Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-04	CVE-2019-15718	In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. local low complexity systemd-project fedoraproject redhat	4.4
2019-08-29	CVE-2019-15807	Memory Leak vulnerability in multiple products In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. local high complexity linux redhat debian CWE-401	4.7
2019-08-29	CVE-2019-11250	Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. network low complexity kubernetes redhat CWE-532	6.5
2019-08-29	CVE-2019-11249	Path Traversal vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. network low complexity kubernetes redhat CWE-22	6.5
2019-08-28	CVE-2019-10383	Cross-site Scripting vulnerability in multiple products A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. network low complexity jenkins oracle redhat CWE-79	4.8
2019-08-23	CVE-2019-12400	Improper Input Validation vulnerability in multiple products In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. local low complexity apache redhat oracle CWE-20	5.5
2019-08-15	CVE-2019-10140	A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. local low complexity linux redhat	5.5
2019-08-13	CVE-2019-9516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs CWE-770	6.5
2019-08-09	CVE-2019-14433	Information Exposure Through an Error Message vulnerability in multiple products An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. network low complexity openstack canonical redhat debian CWE-209	6.5
2019-08-02	CVE-2019-10176	Unspecified vulnerability in Redhat Openshift Container Platform 3.11/4.1 A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. network low complexity redhat	5.4