High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-12	CVE-2017-18640	XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. network low complexity snakeyaml-project fedoraproject quarkus oracle CWE-776	7.5
2019-12-10	CVE-2019-14889	OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. network low complexity libssh canonical opensuse fedoraproject debian oracle CWE-78	8.8
2019-12-10	CVE-2019-13734	Out-of-bounds Write vulnerability in multiple products Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject redhat canonical suse opensuse debian oracle CWE-787	8.8
2019-12-09	CVE-2019-19603	SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. network low complexity sqlite oracle siemens apache netapp	7.5
2019-12-05	CVE-2019-19553	Missing Initialization of Resource vulnerability in multiple products In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. network low complexity wireshark opensuse oracle debian CWE-909	7.5
2019-11-28	CVE-2019-18276	Improper Check for Dropped Privileges vulnerability in multiple products An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. local low complexity gnu netapp oracle CWE-273	7.8
2019-11-26	CVE-2019-16255	Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. network high complexity ruby-lang debian opensuse oracle CWE-94	8.1
2019-11-25	CVE-2019-19244	sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. network low complexity sqlite canonical oracle siemens	7.5
2019-11-25	CVE-2019-14822	Missing Authorization vulnerability in multiple products A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. local low complexity ibus-project redhat canonical oracle CWE-862	7.1
2019-11-18	CVE-2019-19052	Memory Leak vulnerability in multiple products A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. network low complexity linux debian canonical opensuse oracle netapp broadcom CWE-401	7.5