Enterprise Linux Server AUS

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-31	CVE-2018-1000001	Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. local low complexity gnu canonical redhat CWE-787	7.8
2018-01-26	CVE-2018-5750	Information Exposure vulnerability in multiple products The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. local low complexity linux debian canonical redhat CWE-200	5.5
2018-01-25	CVE-2018-5748	Resource Exhaustion vulnerability in multiple products qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. network low complexity redhat debian CWE-400	7.5
2018-01-24	CVE-2018-1000007	libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. network low complexity haxx debian canonical redhat fujitsu critical	9.8
2018-01-23	CVE-2018-5683	Out-of-bounds Read vulnerability in multiple products The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. local low complexity qemu debian redhat canonical CWE-125	6.0
2018-01-23	CVE-2018-5950	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. network low complexity gnu debian canonical redhat CWE-79	6.1
2018-01-18	CVE-2018-2678	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network low complexity oracle redhat debian canonical schneider-electric hp	4.3
2018-01-18	CVE-2018-2677	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). network low complexity oracle redhat debian canonical schneider-electric hp	4.3
2018-01-18	CVE-2018-2668	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). network low complexity oracle mariadb debian canonical netapp redhat	6.5
2018-01-18	CVE-2018-2665	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). network low complexity oracle mariadb debian canonical netapp redhat	6.5