Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-24	CVE-2019-19923	NULL Pointer Dereference vulnerability in multiple products flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-476	7.5
2019-12-24	CVE-2019-19953	Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. network low complexity graphicsmagick debian opensuse CWE-125 critical	9.1
2019-12-24	CVE-2019-19951	Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. network low complexity graphicsmagick debian opensuse CWE-787 critical	9.8
2019-12-24	CVE-2019-19950	Use After Free vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. network low complexity graphicsmagick debian opensuse CWE-416 critical	9.8
2019-12-24	CVE-2019-19949	Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. network low complexity imagemagick debian opensuse canonical CWE-125 critical	9.1
2019-12-24	CVE-2019-19948	Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. network low complexity imagemagick debian opensuse canonical CWE-787 critical	9.8
2019-12-23	CVE-2019-12418	When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. local high complexity apache debian oracle canonical opensuse netapp	7.0
2019-12-23	CVE-2019-17563	Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. network high complexity apache debian opensuse canonical oracle CWE-384	7.5
2019-12-23	CVE-2019-18391	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. local low complexity virglrenderer-project redhat opensuse debian CWE-787	5.5
2019-12-23	CVE-2019-18390	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. local low complexity virglrenderer-project redhat opensuse debian CWE-125	7.1