High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-21	CVE-2019-8980	Memory Leak vulnerability in multiple products A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. network low complexity linux canonical opensuse debian CWE-401	7.5
2019-02-18	CVE-2019-8912	Use After Free vulnerability in multiple products In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. local low complexity linux redhat canonical opensuse CWE-416	7.8
2019-02-18	CVE-2019-8907	Out-of-bounds Write vulnerability in multiple products do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. network low complexity file-project debian opensuse canonical CWE-787	8.8
2019-02-18	CVE-2019-8904	Out-of-bounds Read vulnerability in multiple products do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. network low complexity file-project canonical CWE-125	8.8
2019-02-15	CVE-2019-6974	Use After Free vulnerability in multiple products In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. network high complexity linux debian canonical f5 redhat CWE-416	8.1
2019-02-12	CVE-2018-20781	Insufficiently Protected Credentials vulnerability in multiple products In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. local low complexity gnome canonical oracle CWE-522	7.8
2019-02-11	CVE-2019-5736	OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78	8.6
2019-02-11	CVE-2019-6975	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. network low complexity djangoproject canonical fedoraproject CWE-770	7.5
2019-02-08	CVE-2019-7638	Out-of-bounds Read vulnerability in multiple products SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. network low complexity libsdl debian opensuse fedoraproject canonical CWE-125	8.8
2019-02-08	CVE-2019-7637	Out-of-bounds Write vulnerability in multiple products SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. network low complexity libsdl debian opensuse fedoraproject canonical CWE-787	8.8