Enterprise Linux Server EUS

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-09	CVE-2017-3139	Reachable Assertion vulnerability in Redhat products A denial of service flaw was found in the way BIND handled DNSSEC validation. network low complexity redhat CWE-617	5.0
2019-03-26	CVE-2019-3878	Improper Authentication vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. network high complexity mod-auth-mellon-project fedoraproject redhat canonical CWE-287	8.1
2019-03-25	CVE-2019-3857	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. network low complexity libssh2 debian netapp opensuse redhat fedoraproject oracle CWE-190	8.8
2019-03-25	CVE-2019-3856	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. network low complexity libssh2 debian netapp opensuse redhat fedoraproject oracle CWE-190	8.8
2019-03-25	CVE-2019-3838	It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. local low complexity artifex redhat fedoraproject opensuse debian	5.5
2019-03-25	CVE-2019-3835	Missing Authorization vulnerability in multiple products It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. local low complexity artifex redhat fedoraproject debian opensuse CWE-862	5.5
2019-03-25	CVE-2019-3863	Out-of-bounds Write vulnerability in multiple products A flaw was found in libssh2 before 1.8.1. network low complexity libssh2 debian netapp opensuse redhat CWE-787	8.8
2019-03-23	CVE-2019-9948	Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. network low complexity python opensuse debian fedoraproject canonical redhat CWE-22 critical	9.1
2019-03-21	CVE-2019-3855	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. network low complexity libssh2 fedoraproject debian netapp redhat opensuse apple oracle CWE-190	8.8
2019-03-21	CVE-2019-7221	Use After Free vulnerability in multiple products The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. local low complexity linux opensuse fedoraproject debian canonical netapp redhat CWE-416	7.8