High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-29	CVE-2019-15681	Improper Initialization vulnerability in multiple products LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. network low complexity libvnc-project canonical debian siemens CWE-665	7.5
2019-10-24	CVE-2019-18408	Use After Free vulnerability in multiple products archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. network low complexity libarchive debian canonical CWE-416	7.5
2019-10-21	CVE-2019-18218	Out-of-bounds Write vulnerability in multiple products cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). local low complexity file-project debian opensuse netapp fedoraproject canonical CWE-787	7.8
2019-10-18	CVE-2019-18198	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. local low complexity linux canonical CWE-772	7.8
2019-10-18	CVE-2019-18197	Use of Uninitialized Resource vulnerability in multiple products In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. network high complexity xmlsoft debian canonical CWE-908	7.5
2019-10-17	CVE-2019-14287	Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. network low complexity sudo-project fedoraproject debian opensuse canonical netapp redhat CWE-755	8.8
2019-10-17	CVE-2019-17666	Classic Buffer Overflow vulnerability in multiple products rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. low complexity linux debian canonical CWE-120	8.8
2019-10-11	CVE-2019-2215	Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. local low complexity google debian canonical netapp huawei CWE-416	7.8
2019-10-03	CVE-2019-16866	Use of Uninitialized Resource vulnerability in multiple products Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. network low complexity nlnetlabs canonical CWE-908	7.5
2019-10-03	CVE-2019-15166	Classic Buffer Overflow vulnerability in multiple products lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. network low complexity tcpdump apple debian fedoraproject opensuse redhat netapp canonical CWE-120	7.5