15.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-25	CVE-2019-3835	Missing Authorization vulnerability in multiple products It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. local low complexity artifex redhat fedoraproject debian opensuse CWE-862	5.5
2019-03-25	CVE-2019-3863	Out-of-bounds Write vulnerability in multiple products A flaw was found in libssh2 before 1.8.1. network low complexity libssh2 debian netapp opensuse redhat CWE-787	8.8
2019-03-23	CVE-2019-9948	Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. network low complexity python opensuse debian fedoraproject canonical redhat CWE-22 critical	9.1
2019-03-22	CVE-2019-9923	NULL Pointer Dereference vulnerability in multiple products pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. network low complexity gnu opensuse CWE-476	7.5
2019-03-21	CVE-2019-3858	Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. network low complexity libssh2 fedoraproject debian netapp opensuse CWE-125 critical	9.1
2019-03-21	CVE-2019-9898	Use of Insufficiently Random Values vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. network low complexity putty fedoraproject debian opensuse netapp CWE-330 critical	9.8
2019-03-21	CVE-2019-9897	Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. network low complexity putty fedoraproject debian netapp opensuse	7.5
2019-03-21	CVE-2019-9896	Uncontrolled Search Path Element vulnerability in multiple products In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. local low complexity putty opensuse CWE-427	7.8
2019-03-21	CVE-2019-9894	Key Management Errors vulnerability in multiple products A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. network low complexity putty fedoraproject debian netapp opensuse CWE-320	7.5
2019-03-21	CVE-2019-8934	Exposure of Resource to Wrong Sphere vulnerability in multiple products hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. local low complexity qemu opensuse CWE-668	3.3