Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-01 | CVE-2013-4168 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | 6.1 |
| 2019-10-31 | CVE-2013-1931 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | 6.1 |
| 2019-10-31 | CVE-2013-1930 | Improper Input Validation vulnerability in multiple products MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | 4.3 |
| 2019-10-31 | CVE-2019-18424 | OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. | 6.8 |
| 2019-10-31 | CVE-2019-18420 | Use of Externally-Controlled Format String vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. | 6.5 |
| 2019-10-22 | CVE-2019-15587 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 |
| 2019-10-16 | CVE-2019-3018 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |
| 2019-10-16 | CVE-2019-3011 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). | 6.5 |
| 2019-10-16 | CVE-2019-3009 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). | 4.4 |
| 2019-10-16 | CVE-2019-3004 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 6.5 |