Enterprise Linux Server

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-04	CVE-2019-1000019	Out-of-bounds Read vulnerability in multiple products libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-125	6.5
2019-02-04	CVE-2019-3813	Off-by-one Error vulnerability in multiple products Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. high complexity spice-project redhat debian canonical CWE-193	7.5
2019-02-03	CVE-2019-7310	Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. local low complexity freedesktop canonical debian fedoraproject redhat CWE-681	7.8
2019-01-29	CVE-2019-7150	Out-of-bounds Read vulnerability in multiple products An issue was discovered in elfutils 0.175. local low complexity elfutils-project debian canonical opensuse redhat CWE-125	5.5
2019-01-28	CVE-2019-3815	A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. local low complexity redhat debian	3.3
2019-01-25	CVE-2018-16881	Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. network low complexity rsyslog redhat debian CWE-190	7.5
2019-01-18	CVE-2018-15982	Use After Free vulnerability in multiple products Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. network low complexity adobe redhat CWE-416 critical	9.8
2019-01-16	CVE-2018-5740	Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. network low complexity isc redhat debian netapp canonical hp opensuse CWE-617	7.5
2019-01-16	CVE-2018-5733	Integer Overflow or Wraparound vulnerability in multiple products A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. network low complexity isc redhat canonical debian CWE-190	7.5
2019-01-16	CVE-2017-3145	Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. network low complexity isc redhat debian netapp juniper CWE-416	7.5