2017-9287 servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone toa double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. 2017-05-17
CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linuxkernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. 2017-05-19
CVE-2017-9148The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. 2017-05-08
CVE-2017-9077The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linuxkernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-10
CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linuxkernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. 2017-05-10
CVE-2017-9075The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linuxkernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-17
CVE-2017-9074The IPv6 fragmentation implementation in the Linux kernel through4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.2018-02-26
CVE-2017-8932 A bug in the standard library ScalarMult implementation of curve P-256for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. 2017-05-23
CVE-2017-8905Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback,which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. 2017-05-02
CVE-2017-8904Xen through 4.8.x mishandles the contains2017-05-02
CVE-2017-8903Xen through 4.8.x on 64-bit platforms mishandles page tables after anIRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. 2017-05-02
CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c inthe Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. 2017-05-09
CVE-2017-8831The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.cin the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a double2017-04-24
CVE-2017-8824The dccp_disconnect function in net/dccp/proto.c in the Linux kernelthrough 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.2018-04-12
CVE-2017-8797 The NFSv4 server in the Linux kernel before 4.11.3 does not properlyvalidate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. 2017-06-27
CVE-2017-8779rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. 2017-05-03
CVE-2017-8422KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users togain root privileges by spoofing a callerID and leveraging a privileged helper app. 2017-05-10
CVE-2017-8386 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. 2017-05-05
CVE-2017-8291Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass andremote command execution via .rsdparams type confusion with a /OutputFile (%pipe% substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. 2017-04-26
CVE-2017-7980 Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in QuickEmulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. 2017-03-15
CVE-2017-7895The NFSv2 and NFSv3 server implementations in the Linux kernel through4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.2017-04-28
CVE-2017-7890The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c inthe GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.2018-03-07
CVE-2017-7889The mm subsystem in the Linux kernel through 4.10.10 does not properlyenforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.2017-04-05
CVE-2017-7870 LibreOffice before 2017-01-02 has an out-of-bounds write caused by aheap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. 2017-01-10
CVE-2017-7869 GnuTLS before 2017-02-20 has an out-of-bounds write caused by aninteger overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. 2017-04-14
CVE-2017-7848 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-12-22
Previous51 - 100Next

Copyright (c) 2015, 2017, Oracle Corporation. All Rights Reserved.