Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-24	CVE-2019-19925	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-434	5.0
2019-12-24	CVE-2019-19923	NULL Pointer Dereference vulnerability in multiple products flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-476	5.0
2019-12-24	CVE-2019-19947	Use of Uninitialized Resource vulnerability in multiple products In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. low complexity linux debian canonical netapp CWE-908	4.6
2019-12-23	CVE-2019-18391	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. local low complexity virglrenderer-project redhat opensuse debian CWE-787	5.5
2019-12-23	CVE-2019-18388	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. local low complexity virglrenderer-project opensuse debian CWE-476	5.5
2019-12-23	CVE-2019-11050	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical fedoraproject opensuse tenable CWE-125	6.5
2019-12-23	CVE-2019-11047	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php fedoraproject debian canonical CWE-125	6.5
2019-12-23	CVE-2019-11046	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. network low complexity php debian fedoraproject opensuse canonical tenable CWE-125	5.3
2019-12-23	CVE-2019-11045	Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. network high complexity php fedoraproject debian opensuse canonical tenable CWE-74	5.9
2019-12-23	CVE-2019-19926	NULL Pointer Dereference vulnerability in multiple products multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. network low complexity sqlite siemens oracle debian redhat opensuse suse netapp CWE-476	5.0