CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2019-16461 125 2019-12-19 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
602 CVE-2019-16460 119 Exec Code Overflow 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
603 CVE-2019-16459 416 Exec Code 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
604 CVE-2019-16458 125 2019-12-19 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
605 CVE-2019-16457 125 2019-12-19 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
606 CVE-2019-16456 125 2019-12-19 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
607 CVE-2019-16455 119 Exec Code Overflow 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
608 CVE-2019-16454 787 Exec Code 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
609 CVE-2019-16453 Exec Code Bypass 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
610 CVE-2019-16452 416 Exec Code 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
611 CVE-2019-16451 787 Exec Code Overflow 2019-12-19 2021-11-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
612 CVE-2019-16450 787 Exec Code 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
613 CVE-2019-16449 125 2019-12-19 2021-09-08
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
614 CVE-2019-16448 416 Exec Code 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
615 CVE-2019-16446 119 Exec Code Overflow 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
616 CVE-2019-16445 416 Exec Code 2019-12-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
617 CVE-2019-16444 2019-12-19 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation.
618 CVE-2019-16327 287 Bypass 2019-12-26 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product.
619 CVE-2019-16326 352 CSRF 2019-12-26 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.
620 CVE-2019-16246 200 Exec Code +Info File Inclusion 2019-12-12 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.
621 CVE-2019-15936 434 2019-12-12 2019-12-13
7.5
None Remote Low Not required Partial Partial Partial
Intesync Solismed 3.3sp allows Insecure File Upload.
622 CVE-2019-15935 79 XSS 2019-12-12 2019-12-13
4.3
None Remote Medium Not required None Partial None
Intesync Solismed 3.3sp has XSS.
623 CVE-2019-15934 352 CSRF 2019-12-12 2019-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Intesync Solismed 3.3sp has CSRF.
624 CVE-2019-15933 89 Sql 2019-12-12 2019-12-13
7.5
None Remote Low Not required Partial Partial Partial
Intesync Solismed 3.3sp has SQL Injection.
625 CVE-2019-15932 306 2019-12-12 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Intesync Solismed 3.3sp has Incorrect Access Control.
626 CVE-2019-15931 22 Dir. Trav. 2019-12-12 2019-12-13
7.5
None Remote Low Not required Partial Partial Partial
Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.
627 CVE-2019-15930 1021 2019-12-12 2019-12-13
4.3
None Remote Medium Not required None Partial None
Intesync Solismed 3.3sp allows Clickjacking.
628 CVE-2019-15915 20 DoS 2019-12-20 2020-01-03
5.0
None Remote Low Not required None None Partial
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.
629 CVE-2019-15914 20 DoS 2019-12-20 2020-01-03
5.0
None Remote Low Not required None None Partial
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
630 CVE-2019-15913 639 DoS 2019-12-20 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.
631 CVE-2019-15912 20 DoS 2019-12-20 2020-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
632 CVE-2019-15911 319 DoS +Info 2019-12-20 2020-01-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.
633 CVE-2019-15910 20 DoS 2019-12-20 2020-01-15
5.0
None Remote Low Not required None None Partial
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.
634 CVE-2019-15897 287 Bypass 2019-12-05 2020-08-24
8.3
None Local Network Low Not required Complete Complete Complete
beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).
635 CVE-2019-15695 787 Exec Code Overflow 2019-12-26 2020-10-16
6.5
None Remote Low ??? Partial Partial Partial
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
636 CVE-2019-15694 787 Exec Code Overflow 2019-12-26 2020-10-16
6.5
None Remote Low ??? Partial Partial Partial
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
637 CVE-2019-15693 787 Exec Code Overflow 2019-12-26 2020-01-21
6.5
None Remote Low ??? Partial Partial Partial
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
638 CVE-2019-15692 787 Exec Code Overflow 2019-12-26 2020-01-21
6.5
None Remote Low ??? Partial Partial Partial
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
639 CVE-2019-15691 672 Exec Code 2019-12-26 2020-01-21
6.5
None Remote Low ??? Partial Partial Partial
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
640 CVE-2019-15689 668 Exec Code Bypass 2019-12-02 2019-12-18
4.6
None Local Low Not required Partial Partial Partial
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
641 CVE-2019-15638 427 2019-12-04 2019-12-14
4.4
None Local Medium Not required Partial Partial Partial
COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
642 CVE-2019-15631 Exec Code 2019-12-02 2019-12-13
7.5
None Remote Low Not required Partial Partial Partial
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
643 CVE-2019-15628 426 2019-12-02 2019-12-13
6.9
None Local Medium Not required Complete Complete Complete
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
644 CVE-2019-15600 22 Dir. Trav. 2019-12-18 2019-12-23
5.0
None Remote Low Not required Partial None None
A Path traversal exists in http_server which allows an attacker to read arbitrary system files.
645 CVE-2019-15599 94 Exec Code 2019-12-18 2021-10-29
7.5
None Remote Low Not required Partial Partial Partial
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
646 CVE-2019-15598 78 Exec Code 2019-12-18 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
647 CVE-2019-15597 94 Exec Code 2019-12-18 2021-10-29
7.5
None Remote Low Not required Partial Partial Partial
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
648 CVE-2019-15596 22 Dir. Trav. 2019-12-18 2019-12-27
5.0
None Remote Low Not required Partial None None
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.
649 CVE-2019-15591 2019-12-18 2020-10-09
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
650 CVE-2019-15589 2019-12-18 2019-12-27
6.5
None Remote Low ??? Partial Partial Partial
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.