Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-11	CVE-2019-16229	NULL Pointer Dereference vulnerability in multiple products drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. local high complexity linux redhat canonical CWE-476	4.1
2019-09-04	CVE-2019-6648	Information Exposure Through Log Files vulnerability in multiple products On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. local low complexity f5 redhat CWE-532	4.4
2019-09-04	CVE-2019-15718	In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. local low complexity systemd-project fedoraproject redhat	4.4
2019-08-29	CVE-2019-15807	Memory Leak vulnerability in multiple products In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. local high complexity linux redhat debian CWE-401	4.7
2019-08-29	CVE-2019-11250	Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. network low complexity kubernetes redhat CWE-532	6.5
2019-08-29	CVE-2019-11249	Path Traversal vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. network low complexity kubernetes redhat CWE-22	6.5
2019-08-28	CVE-2019-10383	Cross-site Scripting vulnerability in multiple products A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. network low complexity jenkins oracle redhat CWE-79	4.8
2019-08-23	CVE-2019-12400	Improper Input Validation vulnerability in multiple products In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. local low complexity apache redhat oracle CWE-20	5.5
2019-08-15	CVE-2019-10140	A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. local low complexity linux redhat	5.5
2019-08-13	CVE-2019-9516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs CWE-770	6.5