CVE List - 2019 / December
Showing 101 - 200 of 1578 CVEs for December 2019 (Page 2 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-5111 | 2019-12-03 | Exploitable SQL injection vulnerability exists in the authenticated portion of... |
| CVE-2019-5112 | 2019-12-03 | Exploitable SQL injection vulnerability exists in the authenticated portion of... |
| CVE-2019-5109 | 2019-12-03 | Exploitable SQL injection vulnerabilities exists in the authenticated portion of... |
| CVE-2019-5110 | 2019-12-03 | Exploitable SQL injection vulnerabilities exist in the authenticated portion of... |
| CVE-2019-5097 | 2019-12-03 | A denial-of-service vulnerability exists in the processing of multi-part/form-data requests... |
| CVE-2019-5096 | 2019-12-03 | An exploitable code execution vulnerability exists in the processing of... |
| CVE-2019-5163 | 2019-12-03 | An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of... |
| CVE-2019-5164 | 2019-12-03 | An exploitable code execution vulnerability exists in the ss-manager binary... |
| CVE-2015-7542 | 2019-12-03 | A vulnerability exists in libgwenhywfar through 4.12.0 due to the... |
| CVE-2013-7325 | 2019-12-03 | An issue exists in uscan in devscripts before 2.13.19, which... |
| CVE-2019-18850 | 2019-12-04 | TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy... |
| CVE-2019-14909 | 2019-12-04 | A vulnerability was found in Keycloak 7.x where the user... |
| CVE-2019-15638 | 2019-12-04 | COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search... |
| CVE-2014-8178 | 2019-12-04 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7... |
| CVE-2014-8179 | 2019-12-04 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7... |
| CVE-2019-11923 | 2019-12-04 | In Mcrouter prior to v0.41.0, the deprecated ASCII parser would... |
| CVE-2019-11937 | 2019-12-04 | In Mcrouter prior to v0.41.0, a large struct input provided... |
| CVE-2019-19555 | 2019-12-04 | read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based... |
| CVE-2019-11930 | 2019-12-04 | An invalid free in mb_detect_order can cause the application to... |
| CVE-2019-11934 | 2019-12-04 | Improper handling of close_notify alerts can result in an out-of-bounds... |
| CVE-2019-11935 | 2019-12-04 | Insufficient boundary checks when processing a string in mb_ereg_replace allows... |
| CVE-2019-11936 | 2019-12-04 | Various APC functions accept keys containing null bytes as input,... |
| CVE-2018-0728 | 2019-12-04 | This improper access control vulnerability in Helpdesk allows attackers to... |
| CVE-2019-11940 | 2019-12-04 | In the course of decompressing HPACK inside the HTTP2 protocol,... |
| CVE-2018-0729 | 2019-12-04 | This command injection vulnerability in Music Station allows attackers to... |
| CVE-2018-0730 | 2019-12-04 | This command injection vulnerability in File Station allows attackers to... |
| CVE-2019-7201 | 2019-12-04 | An unquoted service path vulnerability is reported to affect the... |
| CVE-2019-7197 | 2019-12-04 | A stored cross-site scripting (XSS) vulnerability has been reported to... |
| CVE-2019-17554 | 2019-12-04 | The XML content type entity deserializer in Apache Olingo versions... |
| CVE-2019-17556 | 2019-12-04 | Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class,... |
| CVE-2019-17555 | 2019-12-04 | The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0... |
| CVE-2019-18346 | 2019-12-04 | A CSRF issue was discovered in DAViCal through 1.1.8. If... |
| CVE-2019-18347 | 2019-12-04 | A stored XSS issue was discovered in DAViCal through 1.1.8.... |
| CVE-2019-19576 | 2019-12-04 | class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4,... |
| CVE-2019-19364 | 2019-12-04 | A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe... |
| CVE-2019-19229 | 2019-12-04 | admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1)... |
| CVE-2019-19228 | 2019-12-04 | Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers... |
| CVE-2019-19133 | 2019-12-04 | The CSS Hero plugin through 4.0.3 for WordPress is prone... |
| CVE-2019-16753 | 2019-12-04 | An issue was discovered in Decentralized Anonymous Payment System (DAPS)... |
| CVE-2019-16752 | 2019-12-04 | An issue was discovered in Decentralized Anonymous Payment System (DAPS)... |
| CVE-2019-11216 | 2019-12-04 | BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the... |
| CVE-2019-19579 | 2019-12-04 | An issue was discovered in Xen through 4.12.x allowing attackers... |
| CVE-2013-2745 | 2019-12-04 | An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 |
| CVE-2019-19522 | 2019-12-04 | OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey... |
| CVE-2019-19521 | 2019-12-04 | libc in OpenBSD 6.6 allows authentication bypass via the -schallenge... |
| CVE-2019-19520 | 2019-12-04 | xlock in OpenBSD 6.6 allows local users to gain the... |
| CVE-2019-19519 | 2019-12-04 | In OpenBSD 6.6, local users can use the su -L... |
| CVE-2019-19587 | 2019-12-04 | In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating... |
| CVE-2019-19588 | 2019-12-05 | The validators package 0.12.2 through 0.12.5 for Python enters an... |
| CVE-2019-19553 | 2019-12-05 | In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the... |
| CVE-2019-19590 | 2019-12-05 | In radare2 through 4.0, there is an integer overflow for... |
| CVE-2019-19596 | 2019-12-05 | GitBook through 2.6.9 allows XSS via a local .md file. |
| CVE-2019-19598 | 2019-12-05 | D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator... |
| CVE-2019-19597 | 2019-12-05 | D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code... |
| CVE-2019-19589 | 2019-12-05 | The Lever PDF Embedder plugin 4.4 for WordPress does not... |
| CVE-2019-19601 | 2019-12-05 | OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l... |
| CVE-2019-19602 | 2019-12-05 | fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when... |
| CVE-2019-19317 | 2019-12-05 | lookupName in resolve.c in SQLite 3.30.1 omits bits from the... |
| CVE-2019-17437 | 2019-12-05 | PAN-OS: Custom-role users may escalate privileges |
| CVE-2019-14910 | 2019-12-05 | A vulnerability was found in keycloak 7.x, when keycloak is... |
| CVE-2019-18180 | 2019-12-05 | Denial of service |
| CVE-2013-0163 | 2019-12-05 | OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which... |
| CVE-2013-0243 | 2019-12-05 | haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead... |
| CVE-2019-19595 | 2019-12-05 | reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for... |
| CVE-2019-19594 | 2019-12-05 | reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop... |
| CVE-2019-19007 | 2019-12-05 | Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator... |
| CVE-2019-3690 | 2019-12-05 | chkstat follows untrusted symbolic links |
| CVE-2019-15897 | 2019-12-05 | beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via... |
| CVE-2013-0283 | 2019-12-05 | Katello: Username in Notification page has cross site scripting |
| CVE-2018-1002102 | 2019-12-05 | Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints |
| CVE-2019-11255 | 2019-12-05 | Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation |
| CVE-2013-0326 | 2019-12-05 | OpenStack nova base images permissions are world readable |
| CVE-2019-19466 | 2019-12-05 | SCEditor 2.1.3 allows XSS. |
| CVE-2019-7192 | 2019-12-05 | This improper access control vulnerability allows remote attackers to gain... |
| CVE-2019-7193 | 2019-12-05 | This improper input validation vulnerability allows remote attackers to inject... |
| CVE-2019-7194 | 2019-12-05 | This external control of file name or path vulnerability allows... |
| CVE-2019-7195 | 2019-12-05 | This external control of file name or path vulnerability allows... |
| CVE-2019-7183 | 2019-12-05 | This improper link resolution vulnerability allows remote attackers to access... |
| CVE-2019-7184 | 2019-12-05 | This cross-site scripting (XSS) vulnerability in Video Station allows remote... |
| CVE-2019-7185 | 2019-12-05 | This cross-site scripting (XSS) vulnerability in Music Station allows remote... |
| CVE-2019-17387 | 2019-12-05 | An authentication flaw in the AVPNC_RP service in Aviatrix VPN... |
| CVE-2019-17388 | 2019-12-05 | Weak file permissions applied to the Aviatrix VPN Client through... |
| CVE-2019-18381 | 2019-12-05 | Norton Password Manager, prior to 6.6.2.5, may be susceptible to... |
| CVE-2019-19545 | 2019-12-05 | Norton Password Manager, prior to 6.6.2.5, may be susceptible to... |
| CVE-2019-19546 | 2019-12-05 | Norton Password Manager, prior to 6.6.2.5, may be susceptible to... |
| CVE-2019-5098 | 2019-12-05 | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver,... |
| CVE-2012-1104 | 2019-12-05 | A Security Bypass vulnerability exists in the phpCAS 1.2.2 library... |
| CVE-2012-1105 | 2019-12-05 | An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS... |
| CVE-2019-16769 | 2019-12-05 | Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS) |
| CVE-2019-16770 | 2019-12-05 | Potential DOS attack in Puma |
| CVE-2019-19609 | 2019-12-05 | The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code... |
| CVE-2019-16768 | 2019-12-05 | Internal exception message exposure for login action in Sylius |
| CVE-2012-1114 | 2019-12-05 | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager... |
| CVE-2012-1115 | 2019-12-05 | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager... |
| CVE-2012-1592 | 2019-12-05 | A local code execution issue exists in Apache Struts2 when... |
| CVE-2019-19616 | 2019-12-06 | An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia... |
| CVE-2019-19617 | 2019-12-06 | phpMyAdmin before 4.9.2 does not escape certain Git information, related... |
| CVE-2019-19619 | 2019-12-06 | domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This... |
| CVE-2019-19624 | 2019-12-06 | An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically,... |
| CVE-2019-19552 | 2019-12-06 | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists... |