Enterprise Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-07	CVE-2019-18805	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. network low complexity linux opensuse redhat netapp broadcom CWE-190 critical	9.8
2019-11-06	CVE-2016-1000037	Cross-site Scripting vulnerability in multiple products Pagure: XSS possible in file attachment endpoint network low complexity redhat fedoraproject CWE-79	6.1
2019-11-06	CVE-2014-8181	Improper Initialization vulnerability in Redhat Enterprise Linux and Enterprise MRG The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. local low complexity redhat CWE-665	5.5
2019-11-05	CVE-2016-4983	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. local low complexity dovecot opensuse redhat CWE-732	3.3
2019-11-05	CVE-2013-5661	Authentication Bypass by Spoofing vulnerability in multiple products Cache Poisoning issue exists in DNS Response Rate Limiting. network high complexity isc nlnetlabs nic redhat CWE-290	5.9
2019-11-05	CVE-2016-1000002	Information Exposure vulnerability in multiple products gdm3 3.14.2 and possibly later has an information leak before screen lock low complexity gnome redhat debian opensuse CWE-200	2.4
2019-11-04	CVE-2017-5333	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. local low complexity icoutils-project redhat canonical debian opensuse CWE-190	7.8
2019-11-04	CVE-2017-5332	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. local low complexity icoutils-project redhat canonical debian opensuse CWE-119	7.8
2019-11-04	CVE-2015-8980	Improper Input Validation vulnerability in multiple products The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. network low complexity php-gettext-project opensuse redhat fedoraproject CWE-20 critical	9.8
2019-11-04	CVE-2013-4409	Improper Input Validation vulnerability in multiple products An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. network low complexity reviewboard fedoraproject redhat CWE-20 critical	9.8