Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-14	CVE-2019-17545	Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. network low complexity osgeo oracle debian fedoraproject opensuse CWE-415 critical	9.8
2019-10-10	CVE-2019-17455	Out-of-bounds Read vulnerability in multiple products Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. network low complexity nongnu debian canonical fedoraproject opensuse CWE-125 critical	9.8
2019-10-10	CVE-2019-17451	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. network low complexity gnu opensuse canonical CWE-190	6.5
2019-10-10	CVE-2019-17450	Uncontrolled Recursion vulnerability in multiple products find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. network low complexity gnu opensuse canonical CWE-674	6.5
2019-10-08	CVE-2019-14846	In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. local low complexity redhat debian opensuse	7.8
2019-10-07	CVE-2019-17042	Improper Input Validation vulnerability in multiple products An issue was discovered in Rsyslog v8.1908.0. network low complexity rsyslog fedoraproject debian opensuse CWE-20 critical	9.8
2019-10-07	CVE-2019-17041	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Rsyslog v8.1908.0. network low complexity rsyslog debian fedoraproject opensuse CWE-787 critical	9.8
2019-10-04	CVE-2019-17178	Memory Leak vulnerability in multiple products HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. network low complexity freerdp lodev opensuse CWE-401	7.5
2019-10-04	CVE-2019-17177	Memory Leak vulnerability in multiple products libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. network low complexity freerdp opensuse CWE-401	7.5
2019-10-04	CVE-2019-17133	Classic Buffer Overflow vulnerability in multiple products In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. network low complexity linux debian canonical opensuse CWE-120 critical	9.8