Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-08	CVE-2019-17017	Type Confusion vulnerability in Mozilla Firefox and Firefox ESR Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. network mozilla canonical debian redhat CWE-843	6.8
2020-01-08	CVE-2019-17016	Cross-site Scripting vulnerability in Mozilla Firefox and Firefox ESR When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. network mozilla debian canonical redhat CWE-79	4.3
2019-11-14	CVE-2018-12207	Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. local low complexity intel debian opensuse fedoraproject canonical f5 redhat oracle CWE-20	6.5
2019-11-14	CVE-2019-11135	TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. local low complexity opensuse fedoraproject slackware hp intel canonical debian redhat oracle	6.5
2019-11-04	CVE-2017-5333	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. network icoutils-project redhat canonical debian opensuse CWE-190	6.8
2019-11-04	CVE-2017-5332	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. network icoutils-project redhat canonical debian opensuse CWE-119	6.8
2019-10-16	CVE-2019-2999	Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). network high complexity oracle redhat netapp debian opensuse canonical	4.7
2019-09-04	CVE-2019-15718	In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. local low complexity systemd-project fedoraproject redhat	4.4
2019-08-14	CVE-2019-9506	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. low complexity google apple canonical debian opensuse redhat huawei CWE-327	4.8
2019-08-02	CVE-2019-10168	Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. local low complexity redhat CWE-22	4.6