Lista CVE - 2019 / Novembre
Visualizzazione 1501 - 1600 di 1679 CVE per Novembre 2019 (Pagina 16 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2011-4076 | 2019-11-26 | OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools... |
| CVE-2011-4082 | 2019-11-26 | A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to... |
| CVE-2011-4090 | 2019-11-26 | Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. |
| CVE-2011-4120 | 2019-11-26 | Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker... |
| CVE-2011-4121 | 2019-11-26 | The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote... |
| CVE-2011-4350 | 2019-11-26 | Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via... |
| CVE-2019-14890 | 2019-11-26 | A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into... |
| CVE-2019-14857 | 2019-11-26 | A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. |
| CVE-2019-14853 | 2019-11-26 | An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a... |
| CVE-2019-14856 | 2019-11-26 | ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None |
| CVE-2016-6353 | 2019-11-26 | Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. |
| CVE-2016-5724 | 2019-11-26 | Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. |
| CVE-2016-4572 | 2019-11-26 | In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. |
| CVE-2016-3192 | 2019-11-26 | Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. |
| CVE-2016-3131 | 2019-11-26 | Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. |
| CVE-2015-7831 | 2019-11-26 | In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. |
| CVE-2015-6495 | 2019-11-26 | There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. |
| CVE-2015-4457 | 2019-11-26 | Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. |
| CVE-2019-19275 | 2019-11-26 | typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be... |
| CVE-2019-19274 | 2019-11-26 | typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be... |
| CVE-2018-17860 | 2019-11-26 | Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. |
| CVE-2019-19206 | 2019-11-26 | Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. |
| CVE-2019-18463 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). |
| CVE-2019-12489 | 2019-11-26 | An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command... |
| CVE-2019-18462 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. |
| CVE-2019-18461 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. |
| CVE-2019-18460 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. |
| CVE-2019-6675 | 2019-11-26 | BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in... |
| CVE-2019-19306 | 2019-11-26 | The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. |
| CVE-2015-9539 | 2019-11-26 | The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS. |
| CVE-2015-9538 | 2019-11-26 | The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. |
| CVE-2015-9537 | 2019-11-26 | The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. |
| CVE-2019-14842 | 2019-11-26 | Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets... |
| CVE-2019-19307 | 2019-11-26 | An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted... |
| CVE-2018-20090 | 2019-11-26 | An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. |
| CVE-2019-7319 | 2019-11-26 | An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with... |
| CVE-2019-18459 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). |
| CVE-2019-19129 | 2019-11-26 | Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. |
| CVE-2017-7399 | 2019-11-26 | Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of... |
| CVE-2019-16242 | 2019-11-26 | On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device... |
| CVE-2019-16243 | 2019-11-26 | On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the... |
| CVE-2016-9271 | 2019-11-26 | Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. |
| CVE-2019-15688 | 2019-11-26 | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the... |
| CVE-2019-16241 | 2019-11-26 | On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen... |
| CVE-2019-18458 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). |
| CVE-2019-18457 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. |
| CVE-2019-15685 | 2019-11-26 | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable... |
| CVE-2019-15686 | 2019-11-26 | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable... |
| CVE-2019-15687 | 2019-11-26 | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure... |
| CVE-2019-4387 | 2019-11-26 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add,... |
| CVE-2019-18456 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4). |
| CVE-2019-6477 | 2019-11-26 | TCP-pipelined queries can bypass tcp-clients limit |
| CVE-2019-18679 | 2019-11-26 | An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens... |
| CVE-2019-18678 | 2019-11-26 | An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request... |
| CVE-2019-18677 | 2019-11-26 | An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due... |
| CVE-2019-18676 | 2019-11-26 | An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to... |
| CVE-2019-18455 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. |
| CVE-2019-18454 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. |
| CVE-2019-14449 | 2019-11-26 | An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within... |
| CVE-2019-18453 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions. |
| CVE-2019-18580 | 2019-11-26 | Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted... |
| CVE-2019-12523 | 2019-11-26 | An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming... |
| CVE-2019-18452 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions. |
| CVE-2019-12526 | 2019-11-26 | An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an... |
| CVE-2019-18451 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. |
| CVE-2019-18450 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions. |
| CVE-2019-15845 | 2019-11-26 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. |
| CVE-2019-18449 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2). |
| CVE-2019-18448 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control. |
| CVE-2019-18447 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. |
| CVE-2019-18446 | 2019-11-26 | An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2). |
| CVE-2019-16195 | 2019-11-26 | Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. |
| CVE-2019-16386 | 2019-11-26 | PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that... |
| CVE-2019-16387 | 2019-11-26 | PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.)... |
| CVE-2019-16388 | 2019-11-26 | PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability... |
| CVE-2019-17392 | 2019-11-26 | Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. |
| CVE-2019-17590 | 2019-11-26 | The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker... |
| CVE-2011-1933 | 2019-11-26 | SQL injection vulnerability in Jifty::DBI before 0.68. |
| CVE-2011-1934 | 2019-11-26 | lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. |
| CVE-2011-1939 | 2019-11-26 | SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. |
| CVE-2011-4310 | 2019-11-26 | The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles. |
| CVE-2019-10195 | 2019-11-27 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API... |
| CVE-2019-14867 | 2019-11-27 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was... |
| CVE-2019-14896 | 2019-11-27 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or,... |
| CVE-2019-10216 | 2019-11-27 | In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a... |
| CVE-2019-15300 | 2019-11-27 | A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to... |
| CVE-2019-13934 | 2019-11-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects:... |
| CVE-2019-13935 | 2019-11-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects:... |
| CVE-2019-13936 | 2019-11-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects:... |
| CVE-2019-15298 | 2019-11-27 | A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is... |
| CVE-2019-14812 | 2019-11-27 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.... |
| CVE-2019-19308 | 2019-11-27 | In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that... |
| CVE-2019-19329 | 2019-11-27 | In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax... |
| CVE-2019-19328 | 2019-11-27 | ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query... |
| CVE-2019-19327 | 2019-11-27 | ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer... |
| CVE-2019-10220 | 2019-11-27 | Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. |
| CVE-2019-19330 | 2019-11-27 | The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka... |
| CVE-2017-12945 | 2019-11-27 | Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root. |
| CVE-2016-4980 | 2019-11-27 | A password generation weakness exists in xquest through 2016-06-13. |
| CVE-2019-18184 | 2019-11-27 | Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. |