Enterprise Linux Server AUS

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-09	CVE-2019-7664	Out-of-bounds Write vulnerability in multiple products In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. local low complexity elfutils-project redhat CWE-787	5.5
2019-02-06	CVE-2019-7548	SQL Injection vulnerability in multiple products SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. local low complexity sqlalchemy debian opensuse redhat oracle CWE-89	7.8
2019-02-05	CVE-2018-18506	When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. network high complexity mozilla canonical debian redhat opensuse	5.9
2019-02-05	CVE-2018-18505	Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. network low complexity mozilla canonical debian redhat CWE-287 critical	10.0
2019-02-05	CVE-2018-18501	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. network low complexity mozilla canonical debian redhat CWE-119 critical	9.8
2019-02-05	CVE-2018-18500	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. network low complexity mozilla canonical debian redhat CWE-416 critical	9.8
2019-02-04	CVE-2019-3813	Off-by-one Error vulnerability in multiple products Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. high complexity spice-project redhat debian canonical CWE-193	7.5
2019-02-03	CVE-2019-7310	Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. local low complexity freedesktop canonical debian fedoraproject redhat CWE-681	7.8
2019-01-31	CVE-2019-6111	Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. network high complexity openbsd winscp canonical debian redhat fedoraproject apache freebsd fujitsu siemens CWE-22	5.9
2019-01-31	CVE-2019-6109	Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. network high complexity openbsd winscp canonical debian netapp fedoraproject redhat siemens fujitsu CWE-116	6.8