CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-20197 78 Exec Code 2019-12-31 2020-01-07
9.0
None Remote Low ??? Complete Complete Complete
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
2 CVE-2019-20140 787 Overflow 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.
3 CVE-2019-20094 787 Overflow 2019-12-30 2020-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.
4 CVE-2019-20090 416 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
5 CVE-2019-20089 125 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.
6 CVE-2019-20088 125 2019-12-30 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c.
7 CVE-2019-20087 125 2019-12-30 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature.
8 CVE-2019-20086 125 2019-12-30 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c.
9 CVE-2019-20079 416 2019-12-30 2020-10-20
6.8
None Remote Medium Not required Partial Partial Partial
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
10 CVE-2019-20063 665 2019-12-29 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.
11 CVE-2019-20055 918 2019-12-29 2020-01-02
6.4
None Remote Low Not required Partial Partial None
LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets.
12 CVE-2019-20049 Exec Code Dir. Trav. Bypass 2019-12-27 2020-01-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
13 CVE-2019-20048 434 Exec Code 2019-12-27 2020-01-07
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.
14 CVE-2019-20041 20 Bypass 2019-12-27 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
15 CVE-2019-20014 415 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
16 CVE-2019-20011 125 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
17 CVE-2019-20010 416 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
18 CVE-2019-19999 918 2019-12-26 2020-01-08
6.5
None Remote Low ??? Partial Partial Partial
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
19 CVE-2019-19996 20 DoS 2019-12-26 2021-07-21
7.8
None Remote Low Not required None None Complete
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
20 CVE-2019-19995 352 CSRF 2019-12-26 2020-01-15
9.3
None Remote Medium Not required Complete Complete Complete
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
21 CVE-2019-19984 863 2019-12-26 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
22 CVE-2019-19979 352 XSS CSRF 2019-12-26 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.
23 CVE-2019-19977 125 2019-12-26 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
24 CVE-2019-19954 427 +Priv 2019-12-24 2020-08-24
6.9
None Local Medium Not required Complete Complete Complete
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
25 CVE-2019-19953 125 2019-12-24 2020-01-15
6.4
None Remote Low Not required Partial None Partial
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
26 CVE-2019-19952 416 2019-12-24 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
27 CVE-2019-19951 787 Overflow 2019-12-24 2020-01-15
7.5
None Remote Low Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
28 CVE-2019-19950 416 2019-12-24 2020-01-15
7.5
None Remote Low Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
29 CVE-2019-19949 125 2019-12-24 2020-09-30
6.4
None Remote Low Not required Partial None Partial
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
30 CVE-2019-19948 787 Overflow 2019-12-24 2020-09-30
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
31 CVE-2019-19931 787 Overflow 2019-12-23 2019-12-30
6.8
None Remote Medium Not required Partial Partial Partial
In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow.
32 CVE-2019-19929 426 Exec Code 2019-12-23 2020-01-03
6.9
None Local Medium Not required Complete Complete Complete
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product.
33 CVE-2019-19920 78 Exec Code 2019-12-22 2020-09-22
9.0
None Remote Low ??? Complete Complete Complete
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
34 CVE-2019-19919 74 Exec Code 2019-12-20 2021-07-22
7.5
None Remote Low Not required Partial Partial Partial
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
35 CVE-2019-19918 787 Overflow 2019-12-20 2020-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
36 CVE-2019-19917 120 Overflow 2019-12-20 2020-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
37 CVE-2019-19915 352 XSS CSRF 2019-12-19 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.
38 CVE-2019-19909 94 2019-12-19 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.
39 CVE-2019-19907 120 2019-12-19 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.
40 CVE-2019-19905 120 Overflow 2019-12-19 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
41 CVE-2019-19902 200 Exec Code +Info 2019-12-19 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.
42 CVE-2019-19899 20 Bypass 2019-12-19 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature.
43 CVE-2019-19882 732 2019-12-18 2020-08-25
6.9
None Local Medium Not required Complete Complete Complete
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).
44 CVE-2019-19850 89 Sql 2019-12-17 2019-12-20
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
45 CVE-2019-19849 502 2019-12-17 2019-12-23
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
46 CVE-2019-19848 22 Dir. Trav. 2019-12-17 2019-12-23
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
47 CVE-2019-19847 787 Overflow 2019-12-17 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c.
48 CVE-2019-19846 89 Sql 2019-12-18 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
49 CVE-2019-19832 352 CSRF 2019-12-18 2019-12-23
6.8
None Remote Medium Not required Partial Partial Partial
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
50 CVE-2019-19826 502 Exec Code 2019-12-16 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Total number of vulnerabilities : 677   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.