Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-07	CVE-2019-15605	HTTP Request Smuggling vulnerability in multiple products HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed network low complexity nodejs debian fedoraproject opensuse redhat oracle CWE-444 critical	9.8
2019-12-06	CVE-2019-5544	Out-of-bounds Write vulnerability in multiple products OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. network low complexity vmware redhat openslp fedoraproject CWE-787 critical	9.8
2019-10-28	CVE-2019-11043	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. network low complexity php canonical debian fedoraproject tenable redhat CWE-787 critical	9.8
2019-09-06	CVE-2019-14813	Incorrect Authorization vulnerability in multiple products A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. network low complexity artifex redhat fedoraproject opensuse debian CWE-863 critical	9.8
2019-07-19	CVE-2019-1010238	Out-of-bounds Write vulnerability in multiple products Gnome Pango 1.42 and later is affected by: Buffer Overflow. network low complexity gnome oracle fedoraproject debian canonical redhat CWE-787 critical	9.8
2019-06-14	CVE-2019-10126	Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in the Linux kernel. network low complexity linux redhat canonical debian opensuse netapp CWE-122 critical	9.8
2019-06-07	CVE-2019-10160	Encoding Error vulnerability in multiple products A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. network low complexity python redhat debian opensuse fedoraproject canonical netapp CWE-172 critical	9.8
2019-06-03	CVE-2019-11356	Out-of-bounds Write vulnerability in multiple products The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. network low complexity cyrus fedoraproject debian canonical redhat CWE-787 critical	9.8
2019-05-29	CVE-2019-12450	Incorrect Default Permissions vulnerability in multiple products file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. network low complexity gnome debian redhat canonical opensuse fedoraproject CWE-276 critical	9.8
2019-03-27	CVE-2019-0160	Out-of-bounds Write vulnerability in multiple products Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. network low complexity tianocore opensuse fedoraproject redhat CWE-787 critical	9.8