CVE List - 2019 / August
Showing 901 - 1000 of 2001 CVEs for August 2019 (Page 10 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-1164 | 2019-08-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2019-1168 | 2019-08-14 | Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability |
| CVE-2019-1169 | 2019-08-14 | Win32k Elevation of Privilege Vulnerability |
| CVE-2019-1170 | 2019-08-14 | Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2019-1171 | 2019-08-14 | SymCrypt Information Disclosure Vulnerability |
| CVE-2019-1172 | 2019-08-14 | Windows Information Disclosure Vulnerability |
| CVE-2019-1173 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1174 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1175 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1176 | 2019-08-14 | DirectX Elevation of Privilege Vulnerability |
| CVE-2019-1177 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1178 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1179 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1180 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1181 | 2019-08-14 | Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2019-1182 | 2019-08-14 | Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2019-1183 | 2019-08-14 | Windows VBScript Engine Remote Code Execution Vulnerability |
| CVE-2019-1184 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1185 | 2019-08-14 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CVE-2019-1186 | 2019-08-14 | Windows Elevation of Privilege Vulnerability |
| CVE-2019-1187 | 2019-08-14 | XmlLite Runtime Denial of Service Vulnerability |
| CVE-2019-1188 | 2019-08-14 | LNK Remote Code Execution Vulnerability |
| CVE-2019-1190 | 2019-08-14 | Windows Image Elevation of Privilege Vulnerability |
| CVE-2019-1192 | 2019-08-14 | Microsoft Browsers Security Feature Bypass Vulnerability |
| CVE-2019-1193 | 2019-08-14 | Microsoft Browser Memory Corruption Vulnerability |
| CVE-2019-1194 | 2019-08-14 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1195 | 2019-08-14 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1196 | 2019-08-14 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1197 | 2019-08-14 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1198 | 2019-08-14 | Microsoft Windows Elevation of Privilege Vulnerability |
| CVE-2019-1199 | 2019-08-14 | Microsoft Outlook Memory Corruption Vulnerability |
| CVE-2019-1200 | 2019-08-14 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2019-1201 | 2019-08-14 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2019-1202 | 2019-08-14 | SharePoint Information Disclosure Vulnerability |
| CVE-2019-1203 | 2019-08-14 | Microsoft Office SharePoint XSS Vulnerability |
| CVE-2019-1204 | 2019-08-14 | Microsoft Outlook Elevation of Privilege Vulnerability |
| CVE-2019-1205 | 2019-08-14 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2019-1206 | 2019-08-14 | Windows DHCP Server Denial of Service Vulnerability |
| CVE-2019-1211 | 2019-08-14 | Git for Visual Studio Elevation of Privilege Vulnerability |
| CVE-2019-1212 | 2019-08-14 | Windows DHCP Server Denial of Service Vulnerability |
| CVE-2019-1213 | 2019-08-14 | Windows DHCP Server Remote Code Execution Vulnerability |
| CVE-2019-1218 | 2019-08-14 | Outlook iOS Spoofing Vulnerability |
| CVE-2019-1222 | 2019-08-14 | Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2019-1223 | 2019-08-14 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
| CVE-2019-1224 | 2019-08-14 | Remote Desktop Protocol Server Information Disclosure Vulnerability |
| CVE-2019-1225 | 2019-08-14 | Remote Desktop Protocol Server Information Disclosure Vulnerability |
| CVE-2019-1226 | 2019-08-14 | Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2019-1227 | 2019-08-14 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2019-1228 | 2019-08-14 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2019-1229 | 2019-08-14 | Dynamics On-Premise Elevation of Privilege Vulnerability |
| CVE-2019-1258 | 2019-08-14 | Azure Active Directory Authentication Library Elevation of Privilege Vulnerability |
| CVE-2019-14427 | 2019-08-14 | XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. |
| CVE-2019-15062 | 2019-08-14 | An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin,... |
| CVE-2019-13217 | 2019-08-15 | A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg... |
| CVE-2019-13218 | 2019-08-15 | Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. |
| CVE-2019-13219 | 2019-08-15 | A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. |
| CVE-2019-13220 | 2019-08-15 | Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted... |
| CVE-2019-13221 | 2019-08-15 | A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg... |
| CVE-2019-13222 | 2019-08-15 | An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening... |
| CVE-2019-13223 | 2019-08-15 | A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. |
| CVE-2019-15081 | 2019-08-15 | OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. |
| CVE-2019-14755 | 2019-08-15 | The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. |
| CVE-2019-3417 | 2019-08-15 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to... |
| CVE-2019-3418 | 2019-08-15 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to... |
| CVE-2019-14800 | 2019-08-15 | The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. |
| CVE-2019-14795 | 2019-08-15 | The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. |
| CVE-2019-14790 | 2019-08-15 | The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, |
| CVE-2019-13578 | 2019-08-15 | A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands... |
| CVE-2019-14789 | 2019-08-15 | The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. |
| CVE-2019-14788 | 2019-08-15 | wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. |
| CVE-2019-14786 | 2019-08-15 | The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. |
| CVE-2019-14784 | 2019-08-15 | The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. |
| CVE-2019-14518 | 2019-08-15 | Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the... |
| CVE-2019-14422 | 2019-08-15 | An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection... |
| CVE-2019-13377 | 2019-08-15 | The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when... |
| CVE-2019-9013 | 2019-08-15 | An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the... |
| CVE-2019-12854 | 2019-08-15 | Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting... |
| CVE-2019-11187 | 2019-08-15 | Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an... |
| CVE-2017-14232 | 2019-08-15 | The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted... |
| CVE-2018-17790 | 2019-08-15 | Prospecta Master Data Online (MDO) 2.0 has Stored XSS. |
| CVE-2018-14008 | 2019-08-15 | Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. |
| CVE-2018-12357 | 2019-08-15 | Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. |
| CVE-2018-12101 | 2019-08-15 | CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. |
| CVE-2019-10140 | 2019-08-15 | A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference... |
| CVE-2018-14670 | 2019-08-15 | Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. |
| CVE-2018-14668 | 2019-08-15 | In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. |
| CVE-2018-14669 | 2019-08-15 | ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. |
| CVE-2019-9010 | 2019-08-15 | An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products... |
| CVE-2018-14671 | 2019-08-15 | In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. |
| CVE-2019-9012 | 2019-08-15 | An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition.... |
| CVE-2018-14672 | 2019-08-15 | In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. |
| CVE-2019-13512 | 2019-08-15 | Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. |
| CVE-2019-13511 | 2019-08-15 | Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure... |
| CVE-2019-13510 | 2019-08-15 | Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application... |
| CVE-2019-13513 | 2019-08-15 | In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or... |
| CVE-2019-13515 | 2019-08-15 | OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. |
| CVE-2019-13514 | 2019-08-15 | In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash... |
| CVE-2019-13516 | 2019-08-15 | In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. |
| CVE-2019-12809 | 2019-08-15 | Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This... |
| CVE-2019-3974 | 2019-08-15 | Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. |