Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-06	CVE-2019-3824	Out-of-bounds Read vulnerability in multiple products A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. network low complexity samba canonical debian CWE-125	4.0
2019-03-05	CVE-2019-9213	NULL Pointer Dereference vulnerability in multiple products In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. local low complexity linux debian redhat opensuse canonical CWE-476	5.5
2019-02-28	CVE-2018-18494	Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). network mozilla debian canonical redhat CWE-346	4.3
2019-02-28	CVE-2018-12396	Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox and Firefox ESR A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. network mozilla debian canonical redhat CWE-732	4.3
2019-02-28	CVE-2018-12395	Unspecified vulnerability in Mozilla Firefox and Firefox ESR By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. network low complexity mozilla debian canonical redhat	5.0
2019-02-28	CVE-2018-12393	Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. network low complexity mozilla debian canonical redhat CWE-190	5.0
2019-02-28	CVE-2018-12389	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. network mozilla debian canonical redhat CWE-119	6.8
2019-02-28	CVE-2019-9209	Off-by-one Error vulnerability in multiple products In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. local low complexity wireshark debian canonical opensuse CWE-193	5.5
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-22	CVE-2019-9024	Out-of-bounds Read vulnerability in PHP An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. network low complexity php debian canonical netapp opensuse CWE-125	5.0