Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-16	CVE-2019-2894	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). network high complexity oracle debian opensuse mcafee canonical	3.7
2019-10-14	CVE-2019-17595	Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. network gnu opensuse CWE-125	5.8
2019-10-14	CVE-2019-17594	Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. local low complexity gnu opensuse CWE-125	4.6
2019-10-14	CVE-2019-17545	Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. network low complexity osgeo oracle debian fedoraproject opensuse CWE-415 critical	9.8
2019-10-10	CVE-2019-17455	Out-of-bounds Read vulnerability in multiple products Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. network low complexity nongnu debian canonical fedoraproject opensuse CWE-125 critical	9.8
2019-10-10	CVE-2019-17451	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. network low complexity gnu opensuse canonical CWE-190	6.5
2019-10-10	CVE-2019-17450	Uncontrolled Recursion vulnerability in multiple products find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. network low complexity gnu opensuse canonical CWE-674	6.5
2019-10-08	CVE-2019-14846	Improper Output Neutralization for Logs vulnerability in multiple products In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. local low complexity redhat debian opensuse CWE-117	2.1
2019-10-07	CVE-2019-17042	Improper Input Validation vulnerability in multiple products An issue was discovered in Rsyslog v8.1908.0. network low complexity rsyslog fedoraproject debian opensuse CWE-20 critical	9.8
2019-10-07	CVE-2019-17041	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Rsyslog v8.1908.0. network low complexity rsyslog debian fedoraproject opensuse CWE-787 critical	9.8