Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-08 | CVE-2019-17022 | Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. | 6.1 |
| 2020-01-08 | CVE-2019-17020 | XXE vulnerability in multiple products If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. | 6.5 |
| 2020-01-08 | CVE-2019-17016 | Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. | 6.1 |
| 2020-01-08 | CVE-2019-11763 | Cross-site Scripting vulnerability in multiple products Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. | 6.1 |
| 2020-01-08 | CVE-2019-11762 | Origin Validation Error vulnerability in multiple products If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. | 6.1 |
| 2020-01-08 | CVE-2019-11761 | Missing Authorization vulnerability in multiple products By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. | 5.4 |
| 2020-01-08 | CVE-2019-5188 | Out-of-bounds Write vulnerability in multiple products A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. | 6.7 |
| 2019-12-30 | CVE-2019-20096 | Memory Leak vulnerability in multiple products In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | 5.5 |
| 2019-12-26 | CVE-2012-2736 | Missing Authentication for Critical Function vulnerability in multiple products In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | 4.4 |
| 2019-12-25 | CVE-2019-19965 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | 4.7 |