Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-30	CVE-2019-19269	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. network low complexity proftpd fedoraproject debian CWE-476	4.9
2019-11-29	CVE-2019-19451	Infinite Loop vulnerability in multiple products When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. local low complexity gnome fedoraproject opensuse CWE-835	5.5
2019-11-27	CVE-2019-18660	Information Exposure vulnerability in multiple products The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. local high complexity linux redhat canonical fedoraproject opensuse CWE-200	4.7
2019-11-27	CVE-2016-1000110	Open Redirect vulnerability in multiple products The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. network low complexity python debian fedoraproject CWE-601	6.1
2019-11-27	CVE-2019-10195	Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. network low complexity freeipa fedoraproject CWE-532	6.5
2019-11-26	CVE-2019-18678	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-444	5.3
2019-11-26	CVE-2019-18677	Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). network low complexity squid-cache canonical fedoraproject CWE-352	6.1
2019-11-25	CVE-2019-10224	Information Exposure vulnerability in Fedoraproject 389 Directory Server A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. low complexity fedoraproject CWE-200	4.6
2019-11-25	CVE-2012-5644	Information Exposure vulnerability in multiple products libuser has information disclosure when moving user's home directory local low complexity libuser-project fedoraproject redhat debian CWE-200	5.5
2019-11-25	CVE-2012-5630	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. local high complexity libuser-project fedoraproject redhat CWE-367	6.3