CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2776 Exec Code 2019-12-31 2020-01-14
7.5
None Remote Low Not required Partial Partial Partial
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
2 CVE-2007-0158 787 2019-12-27 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
thttpd 2007 has buffer underflow.
3 CVE-2011-1474 400 2019-12-26 2020-01-10
4.9
None Local Low Not required None None Complete
A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash.
4 CVE-2011-3585 362 DoS 2019-12-31 2020-01-10
1.9
None Local Medium Not required None None Partial
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
5 CVE-2012-1104 269 Bypass 2019-12-05 2019-12-16
5.0
None Remote Low Not required None Partial None
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
6 CVE-2012-1105 200 +Info 2019-12-05 2019-12-17
2.1
None Local Low Not required Partial None None
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
7 CVE-2012-1114 79 XSS 2019-12-05 2019-12-12
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
8 CVE-2012-1115 79 XSS 2019-12-05 2019-12-09
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
9 CVE-2012-1577 335 2019-12-10 2019-12-17
7.5
None Remote Low Not required Partial Partial Partial
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
10 CVE-2012-1592 434 Exec Code 2019-12-05 2020-09-04
6.5
None Remote Low ??? Partial Partial Partial
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
11 CVE-2012-1615 269 2019-12-06 2019-12-16
4.6
None Local Low Not required Partial Partial Partial
A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.
12 CVE-2012-2092 347 Bypass 2019-12-06 2019-12-17
4.3
None Remote Medium Not required None Partial None
A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.
13 CVE-2012-2130 326 Bypass 2019-12-06 2019-12-18
5.8
None Remote Medium Not required Partial Partial None
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
14 CVE-2012-2148 269 2019-12-06 2019-12-16
1.9
None Local Medium Not required Partial None None
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
15 CVE-2012-2237 79 XSS 2019-12-17 2019-12-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
16 CVE-2012-2312 269 2019-12-18 2019-12-23
4.6
None Local Low Not required Partial Partial Partial
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
17 CVE-2012-2656 611 +Info 2019-12-18 2019-12-23
5.0
None Remote Low Not required Partial None None
An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.
18 CVE-2012-2736 306 2019-12-26 2020-01-04
3.3
None Local Medium Not required Partial Partial None
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
19 CVE-2012-3409 20 2019-12-20 2020-01-03
4.6
None Local Low Not required Partial Partial Partial
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
20 CVE-2012-3462 287 2019-12-26 2020-01-03
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
21 CVE-2012-4420 200 +Info 2019-12-26 2020-01-14
5.0
None Remote Low Not required Partial None None
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.
22 CVE-2012-4428 125 2019-12-02 2019-12-16
5.0
None Remote Low Not required None None Partial
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
23 CVE-2012-4480 269 2019-12-02 2019-12-13
4.6
None Local Low Not required Partial Partial Partial
mom creates world-writable pid files in /var/run
24 CVE-2012-4525 79 XSS 2019-12-02 2019-12-04
4.3
None Remote Medium Not required None Partial None
piwigo has XSS in password.php
25 CVE-2012-4526 79 XSS 2019-12-02 2019-12-04
4.3
None Remote Medium Not required None Partial None
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
26 CVE-2012-4576 20 +Priv 2019-12-02 2019-12-11
7.2
None Local Low Not required Complete Complete Complete
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
27 CVE-2012-4980 787 Exec Code Overflow 2019-12-27 2019-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.
28 CVE-2012-5474 311 2019-12-30 2021-03-09
2.1
None Local Low Not required Partial None None
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
29 CVE-2012-5476 200 +Info 2019-12-30 2020-01-09
2.1
None Local Low Not required Partial None None
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
30 CVE-2012-5562 319 2019-12-02 2019-12-13
3.3
None Local Network Low Not required Partial None None
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
31 CVE-2012-5639 20 2019-12-20 2020-10-26
4.3
None Remote Medium Not required Partial None None
LibreOffice and OpenOffice automatically open embedded content
32 CVE-2012-5645 400 DoS 2019-12-30 2020-01-03
7.8
None Remote Low Not required None None Complete
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.
33 CVE-2012-5663 269 2019-12-30 2020-01-10
5.0
None Remote Low Not required None Partial None
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
34 CVE-2012-6094 863 2019-12-20 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
35 CVE-2012-6111 20 2019-12-20 2020-01-02
5.0
None Remote Low Not required Partial None None
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
36 CVE-2013-0163 668 2019-12-05 2019-12-14
2.1
None Local Low Not required None None Partial
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
37 CVE-2013-0196 352 CSRF 2019-12-30 2020-01-08
4.3
None Remote Medium Not required None Partial None
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
38 CVE-2013-0202 79 XSS 2019-12-17 2019-12-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
39 CVE-2013-0243 20 2019-12-05 2019-12-17
5.8
None Remote Medium Not required Partial Partial None
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
40 CVE-2013-0264 295 2019-12-30 2020-01-10
5.0
None Remote Low Not required None Partial None
An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.
41 CVE-2013-0283 79 XSS 2019-12-05 2019-12-09
3.5
None Remote Medium ??? None Partial None
Katello: Username in Notification page has cross site scripting
42 CVE-2013-0293 269 2019-12-10 2019-12-13
7.2
None Local Low Not required Complete Complete Complete
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
43 CVE-2013-0326 732 2019-12-05 2019-12-13
2.1
None Local Low Not required Partial None None
OpenStack nova base images permissions are world readable
44 CVE-2013-0342 20 2019-12-09 2019-12-11
4.3
None Remote Medium Not required None Partial None
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.
45 CVE-2013-1689 20 DoS 2019-12-10 2019-12-13
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
46 CVE-2013-1793 306 2019-12-10 2019-12-14
5.0
None Remote Low Not required Partial None None
openstack-utils openstack-db has insecure password creation
47 CVE-2013-2011 116 Exec Code 2019-12-26 2020-01-02
6.8
None Remote Medium Not required Partial Partial Partial
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
48 CVE-2013-2016 269 2019-12-30 2020-01-17
6.9
None Local Medium Not required Complete Complete Complete
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
49 CVE-2013-2095 74 2019-12-10 2019-12-17
7.5
None Remote Low Not required Partial Partial Partial
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection
50 CVE-2013-2101 79 XSS 2019-12-03 2019-12-11
3.5
None Remote Medium ??? None Partial None
Katello has multiple XSS issues in various entities
Total number of vulnerabilities : 1577   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.