Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-19581 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled.
local
low complexity
xen fedoraproject CWE-119
6.5
6.5
2019-12-11 CVE-2019-19580 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421.
network
high complexity
xen fedoraproject CWE-362
6.6
6.6
2019-12-11 CVE-2013-4158 Cross-site Scripting vulnerability in multiple products
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)
network
low complexity
smokeping debian fedoraproject CWE-79
6.1
6.1
2019-12-10 CVE-2019-14870 Improper Authentication vulnerability in multiple products
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. 		5.4
5.4
2019-12-10 CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones.
network
high complexity
samba fedoraproject canonical opensuse debian
5.3
5.3
2019-12-10 CVE-2019-13763 Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat
4.3
4.3
2019-12-10 CVE-2019-13761 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian fedoraproject redhat
4.3
4.3
2019-12-10 CVE-2019-13759 Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat
4.3
4.3
2019-12-10 CVE-2019-13758 Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat
4.3
4.3
2019-12-10 CVE-2019-13757 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian fedoraproject redhat
4.3
4.3