High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-21	CVE-2019-18218	Out-of-bounds Write vulnerability in multiple products cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). local low complexity file-project debian opensuse netapp fedoraproject canonical CWE-787	7.8
2019-10-18	CVE-2019-18197	Use of Uninitialized Resource vulnerability in multiple products In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. network high complexity xmlsoft debian canonical CWE-908	7.5
2019-10-17	CVE-2019-14287	Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. network low complexity sudo-project fedoraproject debian opensuse canonical netapp redhat CWE-755	8.8
2019-10-17	CVE-2019-17675	Type Confusion vulnerability in multiple products WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. network low complexity wordpress debian CWE-843	8.8
2019-10-17	CVE-2019-17673	WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. network low complexity wordpress debian	7.5
2019-10-17	CVE-2019-17666	Classic Buffer Overflow vulnerability in multiple products rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. low complexity linux debian canonical CWE-120	8.8
2019-10-14	CVE-2019-17540	Out-of-bounds Write vulnerability in multiple products ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. network low complexity imagemagick debian CWE-787	8.8
2019-10-13	CVE-2019-17533	Use of Uninitialized Resource vulnerability in multiple products Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. network low complexity matio-project debian CWE-908	8.2
2019-10-11	CVE-2019-2215	Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. local low complexity google debian canonical netapp huawei CWE-416	7.8
2019-10-08	CVE-2019-14846	In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. local low complexity redhat debian opensuse	7.8