| 2019-12-11 | CVE-2013-4245 | Improper Input Validation vulnerability in multiple products
Orca has arbitrary code execution due to insecure Python module load | 4.4 |
| 2019-12-11 | CVE-2013-4158 | Cross-site Scripting vulnerability in multiple products
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | 4.3 |
| 2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
| 2019-12-10 | CVE-2019-14870 | Improper Authentication vulnerability in multiple products
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. | 5.4 |
| 2019-12-10 | CVE-2019-14861 | Incorrect Default Permissions vulnerability in multiple products
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. | 5.3 |
| 2019-12-10 | CVE-2019-13763 | Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 4.3 |
| 2019-12-10 | CVE-2019-13761 | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
| 2019-12-10 | CVE-2019-13759 | Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 4.3 |
| 2019-12-10 | CVE-2019-13758 | Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2019-12-10 | CVE-2019-13757 | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |