CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2019-19316 327 2019-12-02 2021-07-21
4.3
None Remote Medium Not required Partial None None
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
352 CVE-2019-19315 732 2019-12-17 2019-12-31
6.9
None Local Medium Not required Complete Complete Complete
NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.
353 CVE-2019-19264 200 +Info 2019-12-17 2021-07-21
5.0
None Remote Low Not required Partial None None
In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI.
354 CVE-2019-19251 1188 2019-12-10 2020-08-24
5.0
None Remote Low Not required Partial None None
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.
355 CVE-2019-19248 2019-12-12 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).
356 CVE-2019-19247 2019-12-12 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).
357 CVE-2019-19245 89 Sql 2019-12-02 2019-12-11
7.5
None Remote Low Not required Partial Partial Partial
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
358 CVE-2019-19241 Bypass 2019-12-17 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.
359 CVE-2019-19235 20 Exec Code 2019-12-18 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.
360 CVE-2019-19234 2019-12-19 2020-01-30
5.0
None Remote Low Not required None Partial None
** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.
361 CVE-2019-19232 2019-12-19 2020-01-30
5.0
None Remote Low Not required None Partial None
** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.
362 CVE-2019-19231 +Priv 2019-12-20 2020-10-22
4.6
None Local Low Not required Partial Partial Partial
An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.
363 CVE-2019-19230 502 Exec Code 2019-12-09 2019-12-12
7.5
None Remote Low Not required Partial Partial Partial
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
364 CVE-2019-19229 22 Dir. Trav. 2019-12-04 2019-12-16
4.0
None Remote Low ??? Partial None None
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.
365 CVE-2019-19228 312 Bypass 2019-12-04 2019-12-16
5.0
None Remote Low Not required Partial None None
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
366 CVE-2019-19198 79 XSS 2019-12-12 2020-03-19
3.5
None Remote Medium ??? None Partial None
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.
367 CVE-2019-19151 269 2019-12-23 2019-12-31
2.1
None Local Low Not required Partial None None
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
368 CVE-2019-19150 532 2019-12-23 2019-12-30
3.5
None Remote Medium ??? Partial None None
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.
369 CVE-2019-19141 434 Exec Code Dir. Trav. 2019-12-19 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.
370 CVE-2019-19133 79 XSS 2019-12-04 2019-12-09
4.3
None Remote Medium Not required None Partial None
The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks.
371 CVE-2019-19118 276 2019-12-02 2020-05-01
4.0
None Remote Low ??? None Partial None
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)
372 CVE-2019-19032 611 2019-12-30 2022-01-01
5.5
None Remote Low ??? Partial None Partial
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload.
373 CVE-2019-19031 611 2019-12-30 2022-01-01
5.5
None Remote Low ??? Partial None Partial
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
374 CVE-2019-19021 798 2019-12-02 2019-12-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.
375 CVE-2019-19020 434 Exec Code 2019-12-02 2019-12-09
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.
376 CVE-2019-19019 346 Exec Code 2019-12-02 2020-08-24
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product.
377 CVE-2019-19018 200 +Info 2019-12-02 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.
378 CVE-2019-19017 362 +Priv 2019-12-02 2019-12-09
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
379 CVE-2019-19016 89 Sql 2019-12-02 2019-12-04
5.0
None Remote Low Not required Partial None None
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.
380 CVE-2019-19015 668 Exec Code 2019-12-02 2019-12-06
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.
381 CVE-2019-19014 269 Exec Code +Priv 2019-12-02 2019-12-06
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.
382 CVE-2019-19007 200 +Info 2019-12-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.
383 CVE-2019-18997 2019-12-18 2020-10-22
5.0
None Remote Low Not required Partial None None
The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access.
384 CVE-2019-18996 426 Exec Code 2019-12-18 2020-02-10
4.4
None Local Medium Not required Partial Partial Partial
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.
385 CVE-2019-18995 20 DoS 2019-12-18 2019-12-31
5.0
None Remote Low Not required None None Partial
The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting.
386 CVE-2019-18994 20 DoS 2019-12-18 2019-12-31
3.5
None Remote Medium ??? None None Partial
Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service.
387 CVE-2019-18993 79 XSS 2019-12-03 2019-12-16
3.5
None Remote Medium ??? None Partial None
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
388 CVE-2019-18992 79 XSS 2019-12-03 2019-12-16
3.5
None Remote Medium ??? None Partial None
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).
389 CVE-2019-18960 120 Overflow 2019-12-11 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
390 CVE-2019-18956 502 Exec Code 2019-12-17 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a seria1.0lized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a serialized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. Affected products include Proxia Premium Edition 2017 and Sparkspace.
391 CVE-2019-18955 79 XSS 2019-12-19 2019-12-27
4.3
None Remote Medium Not required None Partial None
The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.
392 CVE-2019-18935 502 Exec Code 2019-12-11 2020-10-20
7.5
None Remote Low Not required Partial Partial Partial
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
393 CVE-2019-18850 200 +Info 2019-12-04 2021-07-21
5.0
None Remote Low Not required Partial None None
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".
394 CVE-2019-18838 476 2019-12-13 2019-12-18
5.0
None Remote Low Not required None None Partial
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
395 CVE-2019-18833 311 +Info 2019-12-17 2019-12-26
4.3
None Remote Medium Not required Partial None None
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key.
396 CVE-2019-18832 522 2019-12-17 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01.
397 CVE-2019-18831 798 2019-12-16 2020-08-24
3.5
None Remote Medium ??? Partial None None
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate.
398 CVE-2019-18830 78 Exec Code 2019-12-16 2019-12-23
10.0
None Remote Low Not required Complete Complete Complete
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.
399 CVE-2019-18829 426 2019-12-17 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.
400 CVE-2019-18828 521 2019-12-16 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.