Enterprise Linux Server TUS

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-11	CVE-2019-10192	Out-of-bounds Write vulnerability in multiple products A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. network low complexity redislabs redhat debian canonical oracle CWE-787	7.2
2019-07-05	CVE-2019-13313	Information Exposure vulnerability in multiple products libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. local low complexity libosinfo fedoraproject redhat CWE-200	7.8
2019-06-25	CVE-2019-12817	Out-of-bounds Write vulnerability in multiple products arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. local high complexity canonical linux fedoraproject debian opensuse redhat CWE-787	7.0
2019-06-14	CVE-2019-10126	A flaw was found in the Linux kernel. network low complexity linux redhat canonical debian opensuse netapp critical	9.8
2019-06-07	CVE-2019-10160	A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. network low complexity python redhat debian opensuse fedoraproject canonical netapp critical	9.8
2019-06-05	CVE-2019-9755	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow issue exists in ntfs-3g 2017.3.23. local high complexity tuxera redhat CWE-191	7.0
2019-06-03	CVE-2019-11356	Out-of-bounds Write vulnerability in multiple products The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. network low complexity cyrus fedoraproject debian canonical redhat CWE-787 critical	9.8
2019-05-29	CVE-2019-12450	Incorrect Default Permissions vulnerability in multiple products file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. network low complexity gnome debian redhat canonical opensuse fedoraproject CWE-276 critical	9.8
2019-05-16	CVE-2019-0820	Resource Exhaustion vulnerability in multiple products A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. network low complexity microsoft redhat CWE-400	7.5
2019-05-15	CVE-2019-11833	Use of Uninitialized Resource vulnerability in multiple products fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. local low complexity linux fedoraproject debian canonical redhat CWE-908	5.5