CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2019-6204 79 XSS 2019-12-18 2019-12-31
4.3
None Remote Medium Not required None Partial None
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
1152 CVE-2019-6201 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
1153 CVE-2019-6192 120 DoS Overflow 2019-12-10 2019-12-18
2.1
None Local Low Not required None None Partial
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
1154 CVE-2019-6183 DoS 2019-12-10 2020-08-24
7.8
None Remote Low Not required None None Complete
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.
1155 CVE-2019-6147 704 2019-12-23 2021-09-16
4.3
None Remote Medium Not required None Partial None
Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable.
1156 CVE-2019-6035 601 2019-12-26 2020-01-04
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
1157 CVE-2019-6034 74 2019-12-26 2020-01-08
4.3
None Remote Medium Not required None Partial None
a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.
1158 CVE-2019-6033 79 XSS 2019-12-26 2020-01-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1159 CVE-2019-6032 295 +Info 2019-12-26 2020-01-10
5.8
None Remote Medium Not required Partial Partial None
The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
1160 CVE-2019-6031 79 XSS 2019-12-26 2020-01-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader.
1161 CVE-2019-6030 352 CSRF 2019-12-26 2020-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
1162 CVE-2019-6029 79 XSS 2019-12-26 2020-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1163 CVE-2019-6027 352 CSRF 2019-12-26 2020-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
1164 CVE-2019-6026 Exec Code 2019-12-26 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code.
1165 CVE-2019-6025 601 2019-12-26 2020-01-10
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
1166 CVE-2019-6024 522 Bypass +Info 2019-12-26 2020-01-02
4.3
None Remote Medium Not required Partial None None
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.
1167 CVE-2019-6023 Bypass 2019-12-26 2020-08-24
4.0
None Remote Low ??? Partial None None
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
1168 CVE-2019-6022 22 Dir. Trav. 2019-12-26 2019-12-30
4.0
None Remote Low ??? None Partial None
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
1169 CVE-2019-6021 601 2019-12-26 2020-01-06
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
1170 CVE-2019-6020 601 2019-12-26 2020-01-06
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
1171 CVE-2019-6019 426 +Priv 2019-12-26 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1172 CVE-2019-6018 79 XSS 2019-12-26 2020-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1173 CVE-2019-6017 2019-12-26 2020-08-24
5.0
None Remote Low Not required Partial None None
REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors.
1174 CVE-2019-6016 79 XSS 2019-12-26 2020-01-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1175 CVE-2019-6014 78 Exec Code 2019-12-26 2020-01-07
8.3
None Local Network Low Not required Complete Complete Complete
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.
1176 CVE-2019-6013 78 Exec Code 2019-12-26 2020-01-07
6.8
None Local Low ??? Complete Complete Complete
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
1177 CVE-2019-6012 89 Exec Code Sql 2019-12-26 2020-01-03
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
1178 CVE-2019-6011 79 XSS 2019-12-26 2020-01-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1179 CVE-2019-6008 428 Exec Code +Priv 2019-12-26 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
1180 CVE-2019-5843 787 Mem. Corr. 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1181 CVE-2019-5841 787 Mem. Corr. 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1182 CVE-2019-5815 843 2019-12-11 2021-07-21
5.0
None Remote Low Not required None None Partial
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
1183 CVE-2019-5702 DoS 2019-12-24 2020-08-24
4.4
None Local Medium Not required Partial Partial Partial
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
1184 CVE-2019-5544 787 2019-12-06 2020-05-15
7.5
None Remote Low Not required Partial Partial Partial
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
1185 CVE-2019-5539 426 2019-12-23 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.
1186 CVE-2019-5487 2019-12-18 2020-10-22
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.
1187 CVE-2019-5486 287 Bypass 2019-12-18 2019-12-30
6.5
None Remote Low ??? Partial Partial Partial
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
1188 CVE-2019-5469 639 2019-12-18 2019-12-27
5.5
None Remote Low ??? None Partial Partial
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
1189 CVE-2019-5291 345 2019-12-13 2019-12-19
4.3
None Remote Medium Not required None None Partial
Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.
1190 CVE-2019-5290 20 2019-12-13 2021-07-21
4.0
None Remote Low ??? None None Partial
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.
1191 CVE-2019-5278 125 2019-12-13 2019-12-19
4.0
None Remote Low ??? None None Partial
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.
1192 CVE-2019-5277 +Info 2019-12-13 2020-08-24
5.0
None Remote Low Not required Partial None None
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
1193 CVE-2019-5276 120 Overflow 2019-12-23 2019-12-27
5.8
None Local Network Low Not required Partial Partial Partial
Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
1194 CVE-2019-5275 787 DoS Overflow 2019-12-26 2019-12-31
5.0
None Remote Low Not required None None Partial
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate to perform a denial of service attack on the affected products.
1195 CVE-2019-5274 120 DoS 2019-12-26 2021-07-21
5.0
None Remote Low Not required None None Partial
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a denial of service attack on the affected products.
1196 CVE-2019-5273 120 DoS 2019-12-26 2019-12-31
5.0
None Remote Low Not required None None Partial
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a denial of service on the affected products.
1197 CVE-2019-5272 354 2019-12-26 2019-12-31
4.0
None Remote Low ??? None Partial None
USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection.
1198 CVE-2019-5267 2019-12-23 2020-08-24
2.1
None Local Low Not required Partial None None
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure.
1199 CVE-2019-5266 20 2019-12-23 2019-12-27
5.0
None Remote Low Not required None None Partial
Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled.
1200 CVE-2019-5265 +Info 2019-12-23 2020-08-24
5.0
None Remote Low Not required Partial None None
Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information leakage.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.