Backports

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-08	CVE-2020-6610	Allocation of Resources Without Limits or Throttling vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. network low complexity gnu opensuse CWE-770	6.5
2019-12-27	CVE-2019-20053	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. local low complexity upx-project opensuse CWE-119	5.5
2019-12-24	CVE-2019-19953	Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. network low complexity graphicsmagick debian opensuse CWE-125 critical	9.1
2019-12-24	CVE-2019-19951	Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. network low complexity graphicsmagick debian opensuse CWE-787 critical	9.8
2019-12-24	CVE-2019-19950	Use After Free vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. network low complexity graphicsmagick debian opensuse CWE-416 critical	9.8
2019-12-10	CVE-2019-13730	Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject novell opensuse redhat CWE-843	8.8
2019-12-03	CVE-2019-5163	Missing Authentication for Critical Function vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. network low complexity shadowsocks opensuse CWE-306	7.5
2019-11-25	CVE-2019-13723	Use After Free vulnerability in multiple products Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject opensuse redhat CWE-416	8.8
2019-11-25	CVE-2019-13713	Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google opensuse	6.5
2019-11-25	CVE-2019-13711	Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google opensuse	5.3