High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-04	CVE-2019-1000018	Command Injection vulnerability in multiple products rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. local low complexity pizzashack debian fedoraproject canonical CWE-77	7.8
2019-02-04	CVE-2019-3813	Off-by-one Error vulnerability in multiple products Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. high complexity spice-project redhat debian canonical CWE-193	7.5
2019-02-04	CVE-2019-3461	Race Condition vulnerability in Debian Linux and Tmpreaper Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. local high complexity debian CWE-362	7.0
2019-02-03	CVE-2019-7310	Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. local low complexity freedesktop canonical debian fedoraproject redhat CWE-681	7.8
2019-01-31	CVE-2019-7283	An issue was discovered in rcp in NetKit through 0.17. network high complexity netkit debian	7.4
2019-01-30	CVE-2018-17199	Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. network low complexity apache debian netapp canonical oracle CWE-384	7.5
2019-01-28	CVE-2019-3462	Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. network high complexity debian canonical netapp	8.1
2019-01-27	CVE-2019-6977	Out-of-bounds Write vulnerability in multiple products gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. network low complexity libgd php debian canonical netapp CWE-787	8.8
2019-01-25	CVE-2018-16881	Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. network low complexity rsyslog redhat debian CWE-190	7.5
2019-01-25	CVE-2019-6956	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. local low complexity audiocoding debian CWE-125	7.1