Lista CVE - 2019 / Dicembre
Visualizzazione 1501 - 1578 di 1578 CVE per Dicembre 2019 (Pagina 16 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2012-5474 | 2019-12-30 | The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. |
| CVE-2012-5645 | 2019-12-30 | A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when... |
| CVE-2012-5663 | 2019-12-30 | The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). |
| CVE-2013-0196 | 2019-12-30 | A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an... |
| CVE-2018-20488 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. |
| CVE-2018-20489 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. |
| CVE-2018-20490 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. |
| CVE-2018-20491 | 2019-12-30 | An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. |
| CVE-2018-20493 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. |
| CVE-2018-20494 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. |
| CVE-2018-20495 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. |
| CVE-2018-20496 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. |
| CVE-2018-20497 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. |
| CVE-2018-20498 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. |
| CVE-2018-20499 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. |
| CVE-2018-20501 | 2019-12-30 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. |
| CVE-2018-20507 | 2019-12-30 | An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. |
| CVE-2013-0264 | 2019-12-30 | An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on... |
| CVE-2013-2016 | 2019-12-30 | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small... |
| CVE-2019-7478 | 2019-12-30 | A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. |
| CVE-2019-20171 | 2019-12-30 | An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. |
| CVE-2019-20170 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. |
| CVE-2019-20169 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c. |
| CVE-2019-20168 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c. |
| CVE-2019-20167 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c. |
| CVE-2019-20166 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c. |
| CVE-2019-20165 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. |
| CVE-2019-20164 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c. |
| CVE-2019-20163 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. |
| CVE-2019-20162 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. |
| CVE-2019-20161 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. |
| CVE-2019-20160 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c. |
| CVE-2019-20159 | 2019-12-30 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c. |
| CVE-2019-7479 | 2019-12-31 | A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n,... |
| CVE-2019-19927 | 2019-12-31 | In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in... |
| CVE-2019-20172 | 2019-12-31 | Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that... |
| CVE-2019-20175 | 2019-12-31 | An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It... |
| CVE-2019-20176 | 2019-12-31 | In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. |
| CVE-2019-7162 | 2019-12-31 | An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product... |
| CVE-2019-12273 | 2019-12-31 | OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.)... |
| CVE-2019-12186 | 2019-12-31 | An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid... |
| CVE-2019-10229 | 2019-12-31 | An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDAP,... |
| CVE-2018-19834 | 2019-12-31 | The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not... |
| CVE-2018-19830 | 2019-12-31 | The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the... |
| CVE-2018-19832 | 2019-12-31 | The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not... |
| CVE-2018-19831 | 2019-12-31 | The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does... |
| CVE-2018-19833 | 2019-12-31 | The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check... |
| CVE-2018-14476 | 2019-12-31 | GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. |
| CVE-2019-9668 | 2019-12-31 | An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value. |
| CVE-2019-9556 | 2019-12-31 | FiberHome an5506-04-f RP2669 devices have XSS. |
| CVE-2019-9554 | 2019-12-31 | In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. |
| CVE-2019-9553 | 2019-12-31 | Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. |
| CVE-2019-9206 | 2019-12-31 | PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued. |
| CVE-2019-9207 | 2019-12-31 | PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued. |
| CVE-2019-9197 | 2019-12-31 | The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. |
| CVE-2019-7751 | 2019-12-31 | A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents... |
| CVE-2019-12837 | 2019-12-31 | The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints. |
| CVE-2019-14466 | 2019-12-31 | The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account... |
| CVE-2019-10227 | 2019-12-31 | openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component. |
| CVE-2019-3984 | 2019-12-31 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from... |
| CVE-2013-4161 | 2019-12-31 | gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. |
| CVE-2013-4357 | 2019-12-31 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. |
| CVE-2019-20197 | 2019-12-31 | In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user... |
| CVE-2019-18568 | 2019-12-31 | Avira Free Antivirus is proned to a local privilege escalation through the execution of kernel code from a restricted user. |
| CVE-2011-3585 | 2019-12-31 | Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during... |
| CVE-2004-2776 | 2019-12-31 | go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. |
| CVE-2013-7070 | 2019-12-31 | The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. |
| CVE-2013-7071 | 2019-12-31 | Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| CVE-2019-20202 | 2019-12-31 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation... |
| CVE-2019-20201 | 2019-12-31 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. |
| CVE-2019-20200 | 2019-12-31 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the... |
| CVE-2019-20199 | 2019-12-31 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen()... |
| CVE-2019-20198 | 2019-12-31 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. |
| CVE-2015-5591 | 2019-12-31 | SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. |
| CVE-2015-5592 | 2019-12-31 | Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks. |
| CVE-2015-5593 | 2019-12-31 | The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>",... |
| CVE-2015-5595 | 2019-12-31 | Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service... |
| CVE-2020-5179 | 2020-01-01 | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address... |
| CVE-2019-20203 | 2020-01-01 | The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message. |
| CVE-2019-20204 | 2020-01-01 | The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. |
| CVE-2019-20205 | 2020-01-01 | libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. |
| CVE-2019-20208 | 2020-01-01 | dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. |
| CVE-2016-1000027 | 2020-01-02 | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within... |
| CVE-2019-20213 | 2020-01-02 | D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. |
| CVE-2019-20218 | 2020-01-02 | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. |
| CVE-2019-20223 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235. |
| CVE-2019-20222 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS. |
| CVE-2019-20221 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page. |
| CVE-2019-20220 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS. |
| CVE-2019-20225 | 2020-01-02 | MyBB before 1.8.22 allows an open redirect on login. |
| CVE-2019-20219 | 2020-01-02 | ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. |
| CVE-2019-14859 | 2020-01-02 | A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted,... |
| CVE-2019-14862 | 2020-01-02 | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted... |
| CVE-2019-14863 | 2020-01-02 | There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other... |
| CVE-2019-14864 | 2020-01-02 | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins... |
| CVE-2019-10158 | 2020-01-02 | A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling. |
| CVE-2013-3936 | 2020-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML. |
| CVE-2013-3935 | 2020-01-02 | Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password... |
| CVE-2019-10775 | 2020-01-02 | ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. |
| CVE-2013-4532 | 2020-01-02 | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |