Enterprise Linux Server TUS

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-02	CVE-2018-6560	Interpretation Conflict vulnerability in multiple products In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. local low complexity flatpak redhat CWE-436	4.6
2018-01-31	CVE-2018-1000001	Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. local low complexity gnu canonical redhat CWE-787	7.2
2018-01-26	CVE-2018-5750	Information Exposure vulnerability in Linux Kernel The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. local low complexity linux debian canonical redhat CWE-200	2.1
2018-01-25	CVE-2018-5748	Resource Exhaustion vulnerability in multiple products qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. network low complexity redhat debian CWE-400	5.0
2018-01-23	CVE-2018-5683	Out-of-bounds Read vulnerability in multiple products The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. local low complexity qemu debian redhat canonical CWE-125	2.1
2018-01-23	CVE-2018-5950	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. network low complexity gnu debian canonical redhat CWE-79	6.1
2018-01-18	CVE-2018-2678	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network low complexity oracle redhat debian canonical schneider-electric hp	4.3
2018-01-18	CVE-2018-2677	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). network low complexity oracle redhat debian canonical schneider-electric hp	4.3
2018-01-18	CVE-2018-2668	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). network low complexity oracle mariadb debian canonical netapp redhat	6.8
2018-01-18	CVE-2018-2665	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). network low complexity oracle mariadb debian canonical netapp redhat	6.8