Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-11	CVE-2019-16232	NULL Pointer Dereference vulnerability in multiple products drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. local high complexity linux canonical opensuse fedoraproject CWE-476	4.1
2019-09-09	CVE-2019-16168	Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." network low complexity sqlite netapp canonical fedoraproject debian tenable oracle mcafee CWE-369	6.5
2019-09-09	CVE-2019-16167	Integer Overflow or Wraparound vulnerability in multiple products sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. local low complexity sysstat-project fedoraproject opensuse canonical debian CWE-190	5.5
2019-09-05	CVE-2019-15946	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. high complexity opensc-project debian fedoraproject CWE-119	6.4
2019-09-05	CVE-2019-15945	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. high complexity opensc-project debian fedoraproject CWE-119	6.4
2019-09-04	CVE-2019-15718	In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. local low complexity systemd-project fedoraproject redhat	4.4
2019-08-23	CVE-2019-15531	Out-of-bounds Read vulnerability in multiple products GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. network low complexity gnu debian fedoraproject CWE-125	6.5
2019-08-18	CVE-2019-15145	Out-of-bounds Read vulnerability in multiple products DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. local low complexity djvulibre-project debian fedoraproject canonical opensuse CWE-125	5.5
2019-08-18	CVE-2019-15144	Uncontrolled Recursion vulnerability in multiple products In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. local low complexity djvulibre-project debian fedoraproject canonical opensuse CWE-674	5.5
2019-08-18	CVE-2019-15143	Infinite Loop vulnerability in multiple products In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. local low complexity djvulibre-project debian fedoraproject canonical opensuse CWE-835	5.5