Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-07	CVE-2019-18808	Memory Leak vulnerability in multiple products A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. local low complexity linux fedoraproject opensuse canonical CWE-401	5.5
2019-11-06	CVE-2016-1000037	Cross-site Scripting vulnerability in multiple products Pagure: XSS possible in file attachment endpoint network low complexity redhat fedoraproject CWE-79	6.1
2019-11-06	CVE-2019-14847	NULL Pointer Dereference vulnerability in multiple products A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. network low complexity samba opensuse fedoraproject CWE-476	4.9
2019-11-06	CVE-2019-14833	Weak Password Requirements vulnerability in multiple products A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. network low complexity samba opensuse fedoraproject CWE-521	5.4
2019-11-06	CVE-2019-10218	Path Traversal vulnerability in multiple products A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. network low complexity samba fedoraproject CWE-22	6.5
2019-11-05	CVE-2013-5123	Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. network pypa virtualenv fedoraproject redhat debian CWE-287	4.3
2019-11-04	CVE-2013-4251	Improper Privilege Management vulnerability in multiple products The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. local low complexity scipy fedoraproject redhat debian CWE-269	4.6
2019-11-01	CVE-2013-4168	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. network smokeping debian fedoraproject CWE-79	4.3
2019-11-01	CVE-2013-4751	Improper Input Validation vulnerability in multiple products php-symfony2-Validator has loss of information during serialization network sensiolabs fedoraproject redhat CWE-20	4.9
2019-10-31	CVE-2013-1931	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. network mantisbt fedoraproject CWE-79	4.3