CVE List - 2019 / November
Showing 1 - 100 of 1679 CVEs for November 2019 (Page 1 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-16909 | 2019-11-01 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as... |
| CVE-2019-18636 | 2019-11-01 | A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. |
| CVE-2013-2600 | 2019-11-01 | MiniUPnPd has information disclosure use of snprintf() |
| CVE-2013-2738 | 2019-11-01 | minidlna has SQL Injection that may allow retrieval of arbitrary files |
| CVE-2013-2739 | 2019-11-01 | MiniDLNA has heap-based buffer overflow |
| CVE-2013-3718 | 2019-11-01 | evince is missing a check on number of pages which can lead to a segmentation fault |
| CVE-2013-4751 | 2019-11-01 | php-symfony2-Validator has loss of information during serialization |
| CVE-2005-3056 | 2019-11-01 | TWiki allows arbitrary shell command execution via the Include function |
| CVE-2011-3923 | 2019-11-01 | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. |
| CVE-2012-2979 | 2019-11-01 | FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. |
| CVE-2019-15588 | 2019-11-01 | There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied... |
| CVE-2019-6657 | 2019-11-01 | On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP... |
| CVE-2019-6658 | 2019-11-01 | On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. |
| CVE-2019-12752 | 2019-11-01 | The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use... |
| CVE-2013-1666 | 2019-11-01 | Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. |
| CVE-2013-2227 | 2019-11-01 | GLPI 0.83.7 has Local File Inclusion in common.tabs.php. |
| CVE-2010-3660 | 2019-11-01 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. |
| CVE-2013-4367 | 2019-11-01 | ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of... |
| CVE-2010-3661 | 2019-11-01 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. |
| CVE-2005-2350 | 2019-11-01 | Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. |
| CVE-2013-0165 | 2019-11-01 | cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. |
| CVE-2019-18653 | 2019-11-01 | A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript... |
| CVE-2013-0178 | 2019-11-01 | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. |
| CVE-2013-0180 | 2019-11-01 | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. |
| CVE-2019-18654 | 2019-11-01 | A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an... |
| CVE-2013-2255 | 2019-11-01 | HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |
| CVE-2013-0186 | 2019-11-01 | Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2005-2351 | 2019-11-01 | Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. |
| CVE-2013-4168 | 2019-11-01 | Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. |
| CVE-2005-2352 | 2019-11-01 | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. |
| CVE-2019-6470 | 2019-11-01 | dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries |
| CVE-2019-18659 | 2019-11-02 | The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block... |
| CVE-2019-18661 | 2019-11-02 | Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however,... |
| CVE-2019-18662 | 2019-11-02 | An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to... |
| CVE-2019-18665 | 2019-11-02 | The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. |
| CVE-2019-18664 | 2019-11-02 | The Log module in SECUDOS DOMOS before 5.6 allows XSS. |
| CVE-2019-18667 | 2019-11-02 | /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim... |
| CVE-2019-18668 | 2019-11-02 | An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even... |
| CVE-2019-18673 | 2019-11-02 | On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing... |
| CVE-2019-14358 | 2019-11-02 | On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing... |
| CVE-2019-14360 | 2019-11-02 | On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated... |
| CVE-2013-4412 | 2019-11-04 | slim has NULL pointer dereference when using crypt() method from glibc 2.17 |
| CVE-2013-4423 | 2019-11-04 | CloudForms stores user passwords in recoverable format |
| CVE-2013-4518 | 2019-11-04 | RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates |
| CVE-2014-3649 | 2019-11-04 | JBoss AeroGear has reflected XSS via the password field |
| CVE-2019-18680 | 2019-11-04 | An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. |
| CVE-2019-0350 | 2019-11-04 | SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service |
| CVE-2013-4103 | 2019-11-04 | Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input |
| CVE-2018-19031 | 2019-11-04 | A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected... |
| CVE-2013-4102 | 2019-11-04 | Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness |
| CVE-2013-4101 | 2019-11-04 | Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness |
| CVE-2013-4100 | 2019-11-04 | Cryptocat before 2.0.22 has Remote Denial of Service via username |
| CVE-2019-18683 | 2019-11-04 | An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only... |
| CVE-2013-4104 | 2019-11-04 | Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol |
| CVE-2013-2261 | 2019-11-04 | Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure |
| CVE-2013-2262 | 2019-11-04 | Cryptocat strophe.js before 2.0.22 has information disclosure |
| CVE-2019-18684 | 2019-11-04 | Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition... |
| CVE-2013-2260 | 2019-11-04 | Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness |
| CVE-2013-4105 | 2019-11-04 | Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure |
| CVE-2013-2259 | 2019-11-04 | Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview |
| CVE-2013-2258 | 2019-11-04 | Cryptocat before 2.0.22 has Nickname User Impersonation |
| CVE-2013-2257 | 2019-11-04 | Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness |
| CVE-2019-13496 | 2019-11-04 | One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML... |
| CVE-2019-13497 | 2019-11-04 | One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. |
| CVE-2005-4890 | 2019-11-04 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the... |
| CVE-2013-4280 | 2019-11-04 | Insecure temporary file vulnerability in RedHat vsdm 4.9.6. |
| CVE-2019-18663 | 2019-11-04 | A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. |
| CVE-2013-4251 | 2019-11-04 | The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. |
| CVE-2019-18178 | 2019-11-04 | Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a... |
| CVE-2019-17210 | 2019-11-04 | A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of... |
| CVE-2017-5333 | 2019-11-04 | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted... |
| CVE-2017-5331 | 2019-11-04 | Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted... |
| CVE-2017-5332 | 2019-11-04 | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a... |
| CVE-2015-8980 | 2019-11-04 | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. |
| CVE-2013-4409 | 2019-11-04 | An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
| CVE-2010-3662 | 2019-11-04 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. |
| CVE-2013-4374 | 2019-11-04 | An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. |
| CVE-2010-3663 | 2019-11-04 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary... |
| CVE-2010-3664 | 2019-11-04 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. |
| CVE-2010-3665 | 2019-11-04 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. |
| CVE-2010-3666 | 2019-11-04 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. |
| CVE-2010-3667 | 2019-11-04 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. |
| CVE-2010-3668 | 2019-11-04 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. |
| CVE-2010-3669 | 2019-11-04 | TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. |
| CVE-2019-3685 | 2019-11-05 | Missing TLS certificate validation for HTTPS connections in osc |
| CVE-2019-10223 | 2019-11-05 | A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By... |
| CVE-2013-4107 | 2019-11-05 | Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting |
| CVE-2013-4110 | 2019-11-05 | Cryptocat has an Unspecified Chat Participant User List Disclosure |
| CVE-2016-1000002 | 2019-11-05 | gdm3 3.14.2 and possibly later has an information leak before screen lock |
| CVE-2019-17221 | 2019-11-05 | PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which... |
| CVE-2013-6364 | 2019-11-05 | Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book |
| CVE-2013-6365 | 2019-11-05 | Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions |
| CVE-2013-6460 | 2019-11-05 | Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents |
| CVE-2013-6461 | 2019-11-05 | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits |
| CVE-2019-17598 | 2019-11-05 | An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting... |
| CVE-2019-17212 | 2019-11-05 | Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly... |
| CVE-2019-17211 | 2019-11-05 | An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the... |
| CVE-2019-17062 | 2019-11-05 | An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community... |
| CVE-2019-18631 | 2019-11-05 | The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during... |
| CVE-2013-5661 | 2019-11-05 | Cache Poisoning issue exists in DNS Response Rate Limiting. |