Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-27	CVE-2019-10195	Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. network low complexity freeipa fedoraproject CWE-532	6.5
2019-11-26	CVE-2019-18679	Information Exposure vulnerability in multiple products An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-200	7.5
2019-11-26	CVE-2019-18678	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-444	5.3
2019-11-26	CVE-2019-18677	Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). network low complexity squid-cache canonical fedoraproject CWE-352	6.1
2019-11-26	CVE-2019-18676	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical fedoraproject debian CWE-787	7.5
2019-11-26	CVE-2019-12526	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid before 4.9. network low complexity squid-cache canonical fedoraproject opensuse debian CWE-787 critical	9.8
2019-11-26	CVE-2019-12523	An issue was discovered in Squid before 4.9. network low complexity squid-cache canonical fedoraproject opensuse debian critical	9.1
2019-11-26	CVE-2019-6477	Resource Exhaustion vulnerability in multiple products With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. network low complexity isc fedoraproject CWE-400	7.5
2019-11-26	CVE-2019-19270	Improper Certificate Validation vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. network low complexity proftpd fedoraproject CWE-295	7.5
2019-11-25	CVE-2019-19246	Out-of-bounds Read vulnerability in multiple products Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. network low complexity oniguruma-project php fedoraproject canonical debian CWE-125	7.5