High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-29	CVE-2019-5429	Untrusted Search Path vulnerability in multiple products Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. local low complexity filezilla-project debian fedoraproject CWE-426	7.8
2019-04-26	CVE-2019-3843	Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. local low complexity systemd-project fedoraproject canonical netapp CWE-269	7.8
2019-04-25	CVE-2019-3900	An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). network low complexity linux fedoraproject redhat debian canonical netapp oracle	7.7
2019-04-22	CVE-2019-5427	XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. network low complexity mchange fedoraproject oracle CWE-776	7.5
2019-04-22	CVE-2019-11455	Out-of-bounds Read vulnerability in multiple products A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. network low complexity tildeslash debian fedoraproject canonical CWE-125	8.1
2019-04-22	CVE-2019-11412	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Artifex MuJS 1.0.5. network low complexity artifex fedoraproject CWE-670	7.5
2019-04-18	CVE-2019-3885	Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. network low complexity clusterlabs canonical fedoraproject CWE-416	7.5
2019-04-18	CVE-2018-16877	A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat	7.8
2019-04-17	CVE-2019-9499	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-287	8.1
2019-04-17	CVE-2019-9498	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-287	8.1