High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-13	CVE-2019-16776	Path Traversal vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-22	8.1
2019-12-12	CVE-2019-17358	Deserialization of Untrusted Data vulnerability in multiple products Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. network low complexity cacti debian opensuse CWE-502	8.1
2019-12-11	CVE-2019-19583	An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. network low complexity xen fedoraproject opensuse debian	7.5
2019-12-11	CVE-2019-19604	Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. local low complexity git-scm debian fedoraproject opensuse CWE-862	7.8
2019-12-10	CVE-2019-14889	OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. network low complexity libssh canonical opensuse fedoraproject debian oracle CWE-78	8.8
2019-12-05	CVE-2019-3690	Unspecified vulnerability in Opensuse Leap 15.1 The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). local low complexity opensuse	7.8
2019-12-05	CVE-2019-19553	Missing Initialization of Resource vulnerability in multiple products In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. network low complexity wireshark opensuse oracle debian CWE-909	7.5
2019-12-03	CVE-2019-5164	Missing Authentication for Critical Function vulnerability in multiple products An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. local low complexity shadowsocks opensuse CWE-306	7.8
2019-12-03	CVE-2019-5163	Missing Authentication for Critical Function vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. network low complexity shadowsocks opensuse CWE-306	7.5
2019-12-03	CVE-2016-1000104	Improper Input Validation vulnerability in multiple products A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. network low complexity apache opensuse CWE-20	8.8