Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-20	CVE-2012-3409	Improper Input Validation vulnerability in multiple products ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation local low complexity ecryptfs debian CWE-20	4.6
2019-12-18	CVE-2019-19880	NULL Pointer Dereference vulnerability in multiple products exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. network low complexity sqlite netapp debian suse redhat opensuse oracle siemens CWE-476	5.0
2019-12-17	CVE-2012-2237	Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. network mahara debian CWE-79	4.3
2019-12-17	CVE-2019-19830	_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. network low complexity spip debian canonical	4.0
2019-12-16	CVE-2019-16779	Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. network excon-project opensuse debian CWE-362	4.3
2019-12-16	CVE-2019-19783	Improper Privilege Management vulnerability in multiple products An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. network low complexity cyrus debian fedoraproject canonical CWE-269	6.5
2019-12-15	CVE-2014-8561	Infinite Loop vulnerability in multiple products imagemagick 6.8.9.6 has remote DOS via infinite loop network imagemagick debian CWE-835	4.3
2019-12-15	CVE-2014-4913	Cross-site Scripting vulnerability in multiple products ZF2014-03 has a potential cross site scripting vector in multiple view helpers network zend debian CWE-79	4.3
2019-12-15	CVE-2019-19797	Out-of-bounds Write vulnerability in multiple products read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. local low complexity xfig-project fedoraproject debian CWE-787	5.5
2019-12-13	CVE-2014-3495	Improper Certificate Validation vulnerability in multiple products duplicity 0.6.24 has improper verification of SSL certificates network low complexity debian opensuse CWE-295	5.0