Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-08	CVE-2019-17340	Memory Leak vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. local low complexity xen debian CWE-401	6.1
2019-10-08	CVE-2019-17350	Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. local low complexity xen debian CWE-835	5.5
2019-10-03	CVE-2019-15165	Allocation of Resources Without Limits or Throttling vulnerability in multiple products sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. network low complexity tcpdump debian opensuse oracle apple canonical fedoraproject CWE-770	5.3
2019-09-30	CVE-2019-16993	Cross-Site Request Forgery (CSRF) vulnerability in multiple products In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. network phpbb debian CWE-352	6.8
2019-09-28	CVE-2019-16935	Cross-site Scripting vulnerability in multiple products The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. network low complexity python debian canonical CWE-79	6.1
2019-09-27	CVE-2019-9433	Improper Input Validation vulnerability in multiple products In libvpx, there is a possible information disclosure due to improper input validation. network low complexity google opensuse fedoraproject debian canonical CWE-20	6.5
2019-09-27	CVE-2019-9371	Improper Input Validation vulnerability in multiple products In libvpx, there is a possible resource exhaustion due to improper input validation. network low complexity google opensuse fedoraproject debian canonical CWE-20	6.5
2019-09-27	CVE-2019-9325	Out-of-bounds Read vulnerability in multiple products In libvpx, there is a possible out of bounds read due to a missing bounds check. network low complexity google canonical fedoraproject opensuse debian CWE-125	6.5
2019-09-26	CVE-2019-10092	Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. network low complexity apache opensuse debian redhat fedoraproject canonical netapp oracle CWE-79	6.1
2019-09-26	CVE-2019-16910	Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. network high complexity arm fedoraproject debian	5.3