High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-17	CVE-2019-3994	Use After Free vulnerability in multiple products ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. network low complexity elog-project fedoraproject CWE-416	7.5
2019-12-17	CVE-2019-3993	Cleartext Transmission of Sensitive Information vulnerability in multiple products ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. network low complexity elog-project fedoraproject CWE-319	7.5
2019-12-17	CVE-2019-3992	Cleartext Transmission of Sensitive Information vulnerability in multiple products ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. network low complexity elog-project fedoraproject CWE-319	7.5
2019-12-13	CVE-2019-19787	Out-of-bounds Write vulnerability in multiple products ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. local low complexity atasm-project fedoraproject CWE-787	7.8
2019-12-13	CVE-2019-19786	Out-of-bounds Write vulnerability in multiple products ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. local low complexity atasm-project fedoraproject CWE-787	7.8
2019-12-13	CVE-2019-19785	Out-of-bounds Write vulnerability in multiple products ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. local low complexity atasm-project fedoraproject CWE-787	7.8
2019-12-13	CVE-2019-16776	Path Traversal vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-22	8.1
2019-12-12	CVE-2017-18640	XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. network low complexity snakeyaml-project fedoraproject quarkus oracle CWE-776	7.5
2019-12-11	CVE-2019-19583	An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. network low complexity xen fedoraproject opensuse debian	7.5
2019-12-11	CVE-2019-19578	Incorrect Calculation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. local low complexity xen fedoraproject CWE-682	8.8