Element Software

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-16	CVE-2017-3138	Reachable Assertion vulnerability in multiple products named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. network high complexity isc netapp debian CWE-617	5.3
2019-01-16	CVE-2017-3137	Reachable Assertion vulnerability in multiple products Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. network low complexity isc redhat netapp debian CWE-617	7.5
2019-01-16	CVE-2017-3136	Reachable Assertion vulnerability in multiple products A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. network high complexity isc redhat netapp debian CWE-617	5.9
2019-01-14	CVE-2018-16888	Improper Privilege Management vulnerability in multiple products It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. local high complexity systemd-project redhat canonical netapp CWE-269	4.7
2019-01-11	CVE-2018-16866	Out-of-bounds Read vulnerability in multiple products An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. local low complexity systemd-project debian canonical netapp redhat CWE-125	3.3
2019-01-10	CVE-2018-20685	Incorrect Authorization vulnerability in multiple products In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . network high complexity openbsd winscp netapp debian canonical redhat oracle fujitsu siemens CWE-863	5.3
2018-10-29	CVE-2018-0735	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. network high complexity openssl canonical debian nodejs netapp oracle CWE-327	5.9
2018-09-21	CVE-2018-16597	Incorrect Authorization vulnerability in multiple products An issue was discovered in the Linux kernel before 4.8. local low complexity linux netapp opensuse CWE-863	5.5
2018-09-19	CVE-2018-17182	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 4.18.8. local low complexity linux canonical debian netapp CWE-416	7.8
2018-06-26	CVE-2017-7657	HTTP Request Smuggling vulnerability in multiple products In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. network low complexity eclipse debian netapp hp oracle CWE-444 critical	9.8