Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-22	CVE-2019-3901	A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. local high complexity linux debian netapp	4.7
2019-04-22	CVE-2019-11454	Cross-site Scripting vulnerability in multiple products Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. network low complexity mmonit debian canonical fedoraproject CWE-79	6.1
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2019-04-18	CVE-2018-16878	Resource Exhaustion vulnerability in multiple products A flaw was found in pacemaker up to and including version 2.0.1. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat CWE-400	5.5
2019-04-11	CVE-2019-3460	Improper Input Validation vulnerability in multiple products A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. low complexity linux canonical debian redhat CWE-20	6.5
2019-04-11	CVE-2019-3459	Out-of-bounds Read vulnerability in multiple products A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. low complexity linux canonical redhat debian CWE-125	6.5
2019-04-09	CVE-2019-3880	Path Traversal vulnerability in multiple products A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. network low complexity samba debian redhat fedoraproject opensuse CWE-22	5.4
2019-04-09	CVE-2019-3795	Use of Insufficiently Random Values vulnerability in multiple products Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. network low complexity vmware debian CWE-330	5.3
2019-04-08	CVE-2019-11025	Cross-site Scripting vulnerability in multiple products In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. network low complexity cacti debian CWE-79	5.4
2019-04-08	CVE-2019-1788	Out-of-bounds Write vulnerability in multiple products A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. local low complexity clamav opensuse debian CWE-787	5.5