High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-14	CVE-2019-9772	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. network low complexity gnu opensuse CWE-476	7.5
2019-03-14	CVE-2019-9771	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. network low complexity gnu opensuse CWE-476	7.5
2019-03-14	CVE-2019-9770	Out-of-bounds Write vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. network low complexity gnu opensuse CWE-787	7.5
2019-02-11	CVE-2019-5736	OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78	8.6
2019-02-08	CVE-2019-7635	Out-of-bounds Read vulnerability in multiple products SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. network low complexity libsdl opensuse debian fedoraproject canonical CWE-125	8.1
2019-02-06	CVE-2019-7548	SQL Injection vulnerability in multiple products SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. local low complexity sqlalchemy debian opensuse redhat oracle CWE-89	7.8
2018-12-14	CVE-2018-16874	In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). network high complexity golang opensuse suse debian	8.1
2018-12-14	CVE-2018-16873	In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. network high complexity golang opensuse suse debian	8.1
2018-11-07	CVE-2018-19052	Path Traversal vulnerability in multiple products An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. network low complexity lighttpd suse opensuse debian CWE-22	7.5