Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-15	CVE-2019-19797	Out-of-bounds Write vulnerability in multiple products read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. local low complexity xfig-project fedoraproject debian CWE-787	5.5
2019-12-13	CVE-2014-2387	Exposure of Resource to Wrong Sphere vulnerability in multiple products Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities local low complexity pen-project opensuse debian CWE-668	4.4
2019-12-12	CVE-2018-11805	OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. local low complexity apache debian CWE-78	6.7
2019-12-11	CVE-2013-7371	Cross-site Scripting vulnerability in multiple products node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) network low complexity sencha debian CWE-79	6.1
2019-12-11	CVE-2013-7370	Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware network low complexity redhat sencha opensuse debian CWE-79	6.1
2019-12-11	CVE-2013-4158	Cross-site Scripting vulnerability in multiple products smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) network low complexity smokeping debian fedoraproject CWE-79	6.1
2019-12-11	CVE-2019-19709	Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. network low complexity mediawiki debian CWE-601	6.1
2019-12-10	CVE-2019-14870	Improper Authentication vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. network low complexity samba fedoraproject canonical debian opensuse CWE-287	5.4
2019-12-10	CVE-2019-14861	All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. network high complexity samba fedoraproject canonical opensuse debian	5.3
2019-12-10	CVE-2019-13763	Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. network low complexity google debian fedoraproject redhat	4.3