CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2019-7488 521 2019-12-23 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
1102 CVE-2019-7487 428 Exec Code 2019-12-19 2020-01-08
4.6
None Local Low Not required Partial Partial Partial
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.
1103 CVE-2019-7486 94 Exec Code 2019-12-19 2019-12-31
6.5
None Remote Low ??? Partial Partial Partial
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.
1104 CVE-2019-7485 120 Exec Code Overflow 2019-12-19 2019-12-31
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
1105 CVE-2019-7484 89 Sql 2019-12-19 2019-12-31
4.0
None Remote Low ??? Partial None None
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
1106 CVE-2019-7483 22 Dir. Trav. 2019-12-19 2019-12-31
5.0
None Remote Low Not required Partial None None
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
1107 CVE-2019-7482 787 Exec Code Overflow 2019-12-19 2019-12-31
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
1108 CVE-2019-7481 89 Sql 2019-12-17 2021-09-14
5.0
None Remote Low Not required Partial None None
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
1109 CVE-2019-7479 269 2019-12-31 2020-10-09
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
1110 CVE-2019-7478 89 Sql 2019-12-31 2020-01-09
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
1111 CVE-2019-7366 120 Overflow 2019-12-03 2019-12-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.
1112 CVE-2019-7365 426 Exec Code 2019-12-03 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.
1113 CVE-2019-7293 787 Mem. Corr. 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.
1114 CVE-2019-7292 20 2019-12-18 2019-12-31
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.
1115 CVE-2019-7290 610 2019-12-18 2019-12-31
7.5
None Remote Low Not required Partial Partial Partial
An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.
1116 CVE-2019-7289 22 Dir. Trav. 2019-12-18 2020-08-24
2.1
None Local Low Not required Partial None None
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.
1117 CVE-2019-7287 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.
1118 CVE-2019-7286 787 +Priv Mem. Corr. 2019-12-18 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
1119 CVE-2019-7285 416 Exec Code 2019-12-18 2020-01-02
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1120 CVE-2019-7284 2019-12-18 2020-08-24
4.3
None Remote Medium Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
1121 CVE-2019-7201 428 Exec Code 2019-12-04 2020-05-14
7.2
None Local Low Not required Complete Complete Complete
An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.
1122 CVE-2019-7197 79 XSS 2019-12-04 2019-12-06
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.
1123 CVE-2019-7195 610 2019-12-05 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
1124 CVE-2019-7194 610 2019-12-05 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
1125 CVE-2019-7193 20 2019-12-05 2020-05-28
10.0
None Remote Low Not required Complete Complete Complete
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
1126 CVE-2019-7192 269 2019-12-05 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
1127 CVE-2019-7185 79 XSS 2019-12-05 2020-02-10
3.5
None Remote Medium ??? None Partial None
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.
1128 CVE-2019-7184 79 XSS 2019-12-05 2020-02-10
3.5
None Remote Medium ??? None Partial None
This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions.
1129 CVE-2019-7183 59 2019-12-05 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.
1130 CVE-2019-7162 2019-12-31 2020-08-24
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
1131 CVE-2019-7004 79 Exec Code XSS 2019-12-12 2020-02-24
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
1132 CVE-2019-6688 2019-12-23 2020-08-24
4.0
None Remote Low ??? Partial None None
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files.
1133 CVE-2019-6687 295 2019-12-23 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints.
1134 CVE-2019-6686 2019-12-23 2020-08-24
5.0
None Remote Low Not required None None Partial
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pending messages on a single virtual server has reached 32K.
1135 CVE-2019-6685 269 Exec Code 2019-12-23 2019-12-30
4.6
None Local Low Not required Partial Partial Partial
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.
1136 CVE-2019-6684 2019-12-23 2020-08-24
5.0
None Remote Low Not required None None Partial
On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.
1137 CVE-2019-6683 400 2019-12-23 2019-12-30
4.3
None Remote Medium Not required None None Partial
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.
1138 CVE-2019-6682 400 2019-12-23 2019-12-30
4.3
None Remote Medium Not required None None Partial
On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning.
1139 CVE-2019-6681 772 2019-12-23 2021-07-21
7.8
None Remote Low Not required None None Complete
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.
1140 CVE-2019-6680 2019-12-23 2020-08-24
7.8
None Remote Low Not required None None Complete
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding.
1141 CVE-2019-6679 59 2019-12-23 2020-01-02
3.6
None Local Low Not required None Partial Partial
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.
1142 CVE-2019-6678 2019-12-23 2020-08-24
4.3
None Remote Medium Not required None None Partial
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.
1143 CVE-2019-6677 2019-12-23 2020-08-24
5.0
None Remote Low Not required None None Partial
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule.
1144 CVE-2019-6676 2019-12-23 2020-08-24
5.0
None Remote Low Not required None None Partial
On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.
1145 CVE-2019-6239 Bypass 2019-12-18 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.
1146 CVE-2019-6237 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
1147 CVE-2019-6236 362 Exec Code 2019-12-18 2019-12-21
7.6
None Remote High Not required Complete Complete Complete
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.
1148 CVE-2019-6232 362 Exec Code 2019-12-18 2019-12-21
7.6
None Remote High Not required Complete Complete Complete
A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.
1149 CVE-2019-6222 2019-12-18 2020-08-24
4.3
None Remote Medium Not required Partial None None
A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown.
1150 CVE-2019-6207 125 2019-12-18 2019-12-22
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.