High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-26	CVE-2019-16255	Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. network high complexity ruby-lang debian opensuse oracle CWE-94	8.1
2019-11-25	CVE-2019-13720	Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse CWE-416	8.8
2019-11-19	CVE-2019-18934	OS Command Injection vulnerability in multiple products Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. network low complexity nlnetlabs fedoraproject opensuse CWE-78	7.3
2019-11-18	CVE-2019-19060	Memory Leak vulnerability in multiple products A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. network low complexity linux netapp broadcom canonical opensuse CWE-401	7.5
2019-11-18	CVE-2019-19052	Memory Leak vulnerability in multiple products A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. network low complexity linux debian canonical opensuse oracle netapp broadcom CWE-401	7.5
2019-11-18	CVE-2019-19049	Memory Leak vulnerability in multiple products A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. network low complexity linux opensuse CWE-401	7.5
2019-11-15	CVE-2019-14869	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. network low complexity artifex fedoraproject opensuse CWE-732	8.8
2019-11-07	CVE-2019-18804	NULL Pointer Dereference vulnerability in multiple products DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. network low complexity djvulibre-project debian fedoraproject canonical opensuse CWE-476	7.5
2019-11-04	CVE-2017-5333	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. local low complexity icoutils-project redhat canonical debian opensuse CWE-190	7.8
2019-11-04	CVE-2017-5332	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. local low complexity icoutils-project redhat canonical debian opensuse CWE-119	7.8