High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-08	CVE-2019-11494	NULL Pointer Dereference vulnerability in multiple products In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. network low complexity dovecot fedoraproject opensuse CWE-476	7.5
2019-05-08	CVE-2019-11499	In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. network low complexity dovecot fedoraproject opensuse	7.5
2019-05-07	CVE-2019-7443	Improper Input Validation vulnerability in multiple products KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. network high complexity kde opensuse fedoraproject CWE-20	8.1
2019-04-29	CVE-2019-5429	Untrusted Search Path vulnerability in multiple products Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. local low complexity filezilla-project debian fedoraproject CWE-426	7.8
2019-04-26	CVE-2019-3843	Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. local low complexity systemd-project fedoraproject canonical netapp CWE-269	7.8
2019-04-25	CVE-2019-3900	Infinite Loop vulnerability in multiple products An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). network low complexity linux fedoraproject redhat debian canonical netapp oracle CWE-835	7.7
2019-04-22	CVE-2019-5427	XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. network low complexity mchange fedoraproject oracle CWE-776	7.5
2019-04-22	CVE-2019-11455	Out-of-bounds Read vulnerability in multiple products A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. network low complexity tildeslash debian fedoraproject canonical CWE-125	8.1
2019-04-22	CVE-2019-11412	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Artifex MuJS 1.0.5. network low complexity artifex fedoraproject CWE-670	7.5
2019-04-22	CVE-2019-11235	Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. network low complexity freeradius fedoraproject redhat canonical opensuse CWE-345	7.5