Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-12	CVE-2010-3359	Improper Input Validation vulnerability in multiple products If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. local low complexity gargoyle-project debian CWE-20	4.8
2019-11-11	CVE-2019-18849	Out-of-bounds Read vulnerability in multiple products In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. local low complexity tnef-project fedoraproject canonical debian CWE-125	5.5
2019-11-08	CVE-2019-14824	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. network low complexity fedoraproject redhat debian CWE-732	6.5
2019-11-07	CVE-2013-1811	Improper Input Validation vulnerability in multiple products An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". network low complexity mantisbt debian CWE-20	4.3
2019-11-07	CVE-2013-1429	Link Following vulnerability in multiple products Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. local low complexity debian canonical CWE-59	6.3
2019-11-07	CVE-2013-1425	Incorrect Default Permissions vulnerability in multiple products ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. local low complexity ldap-git-backup-project debian CWE-276	5.5
2019-11-07	CVE-2012-0049	Resource Exhaustion vulnerability in multiple products OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. network low complexity openttd debian fedoraproject CWE-400	4.3
2019-11-07	CVE-2019-18809	Memory Leak vulnerability in multiple products A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. low complexity linux debian canonical fedoraproject opensuse CWE-401	4.6
2019-11-06	CVE-2009-5046	Cross-site Scripting vulnerability in multiple products JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. network low complexity eclipse debian CWE-79	6.1
2019-11-06	CVE-2009-5049	Cross-site Scripting vulnerability in multiple products WebApp JSP Snoop page XSS in jetty though 6.1.21. network low complexity mortbay debian CWE-79	6.1