Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-22	CVE-2019-9892	XML Injection (aka Blind XPath Injection) vulnerability in multiple products An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. network low complexity otrs debian CWE-91	6.5
2019-05-20	CVE-2019-12221	Out-of-bounds Write vulnerability in multiple products An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. network low complexity libsdl fedoraproject canonical opensuse debian CWE-787	6.5
2019-05-20	CVE-2019-12216	Out-of-bounds Write vulnerability in multiple products An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. network low complexity libsdl fedoraproject debian canonical CWE-787	6.5
2019-05-20	CVE-2019-12213	Uncontrolled Recursion vulnerability in multiple products When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. network low complexity freeimage-project canonical debian fedoraproject CWE-674	6.5
2019-05-15	CVE-2019-11833	Use of Uninitialized Resource vulnerability in multiple products fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. local low complexity linux fedoraproject debian canonical redhat CWE-908	5.5
2019-05-09	CVE-2019-11840	Use of Insufficiently Random Values vulnerability in multiple products An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. network high complexity golang debian CWE-330	5.9
2019-04-28	CVE-2019-11579	Out-of-bounds Read vulnerability in multiple products dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. network low complexity dhcpcd-project debian CWE-125	5.3
2019-04-24	CVE-2019-3882	A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. local low complexity linux fedoraproject debian canonical opensuse netapp	5.5
2019-04-24	CVE-2019-11498	Access of Uninitialized Pointer vulnerability in multiple products WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. network low complexity wavpack canonical fedoraproject debian CWE-824	6.5
2019-04-23	CVE-2019-2684	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network high complexity oracle redhat opensuse debian apache canonical hp	5.9