Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-13	CVE-2014-2387	Exposure of Resource to Wrong Sphere vulnerability in multiple products Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities local low complexity pen-project opensuse debian CWE-668	4.6
2019-12-11	CVE-2013-7370	Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware network redhat sencha opensuse debian CWE-79	4.3
2019-12-03	CVE-2016-1000104	Improper Input Validation vulnerability in multiple products A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. network low complexity apache opensuse CWE-20	6.5
2019-11-27	CVE-2013-2625	Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. network low complexity otrs debian opensuse CWE-269	6.4
2019-11-14	CVE-2011-1588	Use of Externally-Controlled Format String vulnerability in multiple products Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. network xfce opensuse debian CWE-134	6.8
2019-11-14	CVE-2011-1145	Classic Buffer Overflow vulnerability in multiple products The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. local low complexity unixodbc debian opensuse redhat CWE-120	4.6
2019-11-13	CVE-2010-4661	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. local low complexity udisks-project debian fedoraproject opensuse redhat CWE-434	4.6
2019-11-04	CVE-2017-5333	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. network icoutils-project redhat canonical debian opensuse CWE-190	6.8
2019-11-04	CVE-2017-5332	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. network icoutils-project redhat canonical debian opensuse CWE-119	6.8
2019-11-04	CVE-2017-5331	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. local low complexity icoutils-project canonical debian opensuse CWE-190	4.6