Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-25	CVE-2019-3863	Out-of-bounds Write vulnerability in multiple products A flaw was found in libssh2 before 1.8.1. network low complexity libssh2 debian netapp opensuse redhat CWE-787	8.8
2019-03-23	CVE-2019-9948	Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. network low complexity python opensuse debian fedoraproject canonical redhat CWE-22 critical	9.1
2019-03-22	CVE-2019-9924	Missing Authorization vulnerability in multiple products rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. local low complexity gnu debian opensuse netapp canonical CWE-862	7.2
2019-03-22	CVE-2019-9923	NULL Pointer Dereference vulnerability in multiple products pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. network low complexity gnu opensuse CWE-476	7.5
2019-03-21	CVE-2019-3858	Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. network low complexity libssh2 fedoraproject debian netapp opensuse CWE-125 critical	9.1
2019-03-21	CVE-2019-3855	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. network low complexity libssh2 fedoraproject debian netapp redhat opensuse apple oracle CWE-190	8.8
2019-03-21	CVE-2019-9898	Use of Insufficiently Random Values vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. network low complexity putty fedoraproject debian opensuse netapp CWE-330 critical	9.8
2019-03-21	CVE-2019-9897	Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. network low complexity putty fedoraproject debian netapp opensuse	7.5
2019-03-21	CVE-2019-9896	Uncontrolled Search Path Element vulnerability in multiple products In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. local low complexity putty opensuse CWE-427	4.6
2019-03-21	CVE-2019-9894	Key Management Errors vulnerability in multiple products A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. network low complexity putty fedoraproject debian netapp opensuse CWE-320	7.5