Enterprise Linux Server AUS

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-04	CVE-2017-5333	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. network icoutils-project redhat canonical debian opensuse CWE-190	6.8
2019-11-04	CVE-2017-5332	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. network icoutils-project redhat canonical debian opensuse CWE-119	6.8
2019-10-31	CVE-2019-5010	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. network low complexity python opensuse debian redhat CWE-476	7.5
2019-10-28	CVE-2019-11043	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. network low complexity php canonical debian fedoraproject tenable redhat CWE-787 critical	9.8
2019-10-17	CVE-2019-14287	Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. network low complexity sudo-project fedoraproject debian opensuse canonical netapp redhat CWE-755	8.8
2019-10-16	CVE-2019-2999	Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). network high complexity oracle redhat netapp debian opensuse canonical	4.7
2019-10-16	CVE-2019-2992	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). network high complexity oracle redhat netapp debian canonical opensuse	3.7
2019-10-16	CVE-2019-2988	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). network high complexity oracle netapp debian canonical opensuse redhat	3.7
2019-10-16	CVE-2019-2983	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). network high complexity oracle redhat netapp debian opensuse canonical	3.7
2019-10-16	CVE-2019-2981	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). network high complexity oracle redhat netapp debian opensuse canonical	3.7