High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-26	CVE-2019-9792	Out-of-bounds Write vulnerability in multiple products The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. network low complexity mozilla redhat CWE-787	7.5
2019-04-26	CVE-2019-9791	Type Confusion vulnerability in multiple products The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). network low complexity mozilla redhat CWE-843	7.5
2019-04-26	CVE-2019-9788	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. network low complexity mozilla redhat CWE-787	7.5
2019-04-25	CVE-2019-9900	Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). network low complexity envoyproxy redhat CWE-74	8.3
2019-04-25	CVE-2019-3900	Infinite Loop vulnerability in multiple products An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). network low complexity linux fedoraproject redhat debian canonical netapp oracle CWE-835	7.7
2019-04-23	CVE-2019-2602	Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle redhat opensuse canonical debian mcafee hp CWE-400	7.5
2019-04-23	CVE-2019-0223	While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1.1.0. network high complexity apache redhat	7.4
2019-04-22	CVE-2019-11235	Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. network low complexity freeradius fedoraproject redhat canonical opensuse CWE-345	7.5
2019-04-22	CVE-2019-11234	Improper Authentication vulnerability in multiple products FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. network low complexity freeradius fedoraproject redhat canonical CWE-287	7.5
2019-04-18	CVE-2018-16877	A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat	7.8