Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-16	CVE-2017-3137	Reachable Assertion vulnerability in multiple products Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. network low complexity isc redhat netapp debian CWE-617	5.0
2019-01-16	CVE-2017-3136	Reachable Assertion vulnerability in multiple products A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. network isc redhat netapp debian CWE-617	4.3
2019-01-16	CVE-2017-3135	NULL Pointer Dereference vulnerability in multiple products Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. network isc redhat netapp debian CWE-476	4.3
2019-01-11	CVE-2019-6133	Race Condition vulnerability in multiple products In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. local polkit-project debian redhat canonical CWE-362	4.4
2018-11-26	CVE-2018-14646	NULL Pointer Dereference vulnerability in Linux Kernel The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. local low complexity linux redhat CWE-476	4.9
2018-11-15	CVE-2018-5407	Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. local high complexity canonical debian nodejs openssl tenable oracle redhat CWE-203	4.7
2018-10-31	CVE-2016-2125	Improper Input Validation vulnerability in multiple products It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. low complexity samba redhat CWE-20	6.5
2018-10-26	CVE-2018-15688	Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. low complexity systemd-project debian canonical redhat CWE-120	5.8
2018-10-18	CVE-2018-12387	Improper Input Validation vulnerability in multiple products A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. network low complexity redhat debian canonical mozilla CWE-20	6.4
2018-10-18	CVE-2018-12386	Incorrect Type Conversion or Cast vulnerability in multiple products A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. network redhat debian canonical mozilla CWE-704	5.8