12.1.3

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-11	CVE-2019-14899	A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. low complexity freebsd linux openbsd apple	7.4
2019-07-01	CVE-2019-13118	Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. network low complexity xmlsoft opensuse netapp oracle fedoraproject canonical apple CWE-843	5.3
2019-03-05	CVE-2019-6223	Unspecified vulnerability in Apple mac OS X A logic issue existed in the handling of Group FaceTime calls. network low complexity apple	7.5
2019-02-18	CVE-2019-8906	Out-of-bounds Read vulnerability in multiple products do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. local low complexity file-project canonical opensuse apple CWE-125	4.4