High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-31	CVE-2019-18421	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. network high complexity xen debian fedoraproject opensuse CWE-362	7.5
2019-10-24	CVE-2019-17596	Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. network low complexity golang debian fedoraproject redhat opensuse arista CWE-436	7.5
2019-10-21	CVE-2019-17498	Integer Overflow or Wraparound vulnerability in multiple products In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. network low complexity libssh2 fedoraproject opensuse debian netapp CWE-190	8.1
2019-10-21	CVE-2019-18218	Out-of-bounds Write vulnerability in multiple products cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). local low complexity file-project debian opensuse netapp fedoraproject canonical CWE-787	7.8
2019-10-17	CVE-2019-14287	Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. network low complexity sudo-project fedoraproject debian opensuse canonical netapp redhat CWE-755	8.8
2019-10-14	CVE-2019-17592	Resource Exhaustion vulnerability in multiple products The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. network low complexity csv-parse-project fedoraproject CWE-400	7.5
2019-10-04	CVE-2019-16865	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 6.2.0. network low complexity python fedoraproject CWE-770	7.5
2019-10-03	CVE-2019-15166	Classic Buffer Overflow vulnerability in multiple products lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. network low complexity tcpdump apple debian fedoraproject opensuse redhat netapp canonical CWE-120	7.5
2019-10-03	CVE-2018-16451	Out-of-bounds Read vulnerability in multiple products The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. network low complexity tcpdump redhat debian opensuse fedoraproject apple CWE-125	7.5
2019-10-03	CVE-2018-16230	Out-of-bounds Read vulnerability in multiple products The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). network low complexity tcpdump redhat debian opensuse fedoraproject apple CWE-125	7.5