Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-27	CVE-2016-1000110	Open Redirect vulnerability in multiple products The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. network low complexity python debian fedoraproject CWE-601	6.1
2019-11-27	CVE-2019-10195	Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. network low complexity freeipa fedoraproject CWE-532	6.5
2019-11-26	CVE-2019-18678	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-444	5.3
2019-11-26	CVE-2019-18677	Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). network low complexity squid-cache canonical fedoraproject CWE-352	6.1
2019-11-25	CVE-2012-5644	Information Exposure vulnerability in multiple products libuser has information disclosure when moving user's home directory local low complexity libuser-project fedoraproject redhat debian CWE-200	5.5
2019-11-25	CVE-2012-5630	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. local high complexity libuser-project fedoraproject redhat CWE-367	6.3
2019-11-25	CVE-2019-14891	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. network high complexity kubernetes fedoraproject redhat CWE-754	5.0
2019-11-22	CVE-2015-7810	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files local high complexity videolan redhat fedoraproject debian CWE-367	4.7
2019-11-21	CVE-2019-19221	Out-of-bounds Read vulnerability in multiple products In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. local low complexity libarchive debian fedoraproject canonical CWE-125	5.5
2019-11-21	CVE-2015-2793	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. network low complexity ikiwiki fedoraproject CWE-79	6.1