Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-18	CVE-2019-16782	Information Exposure Through Discrepancy vulnerability in multiple products There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). network high complexity rack-project fedoraproject opensuse CWE-203	5.9
2019-12-17	CVE-2019-3996	Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. network low complexity elog-project fedoraproject CWE-610	6.5
2019-12-16	CVE-2019-19783	Improper Privilege Management vulnerability in multiple products An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. network low complexity cyrus debian fedoraproject canonical CWE-269	6.5
2019-12-15	CVE-2019-19797	Out-of-bounds Write vulnerability in multiple products read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. local low complexity xfig-project fedoraproject debian CWE-787	5.5
2019-12-13	CVE-2019-19722	NULL Pointer Dereference vulnerability in multiple products In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. network low complexity dovecot fedoraproject CWE-476	5.3
2019-12-13	CVE-2019-16777	Improper Privilege Management vulnerability in multiple products Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. network low complexity npmjs opensuse oracle fedoraproject redhat CWE-269	6.5
2019-12-13	CVE-2019-16775	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. network low complexity redhat npmjs opensuse oracle fedoraproject	6.5
2019-12-12	CVE-2019-19769	Use After Free vulnerability in multiple products In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). local low complexity linux fedoraproject CWE-416	6.7
2019-12-12	CVE-2019-19746	Integer Overflow or Wraparound vulnerability in multiple products make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. local low complexity fig2dev-project fedoraproject CWE-190	5.5
2019-12-11	CVE-2019-19582	Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. local low complexity xen fedoraproject CWE-835	6.5