High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-07	CVE-2019-14744	OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. local low complexity kde debian fedoraproject opensuse canonical redhat CWE-78	7.8
2019-08-01	CVE-2019-14513	Out-of-bounds Read vulnerability in multiple products Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. network low complexity thekelleys debian CWE-125	7.5
2019-08-01	CVE-2019-14497	Out-of-bounds Write vulnerability in multiple products ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. local low complexity milkytracker-project canonical debian CWE-787	7.8
2019-08-01	CVE-2019-14496	Out-of-bounds Write vulnerability in multiple products LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. local low complexity milkytracker-project canonical debian CWE-787	7.8
2019-08-01	CVE-2019-14494	Divide By Zero vulnerability in multiple products An issue was discovered in Poppler through 0.78.0. network low complexity freedesktop canonical fedoraproject debian redhat CWE-369	7.5
2019-08-01	CVE-2019-0193	Code Injection vulnerability in multiple products In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. network low complexity apache debian CWE-94	7.2
2019-07-31	CVE-2019-10185	Path Traversal vulnerability in multiple products It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. network low complexity icedtea-web-project debian opensuse CWE-22	8.6
2019-07-31	CVE-2019-10181	Insufficient Verification of Data Authenticity vulnerability in multiple products It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. network high complexity icedtea-web-project debian opensuse CWE-345	8.1
2019-07-31	CVE-2019-14459	Integer Overflow or Wraparound vulnerability in multiple products nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). network low complexity nfdump-project debian fedoraproject CWE-190	7.5
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5