Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-24	CVE-2019-19950	Use After Free vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. network low complexity graphicsmagick debian opensuse CWE-416 critical	9.8
2019-12-24	CVE-2019-19949	Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. network low complexity imagemagick debian opensuse canonical CWE-125 critical	9.1
2019-12-24	CVE-2019-19948	Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. network low complexity imagemagick debian opensuse canonical CWE-787 critical	9.8
2019-12-23	CVE-2019-11049	Double Free vulnerability in multiple products In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. network low complexity php fedoraproject debian tenable CWE-415 critical	9.8
2019-12-20	CVE-2019-17571	Deserialization of Untrusted Data vulnerability in multiple products Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. network low complexity apache debian canonical opensuse netapp oracle CWE-502 critical	9.8
2019-12-20	CVE-2012-6094	Incorrect Authorization vulnerability in multiple products cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system network low complexity apple debian CWE-863 critical	9.8
2019-12-15	CVE-2014-8650	Improper Authentication vulnerability in multiple products python-requests-Kerberos through 0.5 does not handle mutual authentication network low complexity requests-kerberos-project debian CWE-287 critical	9.8
2019-12-13	CVE-2014-0175	Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install network low complexity puppet redhat debian CWE-798 critical	9.8
2019-12-12	CVE-2019-18345	Cross-site Scripting vulnerability in multiple products A reflected XSS issue was discovered in DAViCal through 1.1.8. network low complexity davical debian CWE-79 critical	9.3
2019-12-11	CVE-2019-19725	Double Free vulnerability in multiple products sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. network low complexity sysstat-project debian canonical CWE-415 critical	9.8