High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-30	CVE-2018-5735	Reachable Assertion vulnerability in Debian Linux 10.0/8.0/9.0 The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. network low complexity debian CWE-617	7.5
2019-10-29	CVE-2011-1408	Link Following vulnerability in multiple products ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. network low complexity ikiwiki debian CWE-59	8.2
2019-10-29	CVE-2019-18602	Use of Uninitialized Resource vulnerability in multiple products OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. network low complexity openafs debian CWE-908	7.5
2019-10-29	CVE-2019-15681	Improper Initialization vulnerability in multiple products LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. network low complexity libvnc-project canonical debian siemens CWE-665	7.5
2019-10-29	CVE-2011-4931	Weak Password Requirements vulnerability in multiple products gpw generates shorter passwords than required network low complexity gpw-project debian CWE-521	7.5
2019-10-29	CVE-2009-3723	Incorrect Authorization vulnerability in multiple products asterisk allows calls on prohibited networks network low complexity sangoma debian CWE-863	7.5
2019-10-28	CVE-2012-5577	Incorrect Default Permissions vulnerability in multiple products Python keyring lib before 0.10 created keyring files with world-readable permissions. network low complexity python debian CWE-276	7.5
2019-10-24	CVE-2019-17596	Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. network low complexity golang debian fedoraproject redhat opensuse arista CWE-436	7.5
2019-10-24	CVE-2019-18408	Use After Free vulnerability in multiple products archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. network low complexity libarchive debian canonical CWE-416	7.5
2019-10-21	CVE-2019-17498	Integer Overflow or Wraparound vulnerability in multiple products In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. network low complexity libssh2 fedoraproject opensuse debian netapp CWE-190	8.1