High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-26	CVE-2019-16869	HTTP Request Smuggling vulnerability in multiple products Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. network low complexity netty debian canonical redhat CWE-444	7.5
2019-09-25	CVE-2019-16884	Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. network low complexity linuxfoundation docker fedoraproject opensuse redhat canonical CWE-863	7.5
2019-09-24	CVE-2019-16729	pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. local low complexity pam-python-project debian canonical	7.8
2019-09-23	CVE-2019-16714	Missing Initialization of Resource vulnerability in multiple products In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. network low complexity linux canonical f5 CWE-909	7.5
2019-09-20	CVE-2019-14816	Heap-based Buffer Overflow vulnerability in multiple products There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. local low complexity linux redhat debian fedoraproject netapp canonical opensuse CWE-122	7.8
2019-09-20	CVE-2019-14814	Heap-based Buffer Overflow vulnerability in multiple products There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. local low complexity linux redhat debian canonical opensuse netapp CWE-122	7.8
2019-09-19	CVE-2019-14821	Out-of-bounds Write vulnerability in multiple products An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. local low complexity linux redhat canonical opensuse fedoraproject debian netapp oracle CWE-787	8.8
2019-09-17	CVE-2019-14835	Classic Buffer Overflow vulnerability in multiple products A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. local low complexity linux canonical debian fedoraproject opensuse netapp redhat huawei CWE-120	7.8
2019-09-11	CVE-2019-16237	Origin Validation Error vulnerability in multiple products Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. network low complexity dino canonical fedoraproject debian CWE-346	7.5
2019-09-11	CVE-2019-16236	Missing Authorization vulnerability in multiple products Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. network low complexity dino canonical fedoraproject debian CWE-862	7.5