CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2019-8552 665 2019-12-18 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.
1052 CVE-2019-8551 79 XSS 2019-12-18 2019-12-30
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.
1053 CVE-2019-8550 459 2019-12-18 2020-08-24
4.3
None Remote Medium Not required Partial None None
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
1054 CVE-2019-8549 20 Exec Code 2019-12-18 2019-12-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.
1055 CVE-2019-8548 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.
1056 CVE-2019-8546 200 +Info 2019-12-18 2021-07-21
2.1
None Local Low Not required Partial None None
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.
1057 CVE-2019-8545 787 Mem. Corr. 2019-12-18 2020-08-24
6.6
None Local Low Not required Complete None Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory.
1058 CVE-2019-8544 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1059 CVE-2019-8542 120 Overflow 2019-12-18 2019-12-30
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious application may be able to elevate privileges.
1060 CVE-2019-8541 2019-12-18 2019-12-30
2.1
None Local Low Not required Partial None None
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.
1061 CVE-2019-8540 665 2019-12-18 2019-12-30
7.1
None Remote Medium Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
1062 CVE-2019-8537 2019-12-18 2022-01-01
2.1
None Local Low Not required Partial None None
An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.
1063 CVE-2019-8536 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1064 CVE-2019-8535 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1065 CVE-2019-8533 287 2019-12-18 2019-12-26
4.6
None Local Low Not required Partial Partial Partial
A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor.
1066 CVE-2019-8530 2019-12-18 2020-08-24
5.8
None Remote Medium Not required None Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.
1067 CVE-2019-8529 787 Exec Code Mem. Corr. 2019-12-18 2019-12-30
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. An application may be able to execute arbitrary code with kernel privileges.
1068 CVE-2019-8527 120 Overflow 2019-12-18 2019-12-30
9.4
None Remote Low Not required None Complete Complete
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
1069 CVE-2019-8526 416 +Priv 2019-12-18 2019-12-20
7.2
None Local Low Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
1070 CVE-2019-8524 416 Exec Code Mem. Corr. 2019-12-18 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1071 CVE-2019-8523 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1072 CVE-2019-8522 522 2019-12-18 2021-07-21
2.1
None Local Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
1073 CVE-2019-8521 2019-12-18 2020-08-24
5.8
None Remote Medium Not required None Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.
1074 CVE-2019-8520 125 2019-12-18 2019-12-20
2.1
None Local Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.
1075 CVE-2019-8519 125 2019-12-18 2019-12-26
2.1
None Local Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.
1076 CVE-2019-8518 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1077 CVE-2019-8517 125 2019-12-18 2019-12-31
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.
1078 CVE-2019-8516 20 DoS 2019-12-18 2019-12-30
5.0
None Remote Low Not required None None Partial
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.
1079 CVE-2019-8515 200 +Info 2019-12-18 2021-07-21
4.3
None Remote Medium Not required Partial None None
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.
1080 CVE-2019-8514 +Priv 2019-12-18 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
1081 CVE-2019-8513 78 Exec Code 2019-12-18 2019-12-22
7.2
None Local Low Not required Complete Complete Complete
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
1082 CVE-2019-8512 863 2019-12-18 2019-12-31
7.9
None Remote Medium ??? None Complete Complete
This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.
1083 CVE-2019-8511 120 Overflow 2019-12-18 2019-12-31
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.
1084 CVE-2019-8510 125 2019-12-18 2019-12-22
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
1085 CVE-2019-8508 120 Exec Code Overflow 2019-12-18 2019-12-22
7.2
None Local Low Not required Complete Complete Complete
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.
1086 CVE-2019-8507 20 Mem. Corr. 2019-12-18 2019-12-20
2.1
None Local Low Not required None None Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.
1087 CVE-2019-8506 843 Exec Code 2019-12-18 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1088 CVE-2019-8505 79 XSS 2019-12-18 2019-12-31
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
1089 CVE-2019-8504 665 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.
1090 CVE-2019-8503 20 2019-12-18 2019-12-31
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website.
1091 CVE-2019-8502 20 2019-12-18 2019-12-31
4.3
None Remote Medium Not required None Partial None
An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.
1092 CVE-2019-8463 59 DoS 2019-12-23 2020-01-03
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.
1093 CVE-2019-8293 434 Exec Code 2019-12-23 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
1094 CVE-2019-8256 276 2019-12-19 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.
1095 CVE-2019-8255 77 Exec Code 2019-12-19 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
1096 CVE-2019-8254 787 Exec Code Mem. Corr. 2019-12-19 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
1097 CVE-2019-8253 787 Exec Code Mem. Corr. 2019-12-19 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
1098 CVE-2019-7751 22 Exec Code Dir. Trav. File Inclusion 2019-12-31 2020-01-14
5.0
None Remote Low Not required Partial None None
A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.
1099 CVE-2019-7621 79 XSS 2019-12-18 2020-02-10
3.5
None Remote Medium ??? None Partial None
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim�s browser.
1100 CVE-2019-7489 Exec Code 2019-12-23 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.