High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-07	CVE-2019-14744	OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. local low complexity kde debian fedoraproject opensuse canonical redhat CWE-78	7.8
2019-08-02	CVE-2019-10171	Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. network low complexity fedoraproject redhat CWE-770	7.5
2019-08-01	CVE-2019-14494	Divide By Zero vulnerability in multiple products An issue was discovered in Poppler through 0.78.0. network low complexity freedesktop canonical fedoraproject debian redhat CWE-369	7.5
2019-08-01	CVE-2018-10899	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Jolokia versions from 1.2 to before 1.6.1. network low complexity jolokia redhat CWE-352	8.8
2019-08-01	CVE-2014-8183	Improper Access Control vulnerability in multiple products It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. network low complexity theforeman redhat CWE-284	7.4
2019-07-31	CVE-2019-10356	A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. network low complexity jenkins redhat	8.8
2019-07-31	CVE-2019-10355	Incorrect Type Conversion or Cast vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. network low complexity jenkins redhat CWE-704	8.8
2019-07-30	CVE-2019-10161	Missing Authorization vulnerability in multiple products It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. local low complexity redhat canonical CWE-862	7.8
2019-07-30	CVE-2018-16871	NULL Pointer Dereference vulnerability in multiple products A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. network low complexity linux redhat netapp CWE-476	7.5
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5