Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-25	CVE-2019-19966	Use After Free vulnerability in multiple products In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. low complexity linux debian opensuse netapp CWE-416	4.6
2019-12-25	CVE-2019-19965	NULL Pointer Dereference vulnerability in multiple products In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. local linux debian canonical netapp opensuse CWE-476	1.9
2019-12-24	CVE-2019-19925	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-434	5.0
2019-12-24	CVE-2019-19923	NULL Pointer Dereference vulnerability in multiple products flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-476	5.0
2019-12-24	CVE-2019-19953	Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. network low complexity graphicsmagick debian opensuse CWE-125 critical	9.1
2019-12-24	CVE-2019-19951	Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. network low complexity graphicsmagick debian opensuse CWE-787 critical	9.8
2019-12-24	CVE-2019-19950	Use After Free vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. network low complexity graphicsmagick debian opensuse CWE-416 critical	9.8
2019-12-24	CVE-2019-19949	Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. network low complexity imagemagick debian opensuse canonical CWE-125 critical	9.1
2019-12-24	CVE-2019-19948	Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. network low complexity imagemagick debian opensuse canonical CWE-787 critical	9.8
2019-12-23	CVE-2019-12418	When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. local high complexity apache debian oracle canonical opensuse netapp	7.0