Enterprise Linux Desktop

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-07	CVE-2018-19058	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Poppler 0.71.0. network low complexity freedesktop canonical debian redhat CWE-670	6.5
2018-11-02	CVE-2018-18897	Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. network low complexity freedesktop debian canonical redhat CWE-772	6.5
2018-10-31	CVE-2016-2125	Improper Input Validation vulnerability in multiple products It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. low complexity samba redhat CWE-20	6.5
2018-10-26	CVE-2018-15688	Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. low complexity systemd-project debian canonical redhat CWE-120	8.8
2018-10-25	CVE-2018-14665	Incorrect Authorization vulnerability in multiple products A flaw was found in xorg-x11-server before 1.20.3. low complexity x-org redhat canonical debian CWE-863	6.6
2018-10-23	CVE-2018-18585	NULL Pointer Dereference vulnerability in multiple products chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). network low complexity kyzer debian redhat canonical suse starwindsoftware CWE-476	4.3
2018-10-22	CVE-2018-18559	Use After Free vulnerability in multiple products In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. network high complexity linux redhat CWE-416	8.1
2018-10-19	CVE-2018-18284	Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. local low complexity artifex debian canonical redhat pulsesecure	8.6
2018-10-19	CVE-2018-18521	Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. local low complexity elfutils-project debian redhat opensuse canonical CWE-369	5.5
2018-10-19	CVE-2018-18520	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. network low complexity elfutils-project debian canonical opensuse redhat CWE-119	6.5