Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-29	CVE-2019-19451	Infinite Loop vulnerability in multiple products When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. local low complexity gnome fedoraproject opensuse CWE-835	5.5
2019-11-27	CVE-2019-18660	Information Exposure vulnerability in multiple products The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. local high complexity linux redhat canonical fedoraproject opensuse CWE-200	4.7
2019-11-27	CVE-2016-1000110	Open Redirect vulnerability in multiple products The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. network low complexity python debian fedoraproject CWE-601	6.1
2019-11-27	CVE-2019-10195	Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. network low complexity freeipa fedoraproject CWE-532	6.5
2019-11-26	CVE-2019-18678	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-444	5.3
2019-11-26	CVE-2019-18677	Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). network low complexity squid-cache canonical fedoraproject CWE-352	6.1
2019-11-25	CVE-2012-5644	Information Exposure vulnerability in multiple products libuser has information disclosure when moving user's home directory local low complexity libuser-project debian fedoraproject redhat CWE-200	4.9
2019-11-25	CVE-2012-5535	Information Exposure vulnerability in multiple products gnome-system-log polkit policy allows arbitrary files on the system to be read network low complexity gnome fedoraproject CWE-200	5.0
2019-11-25	CVE-2019-14891	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. network kubernetes fedoraproject redhat CWE-754	6.0
2019-11-21	CVE-2019-19221	Out-of-bounds Read vulnerability in multiple products In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. local low complexity libarchive debian fedoraproject canonical CWE-125	5.5