Enterprise MRG

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-05	CVE-2013-6460	XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents network nokogiri debian redhat CWE-776	4.3
2019-06-19	CVE-2019-11478	Resource Exhaustion vulnerability in multiple products Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. network low complexity linux f5 canonical redhat pulsesecure ivanti CWE-400	7.5
2019-06-19	CVE-2019-11477	Integer Overflow or Wraparound vulnerability in multiple products Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). network low complexity linux f5 canonical redhat pulsesecure ivanti CWE-190	7.5
2019-04-11	CVE-2019-3459	Out-of-bounds Read vulnerability in multiple products A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. low complexity linux canonical redhat debian CWE-125	6.5
2018-12-18	CVE-2018-16884	Use After Free vulnerability in multiple products A flaw was found in the Linux kernel's NFS41+ subsystem. low complexity linux redhat debian canonical CWE-416	8.0
2018-07-30	CVE-2017-7482	Integer Overflow or Wraparound vulnerability in multiple products In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. local low complexity linux debian redhat CWE-190	7.8
2018-02-09	CVE-2014-8171	Resource Management Errors vulnerability in multiple products The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. local low complexity linux redhat CWE-399	5.5
2018-01-14	CVE-2017-15128	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. local low complexity linux redhat CWE-119	4.9
2018-01-14	CVE-2017-15127	Improper Cleanup on Thrown Exception vulnerability in multiple products A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. local low complexity linux redhat CWE-460	5.5
2017-10-18	CVE-2014-3706	Improper Certificate Validation vulnerability in Redhat Enterprise MRG 3.0 ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. network redhat CWE-295	4.3