CVE List - 2019 / December
Showing 1401 - 1500 of 1578 CVEs for December 2019 (Page 15 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2016-1000029 | 2019-12-27 | Tenable Nessus before 6.8 has a stored XSS issue that... |
| CVE-2019-16896 | 2019-12-27 | In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the... |
| CVE-2013-4691 | 2019-12-27 | Sencha Labs Connect has XSS with connect.methodOverride() |
| CVE-2013-4664 | 2019-12-27 | SPBAS Business Automation Software 2012 has XSS. |
| CVE-2013-4665 | 2019-12-27 | SPBAS Business Automation Software 2012 has CSRF. |
| CVE-2013-4693 | 2019-12-27 | WordPress Xorbin Digital Flash Clock 1.0 has XSS |
| CVE-2013-4695 | 2019-12-27 | Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution |
| CVE-2013-4692 | 2019-12-27 | Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS |
| CVE-2013-4763 | 2019-12-27 | Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS... |
| CVE-2013-4764 | 2019-12-27 | Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged... |
| CVE-2013-4743 | 2019-12-27 | Static HTTP Server 1.0 has a Local Overflow |
| CVE-2013-4621 | 2019-12-27 | Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities |
| CVE-2013-4796 | 2019-12-27 | ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to... |
| CVE-2013-4859 | 2019-12-27 | INSTEON Hub 2242-222 lacks Web and API authentication |
| CVE-2013-4867 | 2019-12-27 | Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking |
| CVE-2013-4868 | 2019-12-27 | Karotz API 12.07.19.00: Session Token Information Disclosure |
| CVE-2014-4519 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and... |
| CVE-2013-4975 | 2019-12-27 | Hikvision DS-2CD7153-E IP Camera has Privilege Escalation |
| CVE-2013-4976 | 2019-12-27 | Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials |
| CVE-2014-4592 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin... |
| CVE-2013-4982 | 2019-12-27 | AVTECH AVN801 DVR has a security bypass via the administration... |
| CVE-2013-4985 | 2019-12-27 | Multiple Vivotek IP Cameras remote authentication bypass that could allow... |
| CVE-2013-5027 | 2019-12-27 | Collabtive 1.0 has incorrect access control |
| CVE-2007-0158 | 2019-12-27 | thttpd 2007 has buffer underflow. |
| CVE-2019-20049 | 2019-12-27 | An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A... |
| CVE-2019-20048 | 2019-12-27 | An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before... |
| CVE-2019-20047 | 2019-12-27 | An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and... |
| CVE-2014-4567 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments... |
| CVE-2014-4539 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and... |
| CVE-2014-4544 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20... |
| CVE-2014-4548 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit... |
| CVE-2014-4558 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout... |
| CVE-2014-4536 | 2019-12-27 | Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft... |
| CVE-2014-4535 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin... |
| CVE-2014-4550 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja... |
| CVE-2014-3136 | 2019-12-27 | Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax)... |
| CVE-2012-4980 | 2019-12-27 | Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility... |
| CVE-2014-5289 | 2019-12-27 | Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to... |
| CVE-2014-6420 | 2019-12-27 | Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote... |
| CVE-2019-20051 | 2019-12-27 | A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in... |
| CVE-2019-20053 | 2019-12-27 | An invalid memory address dereference was discovered in the canUnpack... |
| CVE-2019-20052 | 2019-12-27 | A memory leak was discovered in Mat_VarCalloc in mat.c in... |
| CVE-2019-20054 | 2019-12-28 | In the Linux kernel before 5.0.6, there is a NULL... |
| CVE-2019-20055 | 2019-12-29 | LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring... |
| CVE-2019-20056 | 2019-12-29 | stb_image.h (aka the stb image loader) 2.23, as used in... |
| CVE-2019-20057 | 2019-12-29 | com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0... |
| CVE-2019-20058 | 2019-12-29 | Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS... |
| CVE-2019-20063 | 2019-12-29 | hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of... |
| CVE-2019-20076 | 2019-12-29 | On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username... |
| CVE-2019-20075 | 2019-12-29 | On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). |
| CVE-2019-20074 | 2019-12-29 | On Netis DL4323 devices, any user role can view sensitive... |
| CVE-2019-20073 | 2019-12-29 | On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username... |
| CVE-2019-20072 | 2019-12-29 | On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname... |
| CVE-2019-20071 | 2019-12-29 | On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete... |
| CVE-2019-20070 | 2019-12-29 | On Netis DL4323 devices, XSS exists via the urlFQDN parameter... |
| CVE-2019-20079 | 2019-12-30 | The autocmd feature in window.c in Vim before 8.1.2136 accesses... |
| CVE-2019-20085 | 2019-12-30 | TVT NVMS-1000 devices allow GET /.. Directory Traversal |
| CVE-2019-20094 | 2019-12-30 | An issue was discovered in libsixel 1.8.4. There is a... |
| CVE-2019-20093 | 2019-12-30 | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote... |
| CVE-2019-20092 | 2019-12-30 | An issue was discovered in Bento4 1.5.1.0. There is a... |
| CVE-2019-20091 | 2019-12-30 | An issue was discovered in Bento4 1.5.1.0. There is a... |
| CVE-2019-20090 | 2019-12-30 | An issue was discovered in Bento4 1.5.1.0. There is a... |
| CVE-2019-20089 | 2019-12-30 | GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples... |
| CVE-2019-20088 | 2019-12-30 | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload... |
| CVE-2019-20087 | 2019-12-30 | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples... |
| CVE-2019-20086 | 2019-12-30 | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next... |
| CVE-2019-20096 | 2019-12-30 | In the Linux kernel before 5.1, there is a memory... |
| CVE-2019-20095 | 2019-12-30 | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has... |
| CVE-2019-20138 | 2019-12-30 | The HTTP Authentication library before 2019-12-27 for Nim has weak... |
| CVE-2019-16535 | 2019-12-30 | In all versions of ClickHouse before 19.14, an OOB read,... |
| CVE-2019-15024 | 2019-12-30 | In all versions of ClickHouse before 19.14.3, an attacker having... |
| CVE-2019-20139 | 2019-12-30 | In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host,... |
| CVE-2018-1682 | 2019-12-30 | IBM Watson Studio Local 1.2.3 could disclose sensitive information over... |
| CVE-2019-4335 | 2019-12-30 | IBM Watson Studio Local 1.2.3 stores key files in the... |
| CVE-2019-4343 | 2019-12-30 | IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin... |
| CVE-2019-4623 | 2019-12-30 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site... |
| CVE-2019-4655 | 2019-12-30 | IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3... |
| CVE-2019-17621 | 2019-12-30 | The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi... |
| CVE-2019-10774 | 2019-12-30 | php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful... |
| CVE-2019-20140 | 2019-12-30 | An issue was discovered in libsixel 1.8.4. There is a... |
| CVE-2019-17558 | 2019-12-30 | Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to... |
| CVE-2019-19739 | 2019-12-30 | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure... |
| CVE-2019-20141 | 2019-12-30 | An XSS issue was discovered in the Laborator Neon theme... |
| CVE-2019-19732 | 2019-12-30 | translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3... |
| CVE-2019-19733 | 2019-12-30 | _get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does... |
| CVE-2019-19734 | 2019-12-30 | _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the... |
| CVE-2019-19735 | 2019-12-30 | class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure... |
| CVE-2019-19736 | 2019-12-30 | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly... |
| CVE-2019-19737 | 2019-12-30 | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite... |
| CVE-2019-19738 | 2019-12-30 | log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize... |
| CVE-2019-19805 | 2019-12-30 | _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different... |
| CVE-2019-19806 | 2019-12-30 | _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message... |
| CVE-2019-19470 | 2019-12-30 | Unsafe usage of .NET deserialization in Named Pipe message processing... |
| CVE-2019-13465 | 2019-12-30 | An issue was discovered in the ROS communications-related packages (aka... |
| CVE-2019-13445 | 2019-12-30 | An issue was discovered in the ROS communications-related packages (aka... |
| CVE-2019-20149 | 2019-12-30 | ctorName in index.js in kind-of v6.0.2 allows external user input... |
| CVE-2012-5476 | 2019-12-30 | Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard... |
| CVE-2019-19031 | 2019-12-30 | Easy XML Editor through v1.7.8 is affected by: XML External... |
| CVE-2019-16790 | 2019-12-30 | Remote Code Execution in Tiny File Manager |
| CVE-2019-19032 | 2019-12-30 | XMLBlueprint through 16.191112 is affected by XML External Entity Injection.... |