CVE List - 2019 / November
Showing 401 - 500 of 1679 CVEs for November 2019 (Page 5 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-3425 | 2019-11-08 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or... |
| CVE-2019-3426 | 2019-11-08 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. |
| CVE-2019-13543 | 2019-11-08 | Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials |
| CVE-2019-13539 | 2019-11-08 | Medtronic Valleylab FT10 and FX8 Reversible One-way Hash |
| CVE-2019-13535 | 2019-11-08 | Medtronic Valleylab FT10 and LS10 Protection Mechanism Failure |
| CVE-2019-13531 | 2019-11-08 | Medtronic Valleylab FT10 and LS10 Improper Authentication |
| CVE-2019-5689 | 2019-11-09 | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious... |
| CVE-2019-5690 | 2019-11-09 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated,... |
| CVE-2019-5691 | 2019-11-09 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to... |
| CVE-2018-1721 | 2019-11-09 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive... |
| CVE-2019-4334 | 2019-11-09 | IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. |
| CVE-2019-4411 | 2019-11-09 | IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. |
| CVE-2019-4412 | 2019-11-09 | IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser... |
| CVE-2019-4450 | 2019-11-09 | IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2019-4454 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4470 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4509 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. |
| CVE-2019-4556 | 2019-11-09 | IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM... |
| CVE-2019-4581 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4645 | 2019-11-09 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2019-5692 | 2019-11-09 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using... |
| CVE-2019-5693 | 2019-11-09 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized,... |
| CVE-2019-5694 | 2019-11-09 | NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also... |
| CVE-2019-5696 | 2019-11-09 | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead... |
| CVE-2019-5697 | 2019-11-09 | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure... |
| CVE-2019-5698 | 2019-11-09 | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. |
| CVE-2019-5701 | 2019-11-09 | NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs... |
| CVE-2009-0035 | 2019-11-09 | alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. |
| CVE-2009-2802 | 2019-11-09 | MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. |
| CVE-2009-3552 | 2019-11-09 | In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML... |
| CVE-2009-3614 | 2019-11-09 | liboping 1.3.2 allows users reading arbitrary files upon the local system. |
| CVE-2009-4011 | 2019-11-09 | dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse... |
| CVE-2009-5004 | 2019-11-09 | qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . |
| CVE-2019-18840 | 2019-11-09 | In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the... |
| CVE-2019-18845 | 2019-11-09 | The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT... |
| CVE-2019-18841 | 2019-11-11 | Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. |
| CVE-2019-18836 | 2019-11-11 | Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite... |
| CVE-2019-18849 | 2019-11-11 | In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based... |
| CVE-2019-18852 | 2019-11-11 | Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100... |
| CVE-2019-18857 | 2019-11-11 | darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. |
| CVE-2019-18856 | 2019-11-11 | A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. |
| CVE-2019-18855 | 2019-11-11 | A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. |
| CVE-2019-18854 | 2019-11-11 | A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring. |
| CVE-2019-18853 | 2019-11-11 | ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. |
| CVE-2019-18862 | 2019-11-11 | maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. |
| CVE-2019-18873 | 2019-11-12 | FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the... |
| CVE-2019-18874 | 2019-11-12 | psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. |
| CVE-2019-18882 | 2019-11-12 | WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. |
| CVE-2019-18881 | 2019-11-12 | WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. |
| CVE-2014-7143 | 2019-11-12 | Python Twisted 14.0 trustRoot is not respected in HTTP client |
| CVE-2011-5271 | 2019-11-12 | Pacemaker before 1.1.6 configure script creates temporary files insecurely |
| CVE-2019-18658 | 2019-11-12 | In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive... |
| CVE-2014-3599 | 2019-11-12 | HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy |
| CVE-2011-2897 | 2019-11-12 | gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw |
| CVE-2011-2935 | 2019-11-12 | Elgg through 1.7.10 has XSS |
| CVE-2011-2936 | 2019-11-12 | Elgg through 1.7.10 has a SQL injection vulnerability |
| CVE-2018-18819 | 2019-11-12 | A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3... |
| CVE-2011-3370 | 2019-11-12 | statusnet before 0.9.9 has XSS |
| CVE-2019-18817 | 2019-11-12 | Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. |
| CVE-2019-18848 | 2019-11-12 | The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. |
| CVE-2011-3618 | 2019-11-12 | atop: symlink attack possible due to insecure tempfile handling |
| CVE-2012-1109 | 2019-11-12 | mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions |
| CVE-2019-4652 | 2019-11-12 | IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform... |
| CVE-2019-18655 | 2019-11-12 | File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain... |
| CVE-2019-18924 | 2019-11-12 | Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if... |
| CVE-2019-18926 | 2019-11-12 | Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web... |
| CVE-2019-18925 | 2019-11-12 | Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. |
| CVE-2012-1572 | 2019-11-12 | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space |
| CVE-2019-17234 | 2019-11-12 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. |
| CVE-2019-17235 | 2019-11-12 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. |
| CVE-2019-17236 | 2019-11-12 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. |
| CVE-2019-17237 | 2019-11-12 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. |
| CVE-2019-15815 | 2019-11-12 | ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. |
| CVE-2019-17360 | 2019-11-12 | A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. |
| CVE-2018-21026 | 2019-11-12 | A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. |
| CVE-2019-12719 | 2019-11-12 | An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via... |
| CVE-2019-12720 | 2019-11-12 | AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read... |
| CVE-2010-3359 | 2019-11-12 | If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in... |
| CVE-2019-0712 | 2019-11-12 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka... |
| CVE-2019-0719 | 2019-11-12 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka... |
| CVE-2019-0721 | 2019-11-12 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka... |
| CVE-2019-1234 | 2019-11-12 | A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. |
| CVE-2019-1309 | 2019-11-12 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka... |
| CVE-2019-1310 | 2019-11-12 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka... |
| CVE-2019-1324 | 2019-11-12 | An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. |
| CVE-2019-1370 | 2019-11-12 | An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. |
| CVE-2019-1373 | 2019-11-12 | A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. |
| CVE-2019-1374 | 2019-11-12 | An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. |
| CVE-2019-1379 | 2019-11-12 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique... |
| CVE-2019-1380 | 2019-11-12 | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. |
| CVE-2019-1381 | 2019-11-12 | An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. |
| CVE-2019-1382 | 2019-11-12 | An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'. |
| CVE-2019-1383 | 2019-11-12 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique... |
| CVE-2019-1384 | 2019-11-12 | A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted... |
| CVE-2019-1389 | 2019-11-12 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V... |
| CVE-2019-1385 | 2019-11-12 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need... |
| CVE-2019-1388 | 2019-11-12 | An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. |
| CVE-2019-1390 | 2019-11-12 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. |
| CVE-2019-1391 | 2019-11-12 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207. |
| CVE-2019-1392 | 2019-11-12 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. |