CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2019-19627 200 +Info 2019-12-06 2019-12-13
5.0
None Remote Low Not required Partial None None
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)
252 CVE-2019-19625 200 +Info 2019-12-06 2019-12-13
5.0
None Remote Low Not required Partial None None
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.
253 CVE-2019-19624 125 2019-12-06 2019-12-17
6.4
None Remote Low Not required Partial None Partial
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
254 CVE-2019-19620 281 Bypass 2019-12-06 2019-12-17
2.1
None Local Low Not required None Partial None
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file.
255 CVE-2019-19619 79 XSS 2019-12-06 2019-12-10
4.3
None Remote Medium Not required None Partial None
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.
256 CVE-2019-19617 2019-12-06 2020-11-10
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
257 CVE-2019-19616 639 2019-12-06 2020-08-24
4.0
None Remote Low ??? Partial None None
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.
258 CVE-2019-19609 78 Exec Code 2019-12-05 2021-09-14
9.0
None Remote Low ??? Complete Complete Complete
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
259 CVE-2019-19604 20 Exec Code 2019-12-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
260 CVE-2019-19603 2019-12-09 2021-06-18
5.0
None Remote Low Not required None None Partial
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
261 CVE-2019-19602 119 DoS Overflow Mem. Corr. 2019-12-05 2020-08-24
5.4
None Local Medium Not required Complete None Partial
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
262 CVE-2019-19601 119 Overflow 2019-12-05 2020-02-08
6.8
None Remote Medium Not required Partial Partial Partial
OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.
263 CVE-2019-19598 287 2019-12-05 2019-12-14
8.3
None Local Network Low Not required Complete Complete Complete
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.
264 CVE-2019-19597 863 Exec Code 2019-12-05 2020-08-24
8.3
None Local Network Low Not required Complete Complete Complete
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
265 CVE-2019-19596 79 XSS 2019-12-05 2019-12-06
3.5
None Remote Medium ??? None Partial None
GitBook through 2.6.9 allows XSS via a local .md file.
266 CVE-2019-19595 434 Exec Code 2019-12-05 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
267 CVE-2019-19594 434 Exec Code 2019-12-05 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
268 CVE-2019-19590 190 DoS Exec Code Overflow 2019-12-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.
269 CVE-2019-19589 20 2019-12-05 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload process. It only serves the uploaded PDF files and the responsibility of uploading PDF file remains with the Site owner of Wordpress installation, the upload of PDF file is managed by Wordpress core and not by PDF Embedder Plugin. Control & block of polyglot file is required to be taken care at the time of upload, not on showing the file. Moreover, the reference mentions retrieving the files from the browser cache and manually renaming it to jar for executing the file. That refers to a two step non-connected steps which has nothing to do with PDF Embedder."
270 CVE-2019-19588 835 2019-12-05 2020-08-24
7.8
None Remote Low Not required None None Complete
The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.
271 CVE-2019-19587 79 XSS 2019-12-05 2019-12-06
4.3
None Remote Medium Not required None Partial None
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.
272 CVE-2019-19583 20 DoS 2019-12-11 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.
273 CVE-2019-19582 835 DoS 2019-12-11 2020-01-03
2.1
None Local Low Not required None None Partial
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.
274 CVE-2019-19581 119 DoS Overflow 2019-12-11 2020-01-03
2.1
None Local Low Not required None None Partial
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.
275 CVE-2019-19580 362 +Priv 2019-12-11 2020-01-03
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
276 CVE-2019-19579 20 +Priv 2019-12-04 2020-01-14
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.
277 CVE-2019-19578 682 DoS +Info 2019-12-11 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.
278 CVE-2019-19577 401 DoS +Priv 2019-12-11 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.
279 CVE-2019-19576 434 2019-12-04 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
280 CVE-2019-19555 787 Overflow 2019-12-04 2020-01-22
4.3
None Remote Medium Not required None None Partial
read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.
281 CVE-2019-19553 909 2019-12-05 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
282 CVE-2019-19552 79 Exec Code XSS 2019-12-06 2019-12-10
3.5
None Remote Medium ??? None Partial None
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.
283 CVE-2019-19551 79 XSS 2019-12-06 2019-12-11
3.5
None Remote Medium ??? None Partial None
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.
284 CVE-2019-19546 200 +Info 2019-12-05 2021-07-21
4.0
None Remote Low ??? Partial None None
Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
285 CVE-2019-19545 346 2019-12-05 2019-12-13
6.5
None Remote Low ??? Partial Partial Partial
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
286 CVE-2019-19543 416 2019-12-03 2020-09-24
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
287 CVE-2019-19542 79 XSS 2019-12-26 2019-12-30
3.5
None Remote Medium ??? None Partial None
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
288 CVE-2019-19541 79 XSS 2019-12-26 2020-01-02
3.5
None Remote Medium ??? None Partial None
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
289 CVE-2019-19540 79 XSS 2019-12-26 2019-12-30
4.3
None Remote Medium Not required None Partial None
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
290 CVE-2019-19537 362 2019-12-03 2020-01-18
4.7
None Local Medium Not required None None Complete
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
291 CVE-2019-19536 200 +Info 2019-12-03 2021-07-21
2.1
None Local Low Not required Partial None None
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
292 CVE-2019-19535 200 +Info 2019-12-03 2021-07-21
2.1
None Local Low Not required Partial None None
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
293 CVE-2019-19534 200 +Info 2019-12-03 2021-07-21
2.1
None Local Low Not required Partial None None
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
294 CVE-2019-19533 772 2019-12-03 2020-01-18
2.1
None Local Low Not required Partial None None
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
295 CVE-2019-19532 787 2019-12-03 2020-01-07
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.
296 CVE-2019-19531 416 2019-12-03 2019-12-12
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.
297 CVE-2019-19530 416 2019-12-03 2020-01-18
4.9
None Local Low Not required None None Complete
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
298 CVE-2019-19529 416 2019-12-03 2020-08-12
6.9
None Local Medium Not required Complete Complete Complete
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
299 CVE-2019-19528 416 2019-12-03 2020-03-31
5.6
None Local Low Not required Partial None Complete
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.
300 CVE-2019-19527 416 2019-12-03 2020-03-02
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.