High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-07	CVE-2010-2450	Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. network low complexity shibboleth debian CWE-916	7.5
2019-11-07	CVE-2019-3465	Improper Verification of Cryptographic Signature vulnerability in multiple products Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. network low complexity xmlseclibs-project debian simplesamlphp CWE-347	8.8
2019-11-07	CVE-2012-0051	Improper Input Validation vulnerability in multiple products Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. network high complexity tahoe-lafs debian CWE-20	7.4
2019-11-07	CVE-2019-18804	NULL Pointer Dereference vulnerability in multiple products DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. network low complexity djvulibre-project debian fedoraproject canonical opensuse CWE-476	7.5
2019-11-06	CVE-2009-5045	Information Exposure vulnerability in multiple products Dump Servlet information leak in jetty before 6.1.22. network low complexity eclipse debian CWE-200	7.5
2019-11-06	CVE-2011-4625	Improper Handling of Exceptional Conditions vulnerability in multiple products simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. network low complexity simplesamlphp debian CWE-755	7.5
2019-11-06	CVE-2006-4245	Race Condition vulnerability in multiple products archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. network high complexity archivemail-project debian CWE-362	8.1
2019-11-05	CVE-2013-6364	Cross-site Scripting vulnerability in multiple products Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book network low complexity horde debian CWE-79	8.8
2019-11-04	CVE-2017-5333	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. local low complexity icoutils-project redhat canonical debian opensuse CWE-190	7.8
2019-11-04	CVE-2017-5332	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. local low complexity icoutils-project redhat canonical debian opensuse CWE-119	7.8