Enterprise Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-04	CVE-2013-4251	Improper Privilege Management vulnerability in multiple products The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. local low complexity scipy fedoraproject redhat debian CWE-269	7.8
2019-11-04	CVE-2005-4890	Improper Input Validation vulnerability in multiple products There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". local low complexity sudo-project debian redhat CWE-20	7.8
2019-11-01	CVE-2013-4751	Improper Input Validation vulnerability in multiple products php-symfony2-Validator has loss of information during serialization network low complexity sensiolabs fedoraproject redhat CWE-20	8.1
2019-11-01	CVE-2013-3718	Improper Input Validation vulnerability in multiple products evince is missing a check on number of pages which can lead to a segmentation fault local low complexity gnome debian redhat opensuse CWE-20	5.5
2019-10-31	CVE-2019-5010	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. network low complexity python opensuse debian redhat CWE-476	7.5
2019-10-28	CVE-2019-11043	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. network low complexity php canonical debian fedoraproject tenable redhat CWE-787 critical	9.8
2019-10-24	CVE-2019-17596	Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. network low complexity golang debian fedoraproject redhat opensuse arista CWE-436	7.5
2019-10-17	CVE-2019-17631	Improper Privilege Management vulnerability in multiple products From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. network low complexity eclipse redhat CWE-269 critical	9.1
2019-10-17	CVE-2019-14287	Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. network low complexity sudo-project fedoraproject debian opensuse canonical netapp redhat CWE-755	8.8
2019-10-16	CVE-2019-2999	Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). network high complexity oracle redhat netapp debian opensuse canonical	4.7