Enterprise Linux Server AUS

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-23	CVE-2018-1126	Integer Overflow or Wraparound vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. network low complexity procps-ng-project canonical debian redhat schneider-electric CWE-190 critical	9.8
2018-05-22	CVE-2018-3639	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. local low complexity intel arm redhat debian canonical siemens oracle mitel sonicwall schneider-electric nvidia microsoft CWE-203	5.5
2018-05-15	CVE-2018-1087	kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. local low complexity linux canonical debian redhat	7.8
2018-05-02	CVE-2018-10675	Use After Free vulnerability in multiple products The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. local low complexity linux redhat canonical CWE-416	7.8
2018-04-26	CVE-2018-10393	Out-of-bounds Read vulnerability in multiple products bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. network low complexity xiph-org debian redhat CWE-125	7.5
2018-04-26	CVE-2018-10392	Out-of-bounds Write vulnerability in multiple products mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. network low complexity xiph-org debian redhat CWE-787	8.8
2018-04-24	CVE-2017-2885	Out-of-bounds Write vulnerability in multiple products An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. network low complexity gnome debian redhat CWE-787 critical	9.8
2018-04-23	CVE-2018-1106	Improper Authentication vulnerability in multiple products An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. local low complexity packagekit-project redhat canonical debian CWE-287	5.5
2018-04-23	CVE-2017-17833	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. network low complexity openslp debian canonical redhat lenovo CWE-119 critical	9.8
2018-04-19	CVE-2018-2819	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). network low complexity oracle mariadb canonical debian redhat netapp	6.5