Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-16	CVE-2019-2958	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle netapp opensuse debian	5.9
2019-10-16	CVE-2019-2949	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). network high complexity oracle debian netapp redhat canonical opensuse mcafee	6.8
2019-10-16	CVE-2019-11281	Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. network low complexity pivotal-software debian fedoraproject redhat CWE-79	4.8
2019-10-15	CVE-2017-1002201	Cross-site Scripting vulnerability in multiple products In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. network haml debian CWE-79	4.3
2019-10-09	CVE-2019-17402	Classic Buffer Overflow vulnerability in multiple products Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. network low complexity exiv2 debian canonical CWE-120	6.5
2019-10-08	CVE-2019-17349	Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. local low complexity xen debian CWE-835	5.5
2019-10-08	CVE-2019-17348	Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. local low complexity xen debian CWE-20	6.5
2019-10-08	CVE-2019-17345	An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. local low complexity xen debian	4.9
2019-10-08	CVE-2019-17344	Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. local low complexity xen debian CWE-662	4.9
2019-10-08	CVE-2019-17343	Improper Locking vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. local low complexity xen debian CWE-667	4.6