Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-16	CVE-2019-2434	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). network low complexity oracle canonical netapp redhat	6.5
2019-01-16	CVE-2019-2420	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). network low complexity oracle canonical netapp redhat	4.9
2019-01-15	CVE-2018-14662	It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. low complexity redhat debian opensuse canonical	5.7
2019-01-15	CVE-2018-16846	It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. network low complexity redhat debian opensuse canonical	6.5
2019-01-14	CVE-2018-16888	Improper Privilege Management vulnerability in multiple products It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. local high complexity systemd-project redhat canonical netapp CWE-269	4.7
2019-01-11	CVE-2018-4278	In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. network low complexity apple canonical	4.3
2019-01-11	CVE-2018-4181	In macOS High Sierra before 10.13.5, an issue existed in CUPS. local low complexity apple canonical debian	5.5
2019-01-11	CVE-2019-6133	Race Condition vulnerability in multiple products In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. local high complexity polkit-project debian redhat canonical CWE-362	6.7
2019-01-10	CVE-2018-20685	Incorrect Authorization vulnerability in multiple products In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . network high complexity openbsd winscp netapp debian canonical redhat oracle fujitsu siemens CWE-863	5.3
2019-01-09	CVE-2019-3498	Injection vulnerability in multiple products In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. network low complexity djangoproject debian canonical fedoraproject CWE-74	6.5