Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-31	CVE-2019-6109	Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. network high complexity openbsd winscp canonical debian netapp fedoraproject redhat siemens fujitsu CWE-116	6.8
2019-01-30	CVE-2018-17189	Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. network low complexity apache netapp fedoraproject debian oracle canonical redhat CWE-400	5.3
2019-01-22	CVE-2018-6445	A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. network low complexity brocade netapp	5.0
2019-01-22	CVE-2018-6443	Credentials Management vulnerability in multiple products A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. network brocade netapp CWE-255	4.3
2019-01-16	CVE-2018-5740	Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. network low complexity isc redhat debian netapp canonical hp opensuse CWE-617	5.0
2019-01-16	CVE-2018-5737	Reachable Assertion vulnerability in multiple products A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. network low complexity isc netapp CWE-617	5.0
2019-01-16	CVE-2018-5734	Reachable Assertion vulnerability in multiple products While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. network low complexity isc netapp CWE-617	5.0
2019-01-16	CVE-2017-3140	Resource Exhaustion vulnerability in multiple products If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. network isc netapp CWE-400	4.3
2019-01-16	CVE-2017-3137	Reachable Assertion vulnerability in multiple products Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. network low complexity isc redhat netapp debian CWE-617	5.0
2019-01-16	CVE-2017-3136	Reachable Assertion vulnerability in multiple products A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. network isc redhat netapp debian CWE-617	4.3