Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-21	CVE-2018-20340	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. low complexity yubico debian CWE-119	6.8
2019-03-21	CVE-2018-19985	Out-of-bounds Read vulnerability in multiple products The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. low complexity linux debian netapp CWE-125	4.6
2019-03-13	CVE-2019-9741	CRLF Injection vulnerability in multiple products An issue was discovered in net/http in Go 1.11.5. network low complexity golang debian fedoraproject redhat CWE-93	6.1
2019-03-13	CVE-2019-9735	Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. network low complexity openstack redhat debian CWE-755	6.5
2019-03-12	CVE-2019-9718	Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. network low complexity ffmpeg debian canonical CWE-125	6.5
2019-03-12	CVE-2019-9706	Use After Free vulnerability in Debian Cron 3.0 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. local low complexity debian CWE-416	5.5
2019-03-12	CVE-2019-9705	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. local low complexity cron-project debian fedoraproject CWE-770	5.5
2019-03-12	CVE-2019-9704	Unchecked Return Value vulnerability in multiple products Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. local low complexity cron-project fedoraproject debian CWE-252	5.5
2019-03-11	CVE-2019-9658	XXE vulnerability in multiple products Checkstyle before 8.18 loads external DTDs by default. network low complexity checkstyle debian fedoraproject CWE-611	5.3
2019-03-07	CVE-2018-14498	Out-of-bounds Read vulnerability in multiple products get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. network low complexity mozilla libjpeg-turbo fedoraproject debian opensuse CWE-125	6.5