Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-15	CVE-2019-18928	Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. network low complexity cyrus fedoraproject debian critical	9.8
2019-11-12	CVE-2010-3438	Use of Externally-Controlled Format String vulnerability in multiple products libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. network low complexity libpoe-component-irc-perl-project debian fedoraproject CWE-134 critical	9.8
2019-11-04	CVE-2015-8980	Improper Input Validation vulnerability in multiple products The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. network low complexity php-gettext-project opensuse redhat fedoraproject CWE-20 critical	9.8
2019-11-04	CVE-2013-4409	Improper Input Validation vulnerability in multiple products An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. network low complexity reviewboard fedoraproject redhat CWE-20 critical	9.8
2019-10-31	CVE-2019-18425	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. network low complexity xen debian fedoraproject opensuse CWE-269 critical	9.8
2019-10-30	CVE-2018-21029	Improper Certificate Validation vulnerability in multiple products systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. network low complexity systemd-project fedoraproject CWE-295 critical	9.8
2019-10-28	CVE-2019-11043	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. network low complexity php canonical debian fedoraproject tenable redhat CWE-787 critical	9.8
2019-10-14	CVE-2019-17545	Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. network low complexity osgeo oracle debian fedoraproject opensuse CWE-415 critical	9.8
2019-10-10	CVE-2019-17455	Out-of-bounds Read vulnerability in multiple products Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. network low complexity nongnu debian canonical fedoraproject opensuse CWE-125 critical	9.8
2019-10-07	CVE-2019-17042	Improper Input Validation vulnerability in multiple products An issue was discovered in Rsyslog v8.1908.0. network low complexity rsyslog fedoraproject debian opensuse CWE-20 critical	9.8