Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-23	CVE-2019-11046	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. network low complexity php debian fedoraproject opensuse canonical tenable CWE-125	5.3
2019-12-23	CVE-2019-11045	Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. network high complexity php fedoraproject debian opensuse canonical tenable CWE-74	5.9
2019-12-22	CVE-2019-19922	Resource Exhaustion vulnerability in multiple products kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. local low complexity linux debian canonical oracle netapp CWE-400	5.5
2019-12-20	CVE-2015-8313	Information Exposure Through Discrepancy vulnerability in multiple products GnuTLS incorrectly validates the first byte of padding in CBC modes network high complexity gnu debian CWE-203	5.9
2019-12-20	CVE-2012-5639	Exposure of Resource to Wrong Sphere vulnerability in multiple products LibreOffice and OpenOffice automatically open embedded content network low complexity libreoffice debian apache CWE-668	6.5
2019-12-17	CVE-2012-2237	Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. network low complexity mahara debian CWE-79	6.1
2019-12-17	CVE-2019-19813	Use After Free vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. local low complexity linux canonical debian netapp CWE-416	5.5
2019-12-17	CVE-2019-19830	_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. network low complexity spip debian canonical	6.5
2019-12-16	CVE-2019-16779	Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. network high complexity excon-project opensuse debian CWE-362	5.9
2019-12-16	CVE-2019-19783	Improper Privilege Management vulnerability in multiple products An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. network low complexity cyrus debian fedoraproject canonical CWE-269	6.5