15.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-01	CVE-2019-17069	Use After Free vulnerability in multiple products PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. network low complexity putty opensuse netapp CWE-416	7.5
2019-10-01	CVE-2019-17068	Injection vulnerability in multiple products PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. network low complexity putty opensuse CWE-74	5.0
2019-10-01	CVE-2019-17055	Missing Authorization vulnerability in multiple products base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. local low complexity linux debian fedoraproject canonical opensuse redhat CWE-862	3.3
2019-09-30	CVE-2019-16276	HTTP Request Smuggling vulnerability in multiple products Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. network low complexity golang debian opensuse fedoraproject redhat netapp CWE-444	7.5
2019-09-30	CVE-2019-16995	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. network low complexity linux opensuse netapp CWE-772	7.8
2019-09-27	CVE-2019-11740	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. network mozilla canonical opensuse CWE-787	6.8
2019-09-27	CVE-2019-11738	If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. network mozilla opensuse	6.8
2019-09-27	CVE-2019-11735	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. network mozilla opensuse CWE-787	6.8
2019-09-26	CVE-2019-10092	Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. network low complexity apache opensuse debian redhat fedoraproject canonical netapp oracle CWE-79	6.1
2019-09-25	CVE-2019-16884	Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. network low complexity linuxfoundation docker fedoraproject opensuse redhat canonical CWE-863	7.5