Enterprise Linux Server AUS

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-17	CVE-2018-14354	OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. network low complexity mutt neomutt canonical debian redhat CWE-78 critical	9.8
2018-07-10	CVE-2018-3693	Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. local high complexity intel arm oracle schneider-electric netapp redhat fujitsu	5.6
2018-07-06	CVE-2018-13405	Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. local low complexity linux debian canonical fedoraproject redhat f5 CWE-269	7.8
2018-07-03	CVE-2017-2615	Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. network low complexity qemu redhat citrix debian xen critical	9.1
2018-06-13	CVE-2018-10850	Race Condition vulnerability in multiple products 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. network high complexity fedoraproject redhat debian CWE-362	5.9
2018-06-13	CVE-2018-11806	Out-of-bounds Write vulnerability in multiple products m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. local low complexity qemu canonical redhat debian CWE-787	8.2
2018-06-11	CVE-2018-5185	Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. network low complexity redhat debian canonical mozilla CWE-311	6.5
2018-06-11	CVE-2018-5184	Inadequate Encryption Strength vulnerability in multiple products Using remote content in encrypted messages can lead to the disclosure of plaintext. network low complexity debian mozilla canonical redhat CWE-326	7.5
2018-06-11	CVE-2018-5183	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers backported selected changes in the Skia library. network low complexity redhat debian canonical mozilla CWE-119 critical	9.8
2018-06-11	CVE-2018-5178	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. network high complexity debian mozilla canonical redhat CWE-119	8.1