Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-13	CVE-2019-19547	Cross-site Scripting vulnerability in multiple products Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. network low complexity symantec fedoraproject CWE-79	6.1
2020-01-09	CVE-2020-6750	GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. network high complexity gnome fedoraproject	5.9
2020-01-08	CVE-2019-5188	Out-of-bounds Write vulnerability in multiple products A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. local low complexity e2fsprogs-project fedoraproject debian canonical opensuse netapp CWE-787	6.7
2020-01-03	CVE-2012-4451	Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. network low complexity zend fedoraproject redhat CWE-79	6.1
2020-01-02	CVE-2013-4752	Cross-site Scripting vulnerability in multiple products Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. network low complexity sensiolabs fedoraproject CWE-79	6.1
2019-12-30	CVE-2012-5474	Missing Encryption of Sensitive Data vulnerability in multiple products The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. local low complexity redhat openstack debian fedoraproject CWE-311	5.5
2019-12-30	CVE-2019-20093	NULL Pointer Dereference vulnerability in multiple products The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. local low complexity podofo-project fedoraproject CWE-476	5.5
2019-12-27	CVE-2019-20051	Incorrect Calculation vulnerability in multiple products A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. local low complexity upx-project fedoraproject CWE-682	5.5
2019-12-27	CVE-2019-20021	Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. local low complexity upx-project fedoraproject CWE-125	5.5
2019-12-23	CVE-2019-11050	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical fedoraproject opensuse tenable CWE-125	6.5