High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-12	CVE-2017-18640	XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. network low complexity snakeyaml-project fedoraproject quarkus oracle CWE-776	7.5
2019-12-11	CVE-2019-19583	An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. network low complexity xen fedoraproject opensuse debian	7.5
2019-12-11	CVE-2019-19578	Incorrect Calculation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. local low complexity xen fedoraproject CWE-682	8.8
2019-12-11	CVE-2019-19577	Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. low complexity xen fedoraproject CWE-662	7.2
2019-12-11	CVE-2019-19604	Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. local low complexity git-scm debian fedoraproject opensuse CWE-862	7.8
2019-12-10	CVE-2019-14889	OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. network low complexity libssh canonical opensuse fedoraproject debian oracle CWE-78	8.8
2019-12-10	CVE-2019-13764	Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject suse opensuse redhat CWE-843	8.8
2019-12-10	CVE-2019-13747	Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject redhat CWE-908	8.8
2019-12-10	CVE-2019-13741	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. network low complexity google debian fedoraproject redhat CWE-79	8.8
2019-12-10	CVE-2019-13736	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. network low complexity google debian fedoraproject redhat CWE-190	8.8