Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-21	CVE-2019-14907	Out-of-bounds Read vulnerability in multiple products All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. network low complexity fedoraproject samba redhat canonical synology debian CWE-125	6.5
2020-01-21	CVE-2019-14902	There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. network low complexity samba canonical opensuse debian	5.4
2020-01-16	CVE-2020-7039	Out-of-bounds Write vulnerability in multiple products tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. network high complexity libslirp-project debian opensuse qemu CWE-787	5.6
2020-01-16	CVE-2019-18282	Use of Insufficiently Random Values vulnerability in multiple products The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. network low complexity linux debian netapp CWE-330	5.3
2020-01-16	CVE-2020-7106	Cross-site Scripting vulnerability in multiple products Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). network low complexity cacti debian opensuse suse fedoraproject CWE-79	6.1
2020-01-16	CVE-2020-7045	NULL Pointer Dereference vulnerability in multiple products In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. low complexity wireshark debian CWE-476	6.5
2020-01-15	CVE-2019-15961	Resource Exhaustion vulnerability in multiple products A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. network low complexity clamav cisco debian canonical CWE-400	6.5
2020-01-15	CVE-2020-2655	Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). network high complexity oracle redhat debian	4.8
2020-01-15	CVE-2020-2601	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). network high complexity oracle debian canonical opensuse netapp redhat	6.8
2020-01-15	CVE-2020-2593	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). network high complexity oracle redhat debian canonical opensuse mcafee netapp	4.8