High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-27	CVE-2019-14812	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. local low complexity artifex fedoraproject CWE-732	7.8
2019-11-27	CVE-2019-14867	Resource Exhaustion vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. network low complexity freeipa fedoraproject CWE-400	8.8
2019-11-26	CVE-2019-18679	Information Exposure vulnerability in multiple products An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-200	7.5
2019-11-26	CVE-2019-18676	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical fedoraproject debian CWE-787	7.5
2019-11-26	CVE-2019-6477	Resource Exhaustion vulnerability in multiple products With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. network low complexity isc fedoraproject CWE-400	7.5
2019-11-26	CVE-2019-19270	Improper Certificate Validation vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. network low complexity proftpd fedoraproject CWE-295	7.5
2019-11-25	CVE-2019-19246	Out-of-bounds Read vulnerability in multiple products Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. network low complexity oniguruma-project php fedoraproject canonical debian CWE-125	7.5
2019-11-25	CVE-2019-13723	Use After Free vulnerability in multiple products Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject opensuse redhat CWE-416	8.8
2019-11-25	CVE-2012-5617	Improper Privilege Management vulnerability in multiple products gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation local low complexity gksu-polkit-project fedoraproject CWE-269	7.8
2019-11-25	CVE-2012-5535	Information Exposure vulnerability in multiple products gnome-system-log polkit policy allows arbitrary files on the system to be read network low complexity gnome fedoraproject CWE-200	7.5