High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-11	CVE-2019-10192	Out-of-bounds Write vulnerability in multiple products A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. network low complexity redislabs redhat debian canonical oracle CWE-787	7.2
2019-07-10	CVE-2018-14550	Out-of-bounds Write vulnerability in multiple products An issue has been found in third-party PNM decoding associated with libpng 1.6.35. network low complexity libpng oracle netapp CWE-787	8.8
2019-07-02	CVE-2019-5443	Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. local low complexity haxx oracle netapp CWE-427	7.8
2019-06-24	CVE-2018-20843	XXE vulnerability in multiple products In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). network low complexity libexpat-project canonical debian fedoraproject opensuse oracle tenable CWE-611	7.5
2019-05-28	CVE-2019-5436	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. local low complexity haxx opensuse fedoraproject debian f5 netapp oracle CWE-787	7.8
2019-05-28	CVE-2019-0188	XXE vulnerability in multiple products Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. network low complexity oracle apache CWE-611	7.5
2019-05-01	CVE-2019-0227	Server-Side Request Forgery (SSRF) vulnerability in multiple products A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. high complexity apache oracle CWE-918	7.5
2019-04-25	CVE-2019-3900	An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). network low complexity linux fedoraproject redhat debian canonical netapp oracle	7.7
2019-04-23	CVE-2019-2723	Integer Overflow or Wraparound vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). local low complexity oracle CWE-190	8.8
2019-04-23	CVE-2019-2722	Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). local low complexity oracle	8.8