Lista CVE - 2019 / Dicembre
Visualizzazione 201 - 300 di 1578 CVE per Dicembre 2019 (Pagina 3 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-11554 | 2019-12-06 | The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. |
| CVE-2019-19627 | 2019-12-06 | SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System... |
| CVE-2019-19625 | 2019-12-06 | SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node... |
| CVE-2019-19333 | 2019-12-06 | In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses... |
| CVE-2019-19334 | 2019-12-06 | In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses... |
| CVE-2012-1615 | 2019-12-06 | A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. |
| CVE-2019-5544 | 2019-12-06 | OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range... |
| CVE-2019-19620 | 2019-12-06 | In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in... |
| CVE-2012-2092 | 2019-12-06 | A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. |
| CVE-2019-12733 | 2019-12-06 | SiteVision 4 allows Remote Code Execution. |
| CVE-2019-12734 | 2019-12-06 | SiteVision 4 has Incorrect Access Control. |
| CVE-2018-7282 | 2019-12-06 | The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi. |
| CVE-2019-16670 | 2019-12-06 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. |
| CVE-2019-16671 | 2019-12-06 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special... |
| CVE-2019-16672 | 2019-12-06 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. |
| CVE-2019-16673 | 2019-12-06 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by... |
| CVE-2019-16674 | 2019-12-06 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can... |
| CVE-2012-2130 | 2019-12-06 | A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. |
| CVE-2019-1551 | 2019-12-06 | rsaz_512_sqr overflow bug on x86_64 |
| CVE-2012-2148 | 2019-12-06 | An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies |
| CVE-2019-18671 | 2019-12-06 | Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow... |
| CVE-2019-18672 | 2019-12-06 | Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably,... |
| CVE-2019-16771 | 2019-12-06 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria |
| CVE-2019-11293 | 2019-12-06 | UAA logs all query parameters with debug logging level |
| CVE-2019-18575 | 2019-12-06 | Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file,... |
| CVE-2019-2217 | 2019-12-06 | In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2019-2218 | 2019-12-06 | In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with... |
| CVE-2019-2220 | 2019-12-06 | In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed.... |
| CVE-2019-2232 | 2019-12-06 | In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution... |
| CVE-2019-9464 | 2019-12-06 | In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system,... |
| CVE-2019-2219 | 2019-12-06 | In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This... |
| CVE-2019-2221 | 2019-12-06 | In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege... |
| CVE-2019-2222 | 2019-12-06 | n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2019-2223 | 2019-12-06 | In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2019-2225 | 2019-12-06 | When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with... |
| CVE-2019-2226 | 2019-12-06 | In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution... |
| CVE-2019-2227 | 2019-12-06 | In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges... |
| CVE-2019-2228 | 2019-12-06 | In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional... |
| CVE-2019-2229 | 2019-12-06 | In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2019-2230 | 2019-12-06 | In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2019-2231 | 2019-12-06 | In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2019-10769 | 2019-12-06 | safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating... |
| CVE-2019-16772 | 2019-12-06 | regular expressions Cross-Site Scripting (XSS) vulnerability in serialize-to-js |
| CVE-2019-19447 | 2019-12-08 | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. |
| CVE-2019-19448 | 2019-12-08 | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space... |
| CVE-2019-19449 | 2019-12-08 | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument... |
| CVE-2019-19630 | 2019-12-08 | HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. |
| CVE-2019-19635 | 2019-12-08 | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c. |
| CVE-2019-19638 | 2019-12-08 | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow. |
| CVE-2019-19637 | 2019-12-08 | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c. |
| CVE-2019-19636 | 2019-12-08 | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c. |
| CVE-2019-19642 | 2019-12-08 | On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI... |
| CVE-2019-19647 | 2019-12-09 | radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of... |
| CVE-2019-19648 | 2019-12-09 | In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in... |
| CVE-2019-19645 | 2019-12-09 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. |
| CVE-2019-19679 | 2019-12-09 | In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition... |
| CVE-2019-19678 | 2019-12-09 | In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a... |
| CVE-2019-14251 | 2019-12-09 | An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can... |
| CVE-2019-19683 | 2019-12-09 | RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. |
| CVE-2019-19685 | 2019-12-09 | RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. |
| CVE-2019-19684 | 2019-12-09 | nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin. |
| CVE-2019-19682 | 2019-12-09 | nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because... |
| CVE-2019-19687 | 2019-12-09 | OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with... |
| CVE-2019-18380 | 2019-12-09 | Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts... |
| CVE-2019-19646 | 2019-12-09 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. |
| CVE-2019-19603 | 2019-12-09 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. |
| CVE-2015-0841 | 2019-12-09 | Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. |
| CVE-2019-18190 | 2019-12-09 | Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned... |
| CVE-2015-1853 | 2019-12-09 | chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability... |
| CVE-2015-3425 | 2019-12-09 | Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter. |
| CVE-2015-3424 | 2019-12-09 | SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. |
| CVE-2015-7892 | 2019-12-09 | Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes... |
| CVE-2014-0242 | 2019-12-09 | mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may... |
| CVE-2019-19230 | 2019-12-09 | An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. |
| CVE-2013-0342 | 2019-12-09 | The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different... |
| CVE-2019-4428 | 2019-12-09 | IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2019-4611 | 2019-12-09 | IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2019-4612 | 2019-12-09 | IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system... |
| CVE-2019-4621 | 2019-12-09 | IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use... |
| CVE-2013-4184 | 2019-12-10 | Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks |
| CVE-2019-14870 | 2019-12-10 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset... |
| CVE-2019-14889 | 2019-12-10 | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which... |
| CVE-2019-19698 | 2019-12-10 | marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c. |
| CVE-2014-3656 | 2019-12-10 | JBoss KeyCloak: XSS in login-status-iframe.html |
| CVE-2013-0293 | 2019-12-10 | oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation |
| CVE-2013-1793 | 2019-12-10 | openstack-utils openstack-db has insecure password creation |
| CVE-2013-2095 | 2019-12-10 | rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection |
| CVE-2013-2159 | 2019-12-10 | Monkey HTTP Daemon: broken user name authentication |
| CVE-2013-2166 | 2019-12-10 | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass |
| CVE-2013-2167 | 2019-12-10 | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass |
| CVE-2019-19251 | 2019-12-10 | The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option,... |
| CVE-2013-2183 | 2019-12-10 | Monkey HTTP Daemon has local security bypass |
| CVE-2013-4120 | 2019-12-10 | Katello has a Denial of Service vulnerability in API OAuth authentication |
| CVE-2013-4133 | 2019-12-10 | kde-workspace before 4.10.5 has a memory leak in plasma desktop |
| CVE-2016-1000108 | 2019-12-10 | yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the... |
| CVE-2019-4095 | 2019-12-10 | IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... |
| CVE-2019-4244 | 2019-12-10 | IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518. |
| CVE-2019-4521 | 2019-12-10 | Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of... |
| CVE-2019-4663 | 2019-12-10 | IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2016-1000107 | 2019-12-10 | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable,... |