Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-11	CVE-2019-19580	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. network high complexity xen fedoraproject CWE-362	6.6
2019-12-11	CVE-2013-4158	Cross-site Scripting vulnerability in multiple products smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) network low complexity smokeping debian fedoraproject CWE-79	6.1
2019-12-10	CVE-2019-14870	Improper Authentication vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. network low complexity samba fedoraproject canonical debian opensuse CWE-287	5.4
2019-12-10	CVE-2019-14861	All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. network high complexity samba fedoraproject canonical opensuse debian	5.3
2019-12-10	CVE-2019-13763	Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. network low complexity google debian fedoraproject redhat	4.3
2019-12-10	CVE-2019-13761	Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity google debian fedoraproject redhat	4.3
2019-12-10	CVE-2019-13759	Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google debian fedoraproject redhat	4.3
2019-12-10	CVE-2019-13758	Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google debian fedoraproject redhat	4.3
2019-12-10	CVE-2019-13757	Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity google debian fedoraproject redhat	4.3
2019-12-10	CVE-2019-13756	Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google debian fedoraproject redhat	4.3