High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-18	CVE-2018-1311	Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. network high complexity apache redhat debian oracle CWE-416	8.1
2019-12-17	CVE-2019-19816	Out-of-bounds Write vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. local low complexity linux canonical debian netapp CWE-787	7.8
2019-12-17	CVE-2019-19813	Use After Free vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. network linux canonical debian netapp CWE-416	7.1
2019-12-16	CVE-2019-19331	Improper Resource Shutdown or Release vulnerability in multiple products knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. network low complexity nic debian CWE-404	7.5
2019-12-15	CVE-2014-8650	Improper Authentication vulnerability in multiple products python-requests-Kerberos through 0.5 does not handle mutual authentication network low complexity requests-kerberos-project debian CWE-287	7.5
2019-12-12	CVE-2019-12420	Resource Exhaustion vulnerability in multiple products In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. network low complexity apache debian CWE-400	7.5
2019-12-11	CVE-2019-19583	An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. network low complexity xen fedoraproject opensuse debian	7.5
2019-12-11	CVE-2019-5815	Type Confusion vulnerability in multiple products Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. network low complexity xmlsoft debian CWE-843	7.5
2019-12-11	CVE-2019-19604	Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. local low complexity git-scm debian fedoraproject opensuse CWE-862	7.8
2019-12-10	CVE-2019-14889	OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. network low complexity libssh canonical opensuse fedoraproject debian oracle CWE-78	8.8