Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-29	CVE-2015-1855	Improper Input Validation vulnerability in multiple products verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. network high complexity ruby-lang debian puppet CWE-20	5.9
2019-11-28	CVE-2019-19318	Use After Free vulnerability in multiple products In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, local low complexity linux opensuse canonical debian netapp CWE-416	4.4
2019-11-27	CVE-2011-2515	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. local low complexity packagekit-project debian redhat CWE-732	5.3
2019-11-27	CVE-2013-2625	Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. network low complexity otrs debian opensuse CWE-269	6.5
2019-11-27	CVE-2011-2207	Improper Certificate Validation vulnerability in multiple products dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. network low complexity gnupg redhat debian CWE-295	5.3
2019-11-27	CVE-2016-1000110	Open Redirect vulnerability in multiple products The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. network low complexity python debian fedoraproject CWE-601	6.1
2019-11-26	CVE-2011-1934	Information Exposure vulnerability in multiple products lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. network low complexity lilo-project debian CWE-200	4.3
2019-11-26	CVE-2019-16254	Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. network low complexity ruby-lang debian CWE-74	5.3
2019-11-26	CVE-2019-18678	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-444	5.3
2019-11-26	CVE-2011-4350	Path Traversal vulnerability in multiple products Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. network low complexity yaws debian CWE-22	6.5