Enterprise Linux Server

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-01	CVE-2018-13033	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. local low complexity gnu redhat CWE-770	5.5
2018-06-26	CVE-2018-10852	Information Exposure vulnerability in multiple products The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. network low complexity debian fedoraproject redhat CWE-200	7.5
2018-06-22	CVE-2017-2668	NULL Pointer Dereference vulnerability in multiple products 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. network low complexity fedoraproject redhat CWE-476	6.5
2018-06-20	CVE-2018-1120	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found affecting the Linux kernel before version 4.17. network high complexity linux redhat debian canonical CWE-119	5.3
2018-06-19	CVE-2018-1061	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. network low complexity python debian redhat canonical fedoraproject	7.5
2018-06-18	CVE-2018-1060	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. network low complexity python fedoraproject canonical redhat debian	7.5
2018-06-13	CVE-2018-0495	Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. local high complexity gnupg canonical debian redhat oracle CWE-203	4.7
2018-06-13	CVE-2018-10850	Race Condition vulnerability in multiple products 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. network high complexity fedoraproject redhat debian CWE-362	5.9
2018-06-13	CVE-2018-11806	Out-of-bounds Write vulnerability in multiple products m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. local low complexity qemu canonical redhat debian CWE-787	8.2
2018-06-12	CVE-2018-5848	Integer Overflow or Wraparound vulnerability in multiple products In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. local low complexity google redhat debian CWE-190	7.8