Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-18	CVE-2019-19880	NULL Pointer Dereference vulnerability in multiple products exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. network low complexity sqlite netapp debian suse redhat opensuse oracle siemens CWE-476	7.5
2019-12-16	CVE-2019-16779	Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. network high complexity excon-project opensuse debian CWE-362	5.9
2019-12-13	CVE-2019-16777	Improper Privilege Management vulnerability in multiple products Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-269	6.5
2019-12-13	CVE-2019-16776	Path Traversal vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-22	8.1
2019-12-13	CVE-2019-16775	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity redhat npmjs opensuse oracle fedoraproject	6.5
2019-12-12	CVE-2019-17358	Deserialization of Untrusted Data vulnerability in multiple products Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. network low complexity cacti debian opensuse CWE-502	8.1
2019-12-11	CVE-2019-19583	An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. network low complexity xen fedoraproject opensuse debian	7.5
2019-12-11	CVE-2019-19604	Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. local low complexity git-scm debian fedoraproject opensuse CWE-862	7.8
2019-12-10	CVE-2019-14889	OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. network low complexity libssh canonical opensuse fedoraproject debian oracle CWE-78	8.8
2019-12-10	CVE-2019-14870	Improper Authentication vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. network low complexity samba fedoraproject canonical debian opensuse CWE-287	5.4