Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-05	CVE-2012-1114	Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. network low complexity ldap-account-manager fedoraproject debian CWE-79	6.1
2019-12-05	CVE-2012-1105	Information Exposure vulnerability in multiple products An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. local low complexity apereo fedoraproject debian CWE-200	5.5
2019-12-04	CVE-2019-19579	Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. low complexity xen fedoraproject CWE-20	6.8
2019-12-03	CVE-2013-4411	Incorrect Authorization vulnerability in multiple products Review Board: URL processing gives unauthorized users access to review lists network low complexity reviewboard fedoraproject CWE-863	4.3
2019-12-03	CVE-2013-4235	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees local high complexity debian fedoraproject redhat CWE-367	4.7
2019-12-02	CVE-2019-19118	Incorrect Default Permissions vulnerability in multiple products Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. network low complexity djangoproject fedoraproject CWE-276	6.5
2019-12-01	CVE-2019-19479	Out-of-bounds Read vulnerability in multiple products An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. local low complexity opensc-project debian fedoraproject CWE-125	5.5
2019-11-30	CVE-2019-19269	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. network low complexity proftpd fedoraproject debian CWE-476	4.9
2019-11-29	CVE-2019-19451	Infinite Loop vulnerability in multiple products When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. local low complexity gnome fedoraproject opensuse CWE-835	5.5
2019-11-27	CVE-2019-18660	Information Exposure vulnerability in multiple products The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. local high complexity linux redhat canonical fedoraproject opensuse CWE-200	4.7