High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-31	CVE-2013-4357	Classic Buffer Overflow vulnerability in multiple products The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. network low complexity eglibc novell debian canonical fedoraproject CWE-120	7.5
2019-12-31	CVE-2013-4161	Improper Privilege Management vulnerability in multiple products gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. local low complexity gksu-polkit-project fedoraproject CWE-269	7.8
2019-12-31	CVE-2019-20176	Resource Exhaustion vulnerability in multiple products In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. network low complexity pureftpd fedoraproject CWE-400	7.5
2019-12-30	CVE-2012-5645	Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. network low complexity freeciv fedoraproject CWE-400	7.5
2019-12-26	CVE-2019-16789	HTTP Request Smuggling vulnerability in multiple products In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. network low complexity agendaless oracle debian fedoraproject redhat CWE-444	8.2
2019-12-24	CVE-2019-19956	Memory Leak vulnerability in multiple products xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. network low complexity xmlsoft debian oracle fedoraproject canonical netapp siemens CWE-401	7.5
2019-12-23	CVE-2019-11044	In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. network low complexity php tenable fedoraproject	7.5
2019-12-20	CVE-2019-16786	HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. network low complexity agendaless oracle debian fedoraproject redhat CWE-444	7.5
2019-12-20	CVE-2019-16785	HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. network low complexity agendaless oracle debian fedoraproject redhat CWE-444	7.5
2019-12-20	CVE-2019-19918	Out-of-bounds Write vulnerability in multiple products Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. local low complexity lout-project opensuse fedoraproject CWE-787	7.8