Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-26	CVE-2019-16738	Missing Authorization vulnerability in multiple products In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. network low complexity mediawiki fedoraproject debian CWE-862	5.3
2019-09-25	CVE-2019-16892	In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. local low complexity rubyzip-project fedoraproject redhat	5.5
2019-09-24	CVE-2019-5094	Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. local low complexity e2fsprogs-project debian fedoraproject canonical netapp CWE-787	6.7
2019-09-23	CVE-2019-16707	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. network low complexity hunspell-project fedoraproject CWE-119	6.5
2019-09-19	CVE-2019-11779	Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. network low complexity eclipse canonical opensuse fedoraproject debian CWE-674	6.5
2019-09-13	CVE-2019-12922	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. network low complexity phpmyadmin fedoraproject CWE-352	6.5
2019-09-11	CVE-2019-16232	NULL Pointer Dereference vulnerability in multiple products drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. local high complexity linux canonical opensuse fedoraproject CWE-476	4.1
2019-09-09	CVE-2019-16168	Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." network low complexity sqlite netapp canonical fedoraproject debian tenable oracle mcafee CWE-369	6.5
2019-09-09	CVE-2019-16167	Integer Overflow or Wraparound vulnerability in multiple products sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. local low complexity sysstat-project fedoraproject opensuse canonical debian CWE-190	5.5
2019-09-05	CVE-2019-15946	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. high complexity opensc-project debian fedoraproject CWE-119	6.4