High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-13	CVE-2010-4657	Missing Release of Resource after Effective Lifetime vulnerability in multiple products PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. network low complexity php redhat debian CWE-772	7.5
2019-11-08	CVE-2019-10222	Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. network low complexity ceph redhat fedoraproject CWE-755	7.5
2019-11-07	CVE-2008-3278	Insecure Default Initialization of Resource vulnerability in Redhat Frysk 20080805 frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. local low complexity redhat CWE-1188	7.8
2019-11-05	CVE-2010-2222	NULL Pointer Dereference vulnerability in Redhat 389 Directory Server and Directory Server The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. network low complexity redhat CWE-476	7.5
2019-11-04	CVE-2013-4374	Exposure of Resource to Wrong Sphere vulnerability in Redhat products An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. local low complexity redhat CWE-668	7.1
2019-11-04	CVE-2017-5333	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. local low complexity icoutils-project redhat canonical debian opensuse CWE-190	7.8
2019-11-04	CVE-2017-5332	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. local low complexity icoutils-project redhat canonical debian opensuse CWE-119	7.8
2019-11-04	CVE-2013-4251	Improper Privilege Management vulnerability in multiple products The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. local low complexity scipy fedoraproject redhat debian CWE-269	7.8
2019-11-04	CVE-2005-4890	Improper Input Validation vulnerability in multiple products There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". local low complexity sudo-project debian redhat CWE-20	7.8
2019-11-01	CVE-2019-6470	There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. network low complexity isc redhat opensuse	7.5