Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-19581 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. | 6.5 |
| 2019-12-11 | CVE-2019-19580 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. | 6.6 |
| 2019-12-11 | CVE-2019-19578 | Incorrect Calculation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. | 8.8 |
| 2019-12-11 | CVE-2019-19577 | Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. | 7.2 |
| 2019-12-11 | CVE-2013-4158 | Cross-site Scripting vulnerability in multiple products smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | 4.3 |
| 2019-12-11 | CVE-2019-19604 | Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | 7.8 |
| 2019-12-10 | CVE-2019-14889 | OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. | 8.8 |
| 2019-12-10 | CVE-2019-14870 | Improper Authentication vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. | 5.4 |
| 2019-12-10 | CVE-2019-14861 | Incorrect Default Permissions vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. | 5.3 |
| 2019-12-10 | CVE-2019-13764 | Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |