Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-18	CVE-2019-15143	Infinite Loop vulnerability in multiple products In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. local low complexity djvulibre-project debian fedoraproject canonical opensuse CWE-835	5.5
2019-08-18	CVE-2019-15142	Out-of-bounds Read vulnerability in multiple products In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. local low complexity djvulibre-project debian fedoraproject canonical opensuse CWE-125	5.5
2019-08-17	CVE-2019-15133	Divide By Zero vulnerability in multiple products In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. network low complexity giflib-project canonical debian CWE-369	6.5
2019-08-17	CVE-2019-15132	Information Exposure Through Discrepancy vulnerability in multiple products Zabbix through 4.4.0alpha1 allows User Enumeration. network low complexity zabbix debian CWE-203	5.3
2019-08-16	CVE-2019-15118	Uncontrolled Recursion vulnerability in multiple products check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. local low complexity linux canonical debian opensuse netapp CWE-674	5.5
2019-08-16	CVE-2016-10894	7PK - Security Features vulnerability in multiple products xtrlock through 2.10 does not block multitouch events. low complexity xtrlock-project debian CWE-254	4.6
2019-08-16	CVE-2019-15098	NULL Pointer Dereference vulnerability in multiple products drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. low complexity linux canonical opensuse netapp debian CWE-476	4.6
2019-08-15	CVE-2019-13377	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. network high complexity w1-fi fedoraproject canonical debian CWE-203	5.9
2019-08-15	CVE-2019-13223	Reachable Assertion vulnerability in multiple products A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. local low complexity stb-vorbis-project debian CWE-617	5.5
2019-08-15	CVE-2019-13219	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. local low complexity stb-vorbis-project debian CWE-476	5.5