CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2012-4980 787 Exec Code Overflow 2019-12-27 2019-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.
1552 CVE-2012-4576 20 +Priv 2019-12-02 2019-12-11
7.2
None Local Low Not required Complete Complete Complete
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
1553 CVE-2012-4526 79 XSS 2019-12-02 2019-12-04
4.3
None Remote Medium Not required None Partial None
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
1554 CVE-2012-4525 79 XSS 2019-12-02 2019-12-04
4.3
None Remote Medium Not required None Partial None
piwigo has XSS in password.php
1555 CVE-2012-4480 269 2019-12-02 2019-12-13
4.6
None Local Low Not required Partial Partial Partial
mom creates world-writable pid files in /var/run
1556 CVE-2012-4428 125 2019-12-02 2019-12-16
5.0
None Remote Low Not required None None Partial
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
1557 CVE-2012-4420 200 +Info 2019-12-26 2020-01-14
5.0
None Remote Low Not required Partial None None
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.
1558 CVE-2012-3462 287 2019-12-26 2020-01-03
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
1559 CVE-2012-3409 20 2019-12-20 2020-01-03
4.6
None Local Low Not required Partial Partial Partial
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
1560 CVE-2012-2736 306 2019-12-26 2020-01-04
3.3
None Local Medium Not required Partial Partial None
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
1561 CVE-2012-2656 611 +Info 2019-12-18 2019-12-23
5.0
None Remote Low Not required Partial None None
An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.
1562 CVE-2012-2312 269 2019-12-18 2019-12-23
4.6
None Local Low Not required Partial Partial Partial
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
1563 CVE-2012-2237 79 XSS 2019-12-17 2019-12-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
1564 CVE-2012-2148 269 2019-12-06 2019-12-16
1.9
None Local Medium Not required Partial None None
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
1565 CVE-2012-2130 326 Bypass 2019-12-06 2019-12-18
5.8
None Remote Medium Not required Partial Partial None
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
1566 CVE-2012-2092 347 Bypass 2019-12-06 2019-12-17
4.3
None Remote Medium Not required None Partial None
A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.
1567 CVE-2012-1615 269 2019-12-06 2019-12-16
4.6
None Local Low Not required Partial Partial Partial
A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.
1568 CVE-2012-1592 434 Exec Code 2019-12-05 2020-09-04
6.5
None Remote Low ??? Partial Partial Partial
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
1569 CVE-2012-1577 335 2019-12-10 2019-12-17
7.5
None Remote Low Not required Partial Partial Partial
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
1570 CVE-2012-1115 79 XSS 2019-12-05 2019-12-09
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
1571 CVE-2012-1114 79 XSS 2019-12-05 2019-12-12
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
1572 CVE-2012-1105 200 +Info 2019-12-05 2019-12-17
2.1
None Local Low Not required Partial None None
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
1573 CVE-2012-1104 269 Bypass 2019-12-05 2019-12-16
5.0
None Remote Low Not required None Partial None
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
1574 CVE-2011-3585 362 DoS 2019-12-31 2020-01-10
1.9
None Local Medium Not required None None Partial
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
1575 CVE-2011-1474 400 2019-12-26 2020-01-10
4.9
None Local Low Not required None None Complete
A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash.
1576 CVE-2007-0158 787 2019-12-27 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
thttpd 2007 has buffer underflow.
1577 CVE-2004-2776 Exec Code 2019-12-31 2020-01-14
7.5
None Remote Low Not required Partial Partial Partial
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.