Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-23	CVE-2019-18389	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. local low complexity virglrenderer-project redhat opensuse debian CWE-787	7.8
2019-12-23	CVE-2019-18388	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. local low complexity virglrenderer-project opensuse debian CWE-476	5.5
2019-12-23	CVE-2019-11050	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical fedoraproject opensuse tenable CWE-125	6.5
2019-12-23	CVE-2019-11046	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. network low complexity php debian fedoraproject opensuse canonical tenable CWE-125	5.3
2019-12-23	CVE-2019-11045	Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. network high complexity php fedoraproject debian opensuse canonical tenable CWE-74	5.9
2019-12-23	CVE-2019-19926	NULL Pointer Dereference vulnerability in multiple products multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. network low complexity sqlite siemens oracle debian redhat opensuse suse netapp CWE-476	7.5
2019-12-20	CVE-2019-19918	Out-of-bounds Write vulnerability in multiple products Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. local low complexity lout-project opensuse fedoraproject CWE-787	7.8
2019-12-20	CVE-2019-19917	Classic Buffer Overflow vulnerability in multiple products Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. local low complexity lout-project opensuse fedoraproject CWE-120	7.8
2019-12-20	CVE-2019-17571	Deserialization of Untrusted Data vulnerability in multiple products Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. network low complexity apache debian canonical opensuse netapp oracle CWE-502 critical	9.8
2019-12-18	CVE-2019-16782	Information Exposure Through Discrepancy vulnerability in multiple products There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). network high complexity rack-project fedoraproject opensuse CWE-203	5.9