Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-08	CVE-2019-17348	Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. local low complexity xen debian CWE-20	6.5
2019-10-08	CVE-2019-17345	An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. local low complexity xen debian	4.9
2019-10-08	CVE-2019-17344	Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. local low complexity xen debian CWE-662	4.9
2019-10-08	CVE-2019-17343	Improper Locking vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. local low complexity xen debian CWE-667	4.6
2019-10-08	CVE-2019-17340	Memory Leak vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. local low complexity xen debian CWE-401	6.1
2019-10-08	CVE-2019-17350	Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. local low complexity xen debian CWE-835	5.5
2019-10-03	CVE-2019-15165	Allocation of Resources Without Limits or Throttling vulnerability in multiple products sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. network low complexity tcpdump debian opensuse oracle apple canonical fedoraproject CWE-770	5.3
2019-09-30	CVE-2019-16993	Cross-Site Request Forgery (CSRF) vulnerability in multiple products In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. network phpbb debian CWE-352	6.8
2019-09-28	CVE-2019-16935	Cross-site Scripting vulnerability in multiple products The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. network low complexity python debian canonical CWE-79	6.1
2019-09-27	CVE-2019-9433	Improper Input Validation vulnerability in multiple products In libvpx, there is a possible information disclosure due to improper input validation. network low complexity google opensuse fedoraproject debian canonical CWE-20	6.5