Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2019-04-10	CVE-2019-1003050	Cross-site Scripting vulnerability in multiple products The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. network low complexity jenkins oracle redhat CWE-79	5.4
2019-03-07	CVE-2019-3778	Open Redirect vulnerability in multiple products Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. network low complexity pivotal-software oracle CWE-601	6.5
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-04	CVE-2019-7317	Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. network high complexity libpng debian canonical oracle hpe hp mozilla opensuse netapp redhat CWE-416	5.3
2019-01-30	CVE-2018-17189	Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. network low complexity apache netapp fedoraproject debian oracle canonical redhat CWE-400	5.3
2019-01-16	CVE-2019-2556	Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). local low complexity oracle	6.5
2019-01-16	CVE-2019-2555	Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). local low complexity oracle	6.5
2019-01-16	CVE-2019-2554	Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). local low complexity oracle	6.5
2019-01-16	CVE-2019-2550	Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). network low complexity oracle	4.3