Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-13 | CVE-2019-16775 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. | 6.5 |
| 2019-12-12 | CVE-2019-19769 | Use After Free vulnerability in multiple products In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | 6.7 |
| 2019-12-12 | CVE-2019-19746 | Integer Overflow or Wraparound vulnerability in multiple products make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | 5.5 |
| 2019-12-12 | CVE-2017-18640 | XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 7.5 |
| 2019-12-11 | CVE-2019-19583 | An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. | 7.5 |
| 2019-12-11 | CVE-2019-19582 | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. | 6.5 |
| 2019-12-11 | CVE-2019-19581 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. | 6.5 |
| 2019-12-11 | CVE-2019-19580 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. | 6.6 |
| 2019-12-11 | CVE-2019-19578 | Incorrect Calculation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. | 8.8 |
| 2019-12-11 | CVE-2019-19577 | Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. | 7.2 |