| 2019-12-11 | CVE-2013-7371 | Cross-site Scripting vulnerability in multiple products
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | 6.1 |
| 2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 6.1 |
| 2019-12-11 | CVE-2013-4158 | Cross-site Scripting vulnerability in multiple products
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | 6.1 |
| 2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
| 2019-12-10 | CVE-2019-14870 | Improper Authentication vulnerability in multiple products
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. | 5.4 |
| 2019-12-10 | CVE-2019-14861 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. | 5.3 |
| 2019-12-10 | CVE-2019-13763 | Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 4.3 |
| 2019-12-10 | CVE-2019-13761 | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
| 2019-12-10 | CVE-2019-13759 | Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 4.3 |
| 2019-12-10 | CVE-2019-13758 | Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |