Enterprise Linux Server TUS

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-14	CVE-2014-7844	Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. local low complexity redhat debian bsd-mailx-project CWE-74	7.8
2020-01-13	CVE-2020-6851	Out-of-bounds Write vulnerability in multiple products OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. network low complexity uclouvain fedoraproject debian redhat oracle CWE-787	7.5
2020-01-08	CVE-2019-17024	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. network low complexity mozilla canonical debian redhat opensuse CWE-787	8.8
2020-01-08	CVE-2019-17022	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. network low complexity mozilla canonical debian redhat CWE-79	6.1
2020-01-08	CVE-2019-17017	Type Confusion vulnerability in multiple products Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. network low complexity mozilla canonical debian redhat CWE-843	8.8
2020-01-08	CVE-2019-17016	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. network low complexity mozilla debian canonical redhat CWE-79	6.1
2019-12-19	CVE-2019-19906	Off-by-one Error vulnerability in multiple products cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. network low complexity cyrusimap debian canonical fedoraproject redhat apple apache CWE-193	7.5
2019-12-18	CVE-2018-1311	Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. network high complexity apache redhat debian oracle fedoraproject CWE-416	8.1
2019-12-10	CVE-2019-13734	Out-of-bounds Write vulnerability in multiple products Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject redhat canonical suse opensuse debian oracle CWE-787	8.8
2019-12-06	CVE-2019-5544	Out-of-bounds Write vulnerability in multiple products OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. network low complexity vmware redhat openslp fedoraproject CWE-787 critical	9.8