Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-06	CVE-2019-10218	Path Traversal vulnerability in multiple products A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. network low complexity samba fedoraproject CWE-22	6.5
2019-11-05	CVE-2013-5123	Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. network high complexity pypa virtualenv fedoraproject redhat debian CWE-287	5.9
2019-11-01	CVE-2013-4168	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. network low complexity smokeping debian fedoraproject CWE-79	6.1
2019-10-31	CVE-2013-1931	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. network low complexity mantisbt fedoraproject CWE-79	6.1
2019-10-31	CVE-2013-1930	Improper Input Validation vulnerability in multiple products MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. network low complexity mantisbt fedoraproject CWE-20	4.3
2019-10-31	CVE-2019-18424	OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. low complexity xen debian fedoraproject opensuse CWE-78	6.8
2019-10-31	CVE-2019-18420	Use of Externally-Controlled Format String vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. network low complexity xen debian fedoraproject CWE-134	6.5
2019-10-22	CVE-2019-15587	Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. network low complexity loofah-project fedoraproject canonical debian CWE-79	5.4
2019-10-16	CVE-2019-3018	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). network high complexity oracle canonical fedoraproject netapp	4.4
2019-10-16	CVE-2019-3011	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). network low complexity oracle canonical fedoraproject netapp	6.5