CVE List - 2019 / November
Showing 1001 - 1100 of 1679 CVEs for November 2019 (Page 11 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-19048 | 2019-11-18 | A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka... |
| CVE-2019-19049 | 2019-11-18 | A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka... |
| CVE-2019-19050 | 2019-11-18 | A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka... |
| CVE-2019-19051 | 2019-11-18 | A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7. |
| CVE-2019-19052 | 2019-11-18 | A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka... |
| CVE-2019-19053 | 2019-11-18 | A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka... |
| CVE-2019-19054 | 2019-11-18 | A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka... |
| CVE-2019-19055 | 2019-11-18 | A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka... |
| CVE-2019-19056 | 2019-11-18 | A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka... |
| CVE-2019-19057 | 2019-11-18 | Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka... |
| CVE-2019-19058 | 2019-11-18 | A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka... |
| CVE-2019-19059 | 2019-11-18 | Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent()... |
| CVE-2019-19060 | 2019-11-18 | A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. |
| CVE-2019-19061 | 2019-11-18 | A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. |
| CVE-2019-19062 | 2019-11-18 | A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka... |
| CVE-2019-19063 | 2019-11-18 | Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. |
| CVE-2019-19064 | 2019-11-18 | A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka... |
| CVE-2019-19065 | 2019-11-18 | A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka... |
| CVE-2019-19066 | 2019-11-18 | A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka... |
| CVE-2019-19067 | 2019-11-18 | Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device()... |
| CVE-2019-19068 | 2019-11-18 | A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka... |
| CVE-2019-19069 | 2019-11-18 | A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka... |
| CVE-2019-19070 | 2019-11-18 | A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka... |
| CVE-2019-19071 | 2019-11-18 | A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka... |
| CVE-2019-19072 | 2019-11-18 | A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. |
| CVE-2019-19073 | 2019-11-18 | Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the... |
| CVE-2019-19074 | 2019-11-18 | A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. |
| CVE-2019-19075 | 2019-11-18 | A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka... |
| CVE-2019-19076 | 2019-11-18 | A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has... |
| CVE-2019-19077 | 2019-11-18 | A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata... |
| CVE-2019-19078 | 2019-11-18 | A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka... |
| CVE-2019-19079 | 2019-11-18 | A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19. |
| CVE-2019-19080 | 2019-11-18 | Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a. |
| CVE-2019-19081 | 2019-11-18 | A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a. |
| CVE-2019-19082 | 2019-11-18 | Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c,... |
| CVE-2019-19083 | 2019-11-18 | Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c,... |
| CVE-2019-17057 | 2019-11-18 | Footy Tipping Software AFL Web Edition 2019 allows XSS. |
| CVE-2019-17058 | 2019-11-18 | Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat... |
| CVE-2019-14467 | 2019-11-18 | The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file... |
| CVE-2018-13257 | 2019-11-18 | The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS... |
| CVE-2019-19084 | 2019-11-18 | In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details. |
| CVE-2019-19085 | 2019-11-18 | A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML. |
| CVE-2019-10172 | 2019-11-18 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. |
| CVE-2018-21031 | 2019-11-18 | Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially,... |
| CVE-2019-19113 | 2019-11-18 | main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. |
| CVE-2011-5330 | 2019-11-18 | Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. |
| CVE-2011-5331 | 2019-11-18 | Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. |
| CVE-2019-5688 | 2019-11-18 | NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative... |
| CVE-2019-5101 | 2019-11-18 | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no... |
| CVE-2019-5102 | 2019-11-18 | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no... |
| CVE-2018-20687 | 2019-11-18 | An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks... |
| CVE-2019-12271 | 2019-11-18 | Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side. |
| CVE-2019-3423 | 2019-11-18 | permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other... |
| CVE-2019-3424 | 2019-11-18 | authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the... |
| CVE-2019-12299 | 2019-11-18 | Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section. |
| CVE-2019-12311 | 2019-11-18 | Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download... |
| CVE-2019-10763 | 2019-11-18 | pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be... |
| CVE-2019-18215 | 2019-11-18 | An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially... |
| CVE-2019-10070 | 2019-11-18 | Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality |
| CVE-2019-17085 | 2019-11-18 | XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on... |
| CVE-2019-15054 | 2019-11-18 | Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is... |
| CVE-2012-4438 | 2019-11-18 | Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. |
| CVE-2019-12409 | 2019-11-18 | The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the... |
| CVE-2012-4439 | 2019-11-18 | Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. |
| CVE-2019-18373 | 2019-11-18 | Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent... |
| CVE-2012-4440 | 2019-11-18 | Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. |
| CVE-2019-19117 | 2019-11-18 | /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter. |
| CVE-2012-4441 | 2019-11-18 | Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. |
| CVE-2008-7273 | 2019-11-18 | A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling. |
| CVE-2019-10764 | 2019-11-18 | In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage... |
| CVE-2014-5118 | 2019-11-18 | Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability |
| CVE-2019-12422 | 2019-11-18 | Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. |
| CVE-2019-19126 | 2019-11-19 | On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to... |
| CVE-2019-16860 | 2019-11-19 | Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL).... |
| CVE-2019-16861 | 2019-11-19 | Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The... |
| CVE-2016-1000006 | 2019-11-19 | hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions. |
| CVE-2012-0842 | 2019-11-19 | surf: cookie jar has read access from other local user |
| CVE-2014-5439 | 2019-11-19 | Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout... |
| CVE-2011-4967 | 2019-11-19 | tog-Pegasus has a package hash collision DoS vulnerability |
| CVE-2011-4968 | 2019-11-19 | nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
| CVE-2011-4952 | 2019-11-19 | cobbler: Web interface lacks CSRF protection when using Django framework |
| CVE-2011-4919 | 2019-11-19 | mpack 1.6 has information disclosure via eavesdropping on mails sent by other users |
| CVE-2011-4954 | 2019-11-19 | cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE |
| CVE-2012-0824 | 2019-11-19 | gnusound 0.7.5 has format string issue |
| CVE-2012-0843 | 2019-11-19 | uzbl: Information disclosure via world-readable cookies storage file |
| CVE-2012-6070 | 2019-11-19 | Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks. |
| CVE-2012-6071 | 2019-11-19 | nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. |
| CVE-2012-6135 | 2019-11-19 | RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. |
| CVE-2011-2921 | 2019-11-19 | ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root... |
| CVE-2016-1000236 | 2019-11-19 | Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. |
| CVE-2019-18934 | 2019-11-19 | Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if... |
| CVE-2011-2922 | 2019-11-19 | ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable... |
| CVE-2019-11289 | 2019-11-19 | A forged route service request using an invalid nonce can cause the gorouter to panic and crash |
| CVE-2019-10766 | 2019-11-19 | Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization. |
| CVE-2019-10768 | 2019-11-19 | In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. |
| CVE-2011-2923 | 2019-11-19 | foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by... |
| CVE-2011-2924 | 2019-11-19 | foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited... |
| CVE-2019-10080 | 2019-11-19 | The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to... |
| CVE-2019-12421 | 2019-11-19 | When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but... |
| CVE-2019-10083 | 2019-11-19 | When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not... |