CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-20197 78 Exec Code 2019-12-31 2020-01-07
9.0
None Remote Low ??? Complete Complete Complete
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
2 CVE-2019-20049 Exec Code Dir. Trav. Bypass 2019-12-27 2020-01-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
3 CVE-2019-20048 434 Exec Code 2019-12-27 2020-01-07
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.
4 CVE-2019-20041 20 Bypass 2019-12-27 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
5 CVE-2019-19996 20 DoS 2019-12-26 2021-07-21
7.8
None Remote Low Not required None None Complete
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
6 CVE-2019-19995 352 CSRF 2019-12-26 2020-01-15
9.3
None Remote Medium Not required Complete Complete Complete
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
7 CVE-2019-19977 125 2019-12-26 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
8 CVE-2019-19952 416 2019-12-24 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
9 CVE-2019-19951 787 Overflow 2019-12-24 2020-01-15
7.5
None Remote Low Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
10 CVE-2019-19950 416 2019-12-24 2020-01-15
7.5
None Remote Low Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
11 CVE-2019-19948 787 Overflow 2019-12-24 2020-09-30
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
12 CVE-2019-19920 78 Exec Code 2019-12-22 2020-09-22
9.0
None Remote Low ??? Complete Complete Complete
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
13 CVE-2019-19919 74 Exec Code 2019-12-20 2021-07-22
7.5
None Remote Low Not required Partial Partial Partial
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
14 CVE-2019-19907 120 2019-12-19 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.
15 CVE-2019-19905 120 Overflow 2019-12-19 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
16 CVE-2019-19899 20 Bypass 2019-12-19 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature.
17 CVE-2019-19846 89 Sql 2019-12-18 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
18 CVE-2019-19826 502 Exec Code 2019-12-16 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
19 CVE-2019-19816 787 2019-12-17 2021-03-15
9.3
None Remote Medium Not required Complete Complete Complete
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
20 CVE-2019-19815 476 2019-12-17 2020-01-03
7.1
None Remote Medium Not required None None Complete
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.
21 CVE-2019-19814 787 2019-12-17 2020-01-03
9.3
None Remote Medium Not required Complete Complete Complete
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.
22 CVE-2019-19813 416 2019-12-17 2021-03-12
7.1
None Remote Medium Not required None None Complete
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
23 CVE-2019-19807 416 2019-12-15 2020-01-30
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
24 CVE-2019-19790 22 Dir. Trav. 2019-12-13 2019-12-30
7.5
None Remote Low Not required Partial Partial Partial
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler).
25 CVE-2019-19782 120 Overflow 2019-12-13 2019-12-16
10.0
None Remote Low Not required Complete Complete Complete
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.
26 CVE-2019-19781 22 Dir. Trav. 2019-12-27 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
27 CVE-2019-19771 20 2019-12-12 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.
28 CVE-2019-19750 2019-12-12 2019-12-30
7.5
None Remote Low Not required Partial Partial Partial
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
29 CVE-2019-19747 521 2019-12-20 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).
30 CVE-2019-19740 89 Sql 2019-12-12 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
31 CVE-2019-19726 269 Exec Code 2019-12-12 2019-12-27
7.2
None Local Low Not required Complete Complete Complete
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
32 CVE-2019-19725 415 2019-12-11 2020-07-27
7.5
None Remote Low Not required Partial Partial Partial
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
33 CVE-2019-19707 DoS 2019-12-11 2019-12-17
7.8
None Remote Low Not required None None Complete
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
34 CVE-2019-19690 521 Bypass 2019-12-18 2019-12-28
7.5
None Remote Low Not required Partial Partial Partial
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
35 CVE-2019-19683 22 Dir. Trav. 2019-12-09 2019-12-17
9.0
None Remote Low ??? Complete Complete Complete
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.
36 CVE-2019-19681 863 Exec Code 2019-12-26 2020-01-21
9.0
None Remote Low ??? Complete Complete Complete
** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands.
37 CVE-2019-19649 89 Sql 2019-12-11 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
38 CVE-2019-19646 754 2019-12-09 2021-07-22
7.5
None Remote Low Not required Partial Partial Partial
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
39 CVE-2019-19642 78 2019-12-08 2019-12-18
9.0
None Remote Low ??? Complete Complete Complete
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.
40 CVE-2019-19638 787 Overflow 2019-12-08 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
41 CVE-2019-19637 190 Overflow 2019-12-08 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
42 CVE-2019-19636 190 Overflow 2019-12-08 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.
43 CVE-2019-19635 787 Overflow 2019-12-08 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
44 CVE-2019-19634 434 2019-12-17 2019-12-21
7.5
None Remote Low Not required Partial Partial Partial
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
45 CVE-2019-19617 2019-12-06 2020-11-10
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
46 CVE-2019-19609 78 Exec Code 2019-12-05 2021-09-14
9.0
None Remote Low ??? Complete Complete Complete
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
47 CVE-2019-19604 20 Exec Code 2019-12-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
48 CVE-2019-19598 287 2019-12-05 2019-12-14
8.3
None Local Network Low Not required Complete Complete Complete
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.
49 CVE-2019-19597 863 Exec Code 2019-12-05 2020-08-24
8.3
None Local Network Low Not required Complete Complete Complete
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
50 CVE-2019-19595 434 Exec Code 2019-12-05 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
Total number of vulnerabilities : 404   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.