CVE List - 2019 / August
Showing 1101 - 1200 of 2001 CVEs for August 2019 (Page 12 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-15223 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver. |
| CVE-2019-15222 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver. |
| CVE-2019-15221 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. |
| CVE-2019-15220 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. |
| CVE-2019-15219 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. |
| CVE-2019-15218 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. |
| CVE-2019-15217 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. |
| CVE-2019-15216 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. |
| CVE-2019-15215 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. |
| CVE-2019-15214 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early.... |
| CVE-2019-15213 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. |
| CVE-2019-15212 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. |
| CVE-2019-15211 | 2019-08-19 | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate... |
| CVE-2019-15224 | 2019-08-19 | The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. |
| CVE-2019-15225 | 2019-08-19 | In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very... |
| CVE-2019-15228 | 2019-08-19 | FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with... |
| CVE-2019-15229 | 2019-08-19 | FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a... |
| CVE-2019-15232 | 2019-08-19 | Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors. |
| CVE-2016-10893 | 2019-08-20 | The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests. |
| CVE-2019-15237 | 2019-08-20 | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. |
| CVE-2019-15227 | 2019-08-20 | FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions. |
| CVE-2019-15239 | 2019-08-20 | In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more... |
| CVE-2019-12889 | 2019-08-20 | An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An... |
| CVE-2018-20975 | 2019-08-20 | Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. |
| CVE-2019-11521 | 2019-08-20 | OX App Suite 7.10.1 allows Content Spoofing. |
| CVE-2019-11522 | 2019-08-20 | OX App Suite 7.10.0 to 7.10.2 allows XSS. |
| CVE-2019-11806 | 2019-08-20 | OX App Suite 7.10.1 and earlier has Insecure Permissions. |
| CVE-2019-15291 | 2019-08-20 | An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. |
| CVE-2019-14430 | 2019-08-20 | plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. |
| CVE-2019-15233 | 2019-08-20 | The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie. |
| CVE-2019-15082 | 2019-08-20 | The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS. |
| CVE-2019-14684 | 2019-08-20 | A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.... |
| CVE-2019-14687 | 2019-08-20 | A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.... |
| CVE-2015-9317 | 2019-08-20 | The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. |
| CVE-2017-18517 | 2019-08-20 | The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. |
| CVE-2015-9318 | 2019-08-20 | The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. |
| CVE-2014-10381 | 2019-08-20 | The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. |
| CVE-2011-5328 | 2019-08-20 | The user-access-manager plugin before 1.2 for WordPress has CSRF. |
| CVE-2015-9332 | 2019-08-20 | The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. |
| CVE-2017-18520 | 2019-08-20 | The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php. |
| CVE-2016-10915 | 2019-08-20 | The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. |
| CVE-2017-18569 | 2019-08-20 | The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. |
| CVE-2017-18568 | 2019-08-20 | The my-wp-translate plugin before 1.0.4 for WordPress has XSS. |
| CVE-2019-15238 | 2019-08-20 | The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. |
| CVE-2016-10914 | 2019-08-20 | The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. |
| CVE-2016-10913 | 2019-08-20 | The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. |
| CVE-2015-9331 | 2019-08-20 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. |
| CVE-2015-9330 | 2019-08-20 | The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. |
| CVE-2015-9329 | 2019-08-20 | The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. |
| CVE-2017-18567 | 2019-08-20 | The wp-all-import plugin before 3.4.6 for WordPress has XSS. |
| CVE-2018-20978 | 2019-08-20 | The wp-all-import plugin before 3.4.7 for WordPress has XSS. |
| CVE-2017-18518 | 2019-08-20 | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. |
| CVE-2017-18566 | 2019-08-20 | The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. |
| CVE-2016-10892 | 2019-08-20 | The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. |
| CVE-2017-18522 | 2019-08-20 | The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. |
| CVE-2017-18523 | 2019-08-20 | The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. |
| CVE-2017-18519 | 2019-08-20 | The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages. |
| CVE-2017-18524 | 2019-08-20 | The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues. |
| CVE-2015-9319 | 2019-08-20 | The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser. |
| CVE-2017-18526 | 2019-08-20 | The moreads-se plugin before 1.4.7 for WordPress has XSS. |
| CVE-2016-10895 | 2019-08-20 | The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. |
| CVE-2017-18527 | 2019-08-20 | The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. |
| CVE-2015-9320 | 2019-08-20 | The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. |
| CVE-2017-18528 | 2019-08-20 | The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. |
| CVE-2017-18529 | 2019-08-20 | The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. |
| CVE-2017-18530 | 2019-08-20 | The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. |
| CVE-2017-18531 | 2019-08-20 | The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288. |
| CVE-2017-18532 | 2019-08-20 | The realty plugin before 1.1.0 for WordPress has multiple XSS issues. |
| CVE-2017-18533 | 2019-08-20 | The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. |
| CVE-2018-18056 | 2019-08-20 | An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However,... |
| CVE-2019-11209 | 2019-08-20 | TIBCO FTL Escalation Of Privileges for Realm Configuration |
| CVE-2019-3963 | 2019-08-20 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's... |
| CVE-2019-3964 | 2019-08-20 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's... |
| CVE-2019-3965 | 2019-08-20 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's... |
| CVE-2019-3966 | 2019-08-20 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's... |
| CVE-2019-3967 | 2019-08-20 | In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system. |
| CVE-2019-3968 | 2019-08-20 | In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form. |
| CVE-2019-10745 | 2019-08-20 | assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor... |
| CVE-2019-7593 | 2019-08-20 | Metasys use of shared RSA key pairs |
| CVE-2019-7594 | 2019-08-20 | Metasys use of hardcoded RC2 key |
| CVE-2019-4049 | 2019-08-20 | IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying... |
| CVE-2019-4117 | 2019-08-20 | IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2019-4294 | 2019-08-20 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute... |
| CVE-2019-4308 | 2019-08-20 | IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from... |
| CVE-2019-4310 | 2019-08-20 | IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. |
| CVE-2019-4402 | 2019-08-20 | IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. |
| CVE-2019-4419 | 2019-08-20 | IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose... |
| CVE-2019-4420 | 2019-08-20 | IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738. |
| CVE-2019-4425 | 2019-08-20 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting... |
| CVE-2019-4433 | 2019-08-20 | IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.... |
| CVE-2019-4460 | 2019-08-20 | IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot"... |
| CVE-2019-4481 | 2019-08-20 | IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow... |
| CVE-2019-4483 | 2019-08-20 | IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow... |
| CVE-2019-4484 | 2019-08-20 | IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could... |
| CVE-2019-4485 | 2019-08-20 | IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could... |
| CVE-2019-3753 | 2019-08-20 | Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in... |
| CVE-2018-1630 | 2019-08-20 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM... |
| CVE-2018-1631 | 2019-08-20 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash.... |
| CVE-2018-1632 | 2019-08-20 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM... |
| CVE-2018-1633 | 2019-08-20 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM... |