Enterprise Linux Server TUS

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-05	CVE-2018-18506	When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. network high complexity mozilla canonical debian redhat opensuse	5.9
2019-02-05	CVE-2018-18505	Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. network low complexity mozilla canonical debian redhat CWE-287 critical	10.0
2019-02-05	CVE-2018-18500	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. network low complexity mozilla canonical debian redhat CWE-416 critical	9.8
2019-02-04	CVE-2019-3813	Off-by-one Error vulnerability in multiple products Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. high complexity spice-project redhat debian canonical CWE-193	7.5
2019-02-03	CVE-2019-7310	Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. local low complexity freedesktop canonical debian fedoraproject redhat CWE-681	7.8
2019-01-31	CVE-2019-6111	Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. network high complexity openbsd winscp canonical debian redhat fedoraproject apache freebsd fujitsu siemens CWE-22	5.9
2019-01-31	CVE-2019-6109	Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. network high complexity openbsd winscp canonical debian netapp fedoraproject redhat siemens fujitsu CWE-116	6.8
2019-01-29	CVE-2019-7150	Out-of-bounds Read vulnerability in multiple products An issue was discovered in elfutils 0.175. local low complexity elfutils-project debian canonical opensuse redhat CWE-125	5.5
2019-01-16	CVE-2017-3145	Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. network low complexity isc redhat debian netapp juniper CWE-416	7.5
2019-01-16	CVE-2017-3144	Resource Exhaustion vulnerability in multiple products A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. network low complexity isc redhat canonical debian CWE-400	7.5