CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2019-1465 125 2019-12-10 2020-08-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467.
1352 CVE-2019-1464 200 +Info 2019-12-10 2019-12-11
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
1353 CVE-2019-1463 200 +Info 2019-12-10 2019-12-16
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.
1354 CVE-2019-1462 908 Exec Code 2019-12-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.
1355 CVE-2019-1461 DoS 2019-12-10 2020-08-24
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.
1356 CVE-2019-1458 2019-12-10 2020-10-15
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
1357 CVE-2019-1453 DoS 2019-12-10 2020-08-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
1358 CVE-2019-1400 200 +Info 2019-12-10 2019-12-13
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.
1359 CVE-2019-1387 Exec Code 2019-12-18 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
1360 CVE-2019-1332 79 XSS 2019-12-10 2020-01-15
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.
1361 CVE-2019-0405 200 +Info 2019-12-11 2019-12-17
5.0
None Remote Low Not required Partial None None
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
1362 CVE-2019-0404 209 +Info 2019-12-11 2020-08-24
5.0
None Remote Low Not required Partial None None
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
1363 CVE-2019-0403 1236 Exec Code 2019-12-11 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
1364 CVE-2019-0402 2019-12-11 2020-08-24
2.1
None Local Low Not required Partial None None
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.
1365 CVE-2019-0399 2019-12-11 2020-08-24
4.0
None Remote Low ??? Partial None None
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.
1366 CVE-2019-0398 352 CSRF 2019-12-11 2019-12-17
6.8
None Remote Medium Not required Partial Partial Partial
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
1367 CVE-2019-0395 79 XSS 2019-12-11 2019-12-17
3.5
None Remote Medium ??? None Partial None
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.
1368 CVE-2019-0384 863 2019-12-17 2019-12-20
6.5
None Remote Low ??? Partial Partial Partial
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
1369 CVE-2019-0383 863 2019-12-17 2019-12-20
6.5
None Remote Low ??? Partial Partial Partial
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
1370 CVE-2019-0169 787 DoS Overflow 2019-12-18 2020-02-11
5.8
None Local Network Low Not required Partial Partial Partial
Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.
1371 CVE-2019-0168 20 2019-12-18 2020-01-02
2.1
None Local Low Not required Partial None None
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.
1372 CVE-2019-0166 20 2019-12-18 2020-01-02
5.0
None Remote Low Not required Partial None None
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
1373 CVE-2019-0165 20 DoS 2019-12-18 2020-01-02
2.1
None Local Low Not required None None Partial
Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access.
1374 CVE-2019-0159 2019-12-16 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
1375 CVE-2019-0134 276 Exec Code 2019-12-16 2019-12-23
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege.
1376 CVE-2019-0131 20 DoS 2019-12-18 2020-01-02
4.8
None Local Network Low Not required Partial None Partial
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
1377 CVE-2018-1002102 601 2019-12-05 2020-01-16
2.1
None Remote High ??? Partial None None
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
1378 CVE-2018-20507 306 2019-12-30 2020-01-09
5.0
None Remote Low Not required None Partial None
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
1379 CVE-2018-20501 862 2019-12-30 2020-01-08
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
1380 CVE-2018-20499 918 2019-12-30 2020-01-07
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
1381 CVE-2018-20498 863 2019-12-30 2020-01-08
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
1382 CVE-2018-20497 918 2019-12-30 2020-01-08
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
1383 CVE-2018-20496 79 XSS 2019-12-30 2020-01-07
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
1384 CVE-2018-20495 200 +Info 2019-12-30 2020-01-07
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
1385 CVE-2018-20494 863 2019-12-30 2020-01-07
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
1386 CVE-2018-20493 863 2019-12-30 2020-01-07
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
1387 CVE-2018-20492 863 2019-12-26 2020-01-07
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).
1388 CVE-2018-20491 79 XSS 2019-12-30 2020-01-08
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
1389 CVE-2018-20490 79 XSS 2019-12-30 2020-01-08
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
1390 CVE-2018-20489 287 2019-12-30 2020-01-08
5.0
None Remote Low Not required None Partial None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
1391 CVE-2018-20488 200 +Info 2019-12-30 2020-01-08
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
1392 CVE-2018-19834 287 2019-12-31 2020-01-14
5.0
None Remote Low Not required None Partial None
The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.
1393 CVE-2018-19833 287 2019-12-31 2020-01-14
5.0
None Remote Low Not required None Partial None
The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.
1394 CVE-2018-19832 287 2019-12-31 2020-01-14
5.0
None Remote Low Not required None Partial None
The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.
1395 CVE-2018-19831 287 2019-12-31 2020-01-14
5.0
None Remote Low Not required None Partial None
The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.
1396 CVE-2018-19830 862 2019-12-31 2020-01-14
5.0
None Remote Low Not required None Partial None
The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.
1397 CVE-2018-18288 601 2019-12-26 2020-01-03
5.8
None Remote Medium Not required Partial Partial None
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.
1398 CVE-2018-14476 79 XSS 2019-12-31 2020-03-17
4.3
None Remote Medium Not required None Partial None
GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.
1399 CVE-2018-11980 120 Overflow 2019-12-18 2019-12-22
7.2
None Local Low Not required Complete Complete Complete
When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8937, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDM630, SDM636, SDM660, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
1400 CVE-2018-11805 78 2019-12-12 2020-01-13
7.2
None Local Low Not required Complete Complete Complete
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.