CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2013-4621 287 Bypass 2019-12-27 2020-01-04
7.5
None Remote Low Not required Partial Partial Partial
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities
1502 CVE-2013-4593 287 2019-12-11 2019-12-16
5.0
None Remote Low Not required None Partial None
RubyGem omniauth-facebook has an access token security vulnerability
1503 CVE-2013-4486 74 2019-12-03 2019-12-05
6.8
None Remote Medium Not required Partial Partial Partial
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging
1504 CVE-2013-4411 863 2019-12-03 2019-12-11
4.0
None Remote Low ??? Partial None None
Review Board: URL processing gives unauthorized users access to review lists
1505 CVE-2013-4410 863 2019-12-02 2019-12-13
5.0
None Remote Low Not required Partial None None
ReviewBoard: has an access-control problem in REST API
1506 CVE-2013-4357 120 DoS 2019-12-31 2020-01-14
5.0
None Remote Low Not required None None Partial
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
1507 CVE-2013-4318 74 2019-12-26 2020-01-02
3.5
None Remote Medium ??? None Partial None
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.
1508 CVE-2013-4303 79 XSS 2019-12-11 2019-12-19
4.3
None Remote Medium Not required None Partial None
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.
1509 CVE-2013-4245 20 Exec Code 2019-12-11 2019-12-13
4.4
None Local Medium Not required Partial Partial Partial
Orca has arbitrary code execution due to insecure Python module load
1510 CVE-2013-4235 367 2019-12-03 2021-02-25
3.3
None Local Medium Not required None Partial Partial
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
1511 CVE-2013-4184 59 2019-12-10 2019-12-17
3.6
None Local Low Not required None Partial Partial
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
1512 CVE-2013-4161 269 2019-12-31 2021-06-02
7.2
None Local Low Not required Complete Complete Complete
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.
1513 CVE-2013-4158 79 XSS 2019-12-11 2019-12-17
4.3
None Remote Medium Not required None Partial None
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)
1514 CVE-2013-4133 404 2019-12-10 2019-12-17
7.8
None Remote Low Not required None None Complete
kde-workspace before 4.10.5 has a memory leak in plasma desktop
1515 CVE-2013-4120 400 DoS 2019-12-10 2019-12-10
5.0
None Remote Low Not required None None Partial
Katello has a Denial of Service vulnerability in API OAuth authentication
1516 CVE-2013-3691 400 DoS 2019-12-11 2019-12-16
7.8
None Remote Low Not required None None Complete
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.
1517 CVE-2013-3542 798 2019-12-11 2019-12-19
10.0
None Remote Low Not required Complete Complete Complete
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
1518 CVE-2013-3088 287 Bypass 2019-12-26 2020-01-16
9.3
None Remote Medium Not required Complete Complete Complete
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
1519 CVE-2013-3085 287 Bypass 2019-12-26 2020-01-09
7.5
None Remote Low Not required Partial Partial Partial
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
1520 CVE-2013-2745 89 Sql 2019-12-04 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
1521 CVE-2013-2228 307 2019-12-03 2019-12-13
4.3
None Remote Medium Not required Partial None None
SaltStack RSA Key Generation allows remote users to decrypt communications
1522 CVE-2013-2183 668 Bypass 2019-12-10 2019-12-13
3.6
None Local Low Not required Partial Partial None
Monkey HTTP Daemon has local security bypass
1523 CVE-2013-2167 345 Bypass 2019-12-10 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
1524 CVE-2013-2166 326 Bypass 2019-12-10 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
1525 CVE-2013-2159 287 2019-12-10 2019-12-13
7.5
None Remote Low Not required Partial Partial Partial
Monkey HTTP Daemon: broken user name authentication
1526 CVE-2013-2106 522 2019-12-03 2019-12-10
5.0
None Remote Low Not required Partial None None
webauth before 4.6.1 has authentication credential disclosure
1527 CVE-2013-2103 20 2019-12-03 2019-12-13
5.5
None Remote Low ??? Partial Partial None
OpenShift cartridge allows remote URL retrieval
1528 CVE-2013-2101 79 XSS 2019-12-03 2019-12-11
3.5
None Remote Medium ??? None Partial None
Katello has multiple XSS issues in various entities
1529 CVE-2013-2095 74 2019-12-10 2019-12-17
7.5
None Remote Low Not required Partial Partial Partial
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection
1530 CVE-2013-2016 269 2019-12-30 2020-01-17
6.9
None Local Medium Not required Complete Complete Complete
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
1531 CVE-2013-2011 116 Exec Code 2019-12-26 2020-01-02
6.8
None Remote Medium Not required Partial Partial Partial
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
1532 CVE-2013-1793 306 2019-12-10 2019-12-14
5.0
None Remote Low Not required Partial None None
openstack-utils openstack-db has insecure password creation
1533 CVE-2013-1689 20 DoS 2019-12-10 2019-12-13
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
1534 CVE-2013-0342 20 2019-12-09 2019-12-11
4.3
None Remote Medium Not required None Partial None
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.
1535 CVE-2013-0326 732 2019-12-05 2019-12-13
2.1
None Local Low Not required Partial None None
OpenStack nova base images permissions are world readable
1536 CVE-2013-0293 269 2019-12-10 2019-12-13
7.2
None Local Low Not required Complete Complete Complete
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
1537 CVE-2013-0283 79 XSS 2019-12-05 2019-12-09
3.5
None Remote Medium ??? None Partial None
Katello: Username in Notification page has cross site scripting
1538 CVE-2013-0264 295 2019-12-30 2020-01-10
5.0
None Remote Low Not required None Partial None
An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.
1539 CVE-2013-0243 20 2019-12-05 2019-12-17
5.8
None Remote Medium Not required Partial Partial None
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
1540 CVE-2013-0202 79 XSS 2019-12-17 2019-12-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
1541 CVE-2013-0196 352 CSRF 2019-12-30 2020-01-08
4.3
None Remote Medium Not required None Partial None
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
1542 CVE-2013-0163 668 2019-12-05 2019-12-14
2.1
None Local Low Not required None None Partial
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
1543 CVE-2012-6111 20 2019-12-20 2020-01-02
5.0
None Remote Low Not required Partial None None
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
1544 CVE-2012-6094 863 2019-12-20 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
1545 CVE-2012-5663 269 2019-12-30 2020-01-10
5.0
None Remote Low Not required None Partial None
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
1546 CVE-2012-5645 400 DoS 2019-12-30 2020-01-03
7.8
None Remote Low Not required None None Complete
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.
1547 CVE-2012-5639 20 2019-12-20 2020-10-26
4.3
None Remote Medium Not required Partial None None
LibreOffice and OpenOffice automatically open embedded content
1548 CVE-2012-5562 319 2019-12-02 2019-12-13
3.3
None Local Network Low Not required Partial None None
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
1549 CVE-2012-5476 200 +Info 2019-12-30 2020-01-09
2.1
None Local Low Not required Partial None None
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
1550 CVE-2012-5474 311 2019-12-30 2021-03-09
2.1
None Local Low Not required Partial None None
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.