High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-23	CVE-2019-0223	While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1.1.0. network high complexity apache redhat	7.4
2019-04-22	CVE-2019-11235	Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. network low complexity freeradius fedoraproject redhat canonical opensuse CWE-345	7.5
2019-04-18	CVE-2018-16877	A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat	7.8
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8
2019-03-14	CVE-2019-3816	Path Traversal vulnerability in multiple products Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. network low complexity openwsman-project redhat fedoraproject opensuse CWE-22	7.5
2019-02-20	CVE-2019-7164	SQL Injection vulnerability in multiple products SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. network low complexity sqlalchemy debian opensuse redhat oracle CWE-89	7.5
2019-02-15	CVE-2019-6974	Use After Free vulnerability in multiple products In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. network high complexity linux debian canonical f5 redhat CWE-416	8.1
2019-02-03	CVE-2019-7310	Incorrect Conversion between Numeric Types vulnerability in multiple products In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. local low complexity freedesktop canonical debian fedoraproject redhat CWE-681	7.8
2019-01-16	CVE-2019-2534	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). network low complexity oracle canonical netapp redhat	7.1
2018-09-25	CVE-2018-14633	Stack-based Buffer Overflow vulnerability in multiple products A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. network high complexity linux debian canonical redhat CWE-121	7.0