CVE List - 2019 / December
Showing 1 - 100 of 1578 CVEs for December 2019 (Page 1 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-18609 | 2019-12-01 | An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server... |
| CVE-2019-19480 | 2019-12-01 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. |
| CVE-2019-19481 | 2019-12-01 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. |
| CVE-2019-19479 | 2019-12-01 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. |
| CVE-2019-19492 | 2019-12-02 | FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. |
| CVE-2019-19491 | 2019-12-02 | TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. |
| CVE-2019-19490 | 2019-12-02 | LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. |
| CVE-2019-19489 | 2019-12-02 | SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. |
| CVE-2019-15631 | 2019-12-02 | Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. |
| CVE-2019-19493 | 2019-12-02 | Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. |
| CVE-2019-19362 | 2019-12-02 | An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved... |
| CVE-2019-19496 | 2019-12-02 | Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. |
| CVE-2019-19118 | 2019-12-02 | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model... |
| CVE-2019-19245 | 2019-12-02 | NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. |
| CVE-2019-19502 | 2019-12-02 | Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. |
| CVE-2019-15628 | 2019-12-02 | Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence... |
| CVE-2019-12393 | 2019-12-02 | Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. |
| CVE-2019-12391 | 2019-12-02 | The Anviz Management System for access control has insufficient logging for device events such as door open requests. |
| CVE-2019-19507 | 2019-12-02 | In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects... |
| CVE-2019-12392 | 2019-12-02 | Anviz access control devices allow remote attackers to issue commands without a password. |
| CVE-2019-12394 | 2019-12-02 | Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. |
| CVE-2019-12390 | 2019-12-02 | Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. |
| CVE-2019-12389 | 2019-12-02 | Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. |
| CVE-2019-12388 | 2019-12-02 | Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. |
| CVE-2019-19014 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown,... |
| CVE-2019-19015 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By... |
| CVE-2019-19016 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be... |
| CVE-2019-12518 | 2019-12-02 | Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. |
| CVE-2019-19017 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the... |
| CVE-2019-19018 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using. |
| CVE-2019-19019 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from... |
| CVE-2019-19020 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary... |
| CVE-2019-19021 | 2019-12-02 | An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log... |
| CVE-2019-12503 | 2019-12-02 | Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a... |
| CVE-2014-9356 | 2019-12-02 | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an... |
| CVE-2013-4410 | 2019-12-02 | ReviewBoard: has an access-control problem in REST API |
| CVE-2012-4428 | 2019-12-02 | openslp: SLPIntersectStringList()' Function has a DoS vulnerability |
| CVE-2012-4480 | 2019-12-02 | mom creates world-writable pid files in /var/run |
| CVE-2012-4525 | 2019-12-02 | piwigo has XSS in password.php |
| CVE-2012-4526 | 2019-12-02 | piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) |
| CVE-2012-4576 | 2019-12-02 | FreeBSD: Input Validation Flaw allows local users to gain elevated privileges |
| CVE-2012-5562 | 2019-12-02 | rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite |
| CVE-2019-15689 | 2019-12-02 | Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via... |
| CVE-2019-19316 | 2019-12-02 | When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. |
| CVE-2019-19516 | 2019-12-02 | Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. |
| CVE-2013-4235 | 2019-12-03 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
| CVE-2019-3666 | 2019-12-03 | API Abuse Vulnerability |
| CVE-2019-3665 | 2019-12-03 | Code Injection vulnerability |
| CVE-2013-2101 | 2019-12-03 | Katello has multiple XSS issues in various entities |
| CVE-2013-2103 | 2019-12-03 | OpenShift cartridge allows remote URL retrieval |
| CVE-2013-2106 | 2019-12-03 | webauth before 4.6.1 has authentication credential disclosure |
| CVE-2013-2228 | 2019-12-03 | SaltStack RSA Key Generation allows remote users to decrypt communications |
| CVE-2013-4411 | 2019-12-03 | Review Board: URL processing gives unauthorized users access to review lists |
| CVE-2013-4486 | 2019-12-03 | Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging |
| CVE-2019-4098 | 2019-12-03 | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4130 | 2019-12-03 | IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM... |
| CVE-2019-4226 | 2019-12-03 | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4465 | 2019-12-03 | IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774. |
| CVE-2019-4467 | 2019-12-03 | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4468 | 2019-12-03 | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-19537 | 2019-12-03 | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9.... |
| CVE-2019-19536 | 2019-12-03 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. |
| CVE-2019-19535 | 2019-12-03 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. |
| CVE-2019-19534 | 2019-12-03 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. |
| CVE-2019-19533 | 2019-12-03 | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. |
| CVE-2019-19532 | 2019-12-03 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This... |
| CVE-2019-19531 | 2019-12-03 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. |
| CVE-2019-19530 | 2019-12-03 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. |
| CVE-2019-19529 | 2019-12-03 | In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. |
| CVE-2019-19528 | 2019-12-03 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. |
| CVE-2019-19527 | 2019-12-03 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. |
| CVE-2019-19526 | 2019-12-03 | In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. |
| CVE-2019-19525 | 2019-12-03 | In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. |
| CVE-2019-19524 | 2019-12-03 | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. |
| CVE-2019-19523 | 2019-12-03 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. |
| CVE-2019-3990 | 2019-12-03 | A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to... |
| CVE-2019-7365 | 2019-12-03 | DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then... |
| CVE-2019-7366 | 2019-12-03 | Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing... |
| CVE-2019-19460 | 2019-12-03 | An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least... |
| CVE-2019-19459 | 2019-12-03 | An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files... |
| CVE-2019-19458 | 2019-12-03 | SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. |
| CVE-2019-19457 | 2019-12-03 | SALTO ProAccess SPACE 5.4.3.0 allows XSS. |
| CVE-2019-19383 | 2019-12-03 | freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled). |
| CVE-2019-19382 | 2019-12-03 | Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. |
| CVE-2019-18993 | 2019-12-03 | OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). |
| CVE-2019-18992 | 2019-12-03 | OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on... |
| CVE-2019-16885 | 2019-12-03 | In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in... |
| CVE-2019-13456 | 2019-12-03 | In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop.... |
| CVE-2019-9689 | 2019-12-03 | process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. |
| CVE-2019-10013 | 2019-12-03 | The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via... |
| CVE-2019-19543 | 2019-12-03 | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. |
| CVE-2019-18574 | 2019-12-03 | RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store... |
| CVE-2019-3749 | 2019-12-03 | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files... |
| CVE-2019-3750 | 2019-12-03 | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files... |
| CVE-2016-1000104 | 2019-12-03 | A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. |
| CVE-2019-5083 | 2019-12-03 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in... |
| CVE-2019-5076 | 2019-12-03 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a... |
| CVE-2019-5132 | 2019-12-03 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in... |
| CVE-2019-5133 | 2019-12-03 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote... |
| CVE-2019-5111 | 2019-12-03 | Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited... |