CVE-2011-3355 — evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login cr... read CVE-2011-3355
Published: November 25, 2019; 06:15:10 PM -05:00

V3.1: 7.3 HIGH
    V2: 4.3 MEDIUM

CVE-2019-15638 — COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
Published: December 04, 2019; 10:15:11 AM -05:00

V3.1: 7.8 HIGH
    V2: 4.4 MEDIUM

CVE-2015-0837 — The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cach... read CVE-2015-0837
Published: November 29, 2019; 05:15:11 PM -05:00

V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM

CVE-2019-19333 — In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, whi... read CVE-2019-19333
Published: December 06, 2019; 11:15:10 AM -05:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH

CVE-2019-19597 — D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
Published: December 04, 2019; 11:15:11 PM -05:00

V3.1: 8.8 HIGH
    V2: 8.3 HIGH

CVE-2019-19598 — D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the... read CVE-2019-19598
Published: December 04, 2019; 11:15:11 PM -05:00

V3.1: 8.8 HIGH
    V2: 8.3 HIGH

CVE-2013-0163 — OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Published: December 05, 2019; 10:15:11 AM -05:00

V3.1: 5.5 MEDIUM
    V2: 2.1 LOW

CVE-2019-17392 — Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
Published: November 26, 2019; 01:15:15 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH

CVE-2013-1793 — openstack-utils openstack-db has insecure password creation
Published: December 10, 2019; 09:15:10 AM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2019-17556 — Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running... read CVE-2019-17556
Published: December 04, 2019; 12:16:43 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH

CVE-2012-4428 — openslp: SLPIntersectStringList()' Function has a DoS vulnerability
Published: December 02, 2019; 01:15:09 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2019-1453 — A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
Published: December 10, 2019; 05:15:16 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2013-4245 — Orca has arbitrary code execution due to insecure Python module load
Published: December 11, 2019; 09:15:09 AM -05:00

V3.1: 7.3 HIGH
    V2: 4.4 MEDIUM

CVE-2019-17554 — The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used t... read CVE-2019-17554
Published: December 04, 2019; 12:16:43 PM -05:00

V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM

CVE-2019-15009 — The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
Published: December 11, 2019; 10:15:14 AM -05:00

V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM

CVE-2019-19589 — The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.
Published: December 04, 2019; 11:15:11 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH

CVE-2019-19703 — In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
Published: December 10, 2019; 03:15:17 PM -05:00

V3.1: 6.1 MEDIUM
    V2: 5.8 MEDIUM

CVE-2019-19746 — make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
Published: December 11, 2019; 10:15:11 PM -05:00

V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM

CVE-2019-1468 — A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
Published: December 10, 2019; 05:15:16 PM -05:00

V3.1: 8.8 HIGH
    V2: 9.3 HIGH

CVE-2019-4521 — Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
Published: December 10, 2019; 11:15:13 AM -05:00

V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH