Enterprise Linux EUS

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-13	CVE-2018-11806	Out-of-bounds Write vulnerability in multiple products m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. local low complexity qemu canonical redhat debian CWE-787	8.2
2018-06-11	CVE-2017-7847	Information Exposure vulnerability in multiple products Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. network low complexity debian redhat mozilla CWE-200	4.3
2018-06-11	CVE-2017-7829	Improper Input Validation vulnerability in multiple products It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. network low complexity mozilla redhat debian canonical CWE-20	5.3
2018-06-11	CVE-2017-7824	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. network low complexity redhat debian mozilla CWE-119 critical	9.8
2018-06-11	CVE-2016-9901	Improper Input Validation vulnerability in multiple products HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. network low complexity redhat mozilla CWE-20 critical	9.8
2018-05-22	CVE-2018-3639	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. local low complexity intel arm redhat debian canonical siemens oracle mitel sonicwall schneider-electric nvidia microsoft CWE-203	5.5
2018-04-26	CVE-2018-10393	Out-of-bounds Read vulnerability in multiple products bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. network low complexity xiph-org debian redhat CWE-125	7.5
2018-04-26	CVE-2018-10392	Out-of-bounds Write vulnerability in multiple products mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. network low complexity xiph-org debian redhat CWE-787	8.8
2018-04-19	CVE-2018-2819	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). network low complexity oracle mariadb canonical debian redhat netapp	6.5
2018-04-19	CVE-2018-2817	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). network low complexity oracle canonical debian redhat mariadb netapp	6.5