Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-22	CVE-2019-18790	Missing Authorization vulnerability in multiple products An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. network low complexity digium debian CWE-862	6.5
2019-11-22	CVE-2012-0812	Cross-site Scripting vulnerability in multiple products PostfixAdmin 2.3.4 has multiple XSS vulnerabilities network low complexity postfix-admin-project debian CWE-79	6.1
2019-11-22	CVE-2015-7810	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files local high complexity videolan redhat fedoraproject debian CWE-367	4.7
2019-11-22	CVE-2015-5694	Infinite Loop vulnerability in multiple products Designate does not enforce the DNS protocol limit concerning record set sizes network low complexity openstack redhat debian CWE-835	6.5
2019-11-22	CVE-2019-10206	Insufficiently Protected Credentials vulnerability in multiple products ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. network low complexity redhat debian opensuse CWE-522	6.5
2019-11-21	CVE-2019-19221	Out-of-bounds Read vulnerability in multiple products In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. local low complexity libarchive debian fedoraproject canonical CWE-125	5.5
2019-11-21	CVE-2019-18890	SQL Injection vulnerability in multiple products A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. network low complexity redmine debian CWE-89	6.5
2019-11-21	CVE-2014-1935	Improper Input Validation vulnerability in multiple products 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. network low complexity 9base-project debian CWE-20	5.3
2019-11-21	CVE-2014-0083	Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. local low complexity net-ldap-project debian CWE-916	5.5
2019-11-21	CVE-2019-19039	Information Exposure Through Log Files vulnerability in multiple products __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. local low complexity linux debian canonical CWE-532	5.5