19.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-08	CVE-2019-17023	Improper Authentication vulnerability in multiple products After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. network low complexity mozilla canonical debian CWE-287	6.5
2020-01-08	CVE-2019-17022	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. network low complexity mozilla canonical debian redhat CWE-79	6.1
2020-01-08	CVE-2019-17020	XXE vulnerability in multiple products If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. network low complexity mozilla canonical CWE-611	6.5
2020-01-08	CVE-2019-17017	Type Confusion vulnerability in multiple products Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. network low complexity mozilla canonical debian redhat CWE-843	8.8
2020-01-08	CVE-2019-17016	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. network low complexity mozilla debian canonical redhat CWE-79	6.1
2020-01-08	CVE-2019-20367	Out-of-bounds Read vulnerability in multiple products nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). network low complexity freedesktop debian canonical opensuse CWE-125 critical	9.1
2020-01-08	CVE-2019-5188	Out-of-bounds Write vulnerability in multiple products A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. local low complexity e2fsprogs-project fedoraproject debian canonical opensuse netapp CWE-787	6.7
2019-12-23	CVE-2019-11050	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical fedoraproject opensuse tenable CWE-125	6.5
2019-12-23	CVE-2019-11047	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php fedoraproject debian canonical CWE-125	6.5
2019-12-23	CVE-2019-11046	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. network low complexity php debian fedoraproject opensuse canonical tenable CWE-125	5.3