High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-31	CVE-2019-10185	It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. network low complexity icedtea-web-project debian opensuse	8.6
2019-07-31	CVE-2019-10181	It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. network high complexity icedtea-web-project debian opensuse	8.1
2019-07-31	CVE-2019-14459	Integer Overflow or Wraparound vulnerability in multiple products nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). network low complexity nfdump-project debian fedoraproject CWE-190	7.5
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5
2019-07-26	CVE-2019-13638	OS Command Injection vulnerability in multiple products GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. local low complexity gnu debian CWE-78	7.8
2019-07-26	CVE-2019-13565	An issue was discovered in OpenLDAP 2.x before 2.4.48. network low complexity openldap canonical debian opensuse f5 apple oracle	7.5
2019-07-23	CVE-2019-9811	Injection vulnerability in multiple products As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. network high complexity mozilla debian novell opensuse CWE-74	8.3
2019-07-23	CVE-2019-11711	When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. network low complexity mozilla debian	8.8
2019-07-17	CVE-2019-13619	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. network low complexity wireshark fedoraproject canonical debian opensuse CWE-119	7.5
2019-07-17	CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). local low complexity linux debian fedoraproject canonical redhat netapp	7.8