CVE List - 2019 / November
Showing 1401 - 1500 of 1679 CVEs for November 2019 (Page 15 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-5858 | 2019-11-25 | Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. |
| CVE-2019-5859 | 2019-11-25 | Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2019-5860 | 2019-11-25 | Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2019-5861 | 2019-11-25 | Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. |
| CVE-2019-5862 | 2019-11-25 | Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. |
| CVE-2019-5864 | 2019-11-25 | Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a... |
| CVE-2019-5865 | 2019-11-25 | Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. |
| CVE-2019-5866 | 2019-11-25 | Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5867 | 2019-11-25 | Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5868 | 2019-11-25 | Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2019-5869 | 2019-11-25 | Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5870 | 2019-11-25 | Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2019-5871 | 2019-11-25 | Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5872 | 2019-11-25 | Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5873 | 2019-11-25 | Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2019-5874 | 2019-11-25 | Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2019-5875 | 2019-11-25 | Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2019-5876 | 2019-11-25 | Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5877 | 2019-11-25 | Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5878 | 2019-11-25 | Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5879 | 2019-11-25 | Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted... |
| CVE-2019-5880 | 2019-11-25 | Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2019-5881 | 2019-11-25 | Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2012-5644 | 2019-11-25 | libuser has information disclosure when moving user's home directory |
| CVE-2019-17403 | 2019-11-25 | Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. |
| CVE-2019-17404 | 2019-11-25 | Nokia IMPACT < 18A: allows full path disclosure |
| CVE-2019-17405 | 2019-11-25 | Nokia IMPACT < 18A: has Reflected self XSS |
| CVE-2019-17406 | 2019-11-25 | Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 |
| CVE-2019-10217 | 2019-11-25 | A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not... |
| CVE-2019-19242 | 2019-11-25 | SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. |
| CVE-2015-1396 | 2019-11-25 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue... |
| CVE-2019-15684 | 2019-11-25 | Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions. |
| CVE-2019-19246 | 2019-11-25 | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. |
| CVE-2019-18374 | 2019-11-25 | Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow... |
| CVE-2019-19250 | 2019-11-25 | OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. |
| CVE-2019-19249 | 2019-11-25 | Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. |
| CVE-2018-2025 | 2019-11-25 | IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID:... |
| CVE-2019-4406 | 2019-11-25 | IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force... |
| CVE-2011-4924 | 2019-11-25 | Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject... |
| CVE-2019-16764 | 2019-11-25 | PowAssent is susceptible to denial of service attacks |
| CVE-2019-19252 | 2019-11-25 | vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. |
| CVE-2012-6639 | 2019-11-25 | An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
| CVE-2019-16765 | 2019-11-25 | If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the... |
| CVE-2019-19244 | 2019-11-25 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. |
| CVE-2019-5826 | 2019-11-25 | Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2019-5825 | 2019-11-25 | Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-15629 | 2019-11-25 | Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party... |
| CVE-2011-3351 | 2019-11-25 | openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink... |
| CVE-2019-17632 | 2019-11-25 | In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in... |
| CVE-2011-3355 | 2019-11-25 | evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An... |
| CVE-2019-10771 | 2019-11-25 | Characters in the GET url path are not properly escaped and can be reflected in the server response. |
| CVE-2011-3373 | 2019-11-25 | Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms"... |
| CVE-2011-3374 | 2019-11-25 | It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. |
| CVE-2019-18250 | 2019-11-25 | In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication... |
| CVE-2019-15595 | 2019-11-25 | A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. |
| CVE-2011-3583 | 2019-11-25 | It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This... |
| CVE-2019-18241 | 2019-11-25 | In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak... |
| CVE-2019-18251 | 2019-11-25 | In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction... |
| CVE-2011-3584 | 2019-11-25 | The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. |
| CVE-2011-3596 | 2019-11-25 | Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. |
| CVE-2019-11290 | 2019-11-25 | Cloud Foundry UAA logs query parameters in tomcat access file |
| CVE-2019-16201 | 2019-11-26 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that... |
| CVE-2019-16254 | 2019-11-26 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit... |
| CVE-2019-16255 | 2019-11-26 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data.... |
| CVE-2011-3600 | 2019-11-26 | The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem.... |
| CVE-2011-3606 | 2019-11-26 | A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and... |
| CVE-2011-3609 | 2019-11-26 | A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access... |
| CVE-2011-3617 | 2019-11-26 | Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. |
| CVE-2011-3624 | 2019-11-26 | Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary... |
| CVE-2011-3630 | 2019-11-26 | Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory... |
| CVE-2019-15973 | 2019-11-26 | Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability |
| CVE-2019-15967 | 2019-11-26 | Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability |
| CVE-2019-15960 | 2019-11-26 | Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability |
| CVE-2019-15958 | 2019-11-26 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability |
| CVE-2019-15956 | 2019-11-26 | Cisco Web Security Appliance Unauthorized Device Reset Vulnerability |
| CVE-2019-15288 | 2019-11-26 | Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability |
| CVE-2019-15286 | 2019-11-26 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-15284 | 2019-11-26 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-15276 | 2019-11-26 | Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability |
| CVE-2019-15271 | 2019-11-26 | Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability |
| CVE-2011-3631 | 2019-11-26 | Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to... |
| CVE-2019-19272 | 2019-11-26 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of... |
| CVE-2019-19271 | 2019-11-26 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause... |
| CVE-2019-19270 | 2019-11-26 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject... |
| CVE-2019-19269 | 2019-11-26 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an... |
| CVE-2011-3632 | 2019-11-26 | Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. |
| CVE-2019-16002 | 2019-11-26 | Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability |
| CVE-2019-16001 | 2019-11-26 | Cisco Webex Teams for Windows DLL Hijacking Vulnerability |
| CVE-2019-15998 | 2019-11-26 | Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability |
| CVE-2019-15997 | 2019-11-26 | Cisco DNA Spaces: Connector Command Injection Vulnerability |
| CVE-2019-15996 | 2019-11-26 | Cisco DNA Spaces: Connector Privilege Escalation Vulnerability |
| CVE-2019-15995 | 2019-11-26 | Cisco DNA Spaces: Connector SQL Injection Vulnerability |
| CVE-2019-15994 | 2019-11-26 | Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability |
| CVE-2019-15990 | 2019-11-26 | Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability |
| CVE-2019-15988 | 2019-11-26 | Cisco Email Security Appliance URL Filtering Bypass Vulnerability |
| CVE-2019-15987 | 2019-11-26 | Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability |
| CVE-2019-15986 | 2019-11-26 | Cisco Unity Express Command Injection Vulnerability |
| CVE-2019-15972 | 2019-11-26 | Cisco Unified Communications Manager SQL Injection Vulnerability |
| CVE-2019-15971 | 2019-11-26 | Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability |
| CVE-2019-15968 | 2019-11-26 | Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability |