Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-27	CVE-2019-9371	Improper Input Validation vulnerability in multiple products In libvpx, there is a possible resource exhaustion due to improper input validation. network low complexity google opensuse fedoraproject debian canonical CWE-20	6.5
2019-09-27	CVE-2019-9325	Out-of-bounds Read vulnerability in multiple products In libvpx, there is a possible out of bounds read due to a missing bounds check. network low complexity google canonical fedoraproject opensuse debian CWE-125	6.5
2019-09-26	CVE-2019-10092	Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. network low complexity apache opensuse debian redhat fedoraproject canonical netapp oracle CWE-79	6.1
2019-09-26	CVE-2019-16910	Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. network high complexity arm fedoraproject debian	5.3
2019-09-26	CVE-2019-16738	Missing Authorization vulnerability in multiple products In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. network low complexity mediawiki fedoraproject debian CWE-862	5.3
2019-09-25	CVE-2019-16892	In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. local low complexity rubyzip-project fedoraproject redhat	5.5
2019-09-24	CVE-2019-5094	Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. local low complexity e2fsprogs-project debian fedoraproject canonical netapp CWE-787	6.7
2019-09-23	CVE-2019-16707	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. network low complexity hunspell-project fedoraproject CWE-119	6.5
2019-09-19	CVE-2019-11779	Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. network low complexity eclipse canonical opensuse fedoraproject debian CWE-674	6.5
2019-09-13	CVE-2019-12922	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. network low complexity phpmyadmin fedoraproject CWE-352	6.5