CVE List - 2019 / August
Showing 1601 - 1700 of 2001 CVEs for August 2019 (Page 17 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-11654 | 2019-08-23 | A path traversal vulnerability has been identified in Verastream Host Integrator |
| CVE-2019-15535 | 2019-08-23 | Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. |
| CVE-2019-15537 | 2019-08-23 | The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. |
| CVE-2019-15536 | 2019-08-23 | The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. |
| CVE-2019-7362 | 2019-08-23 | DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL... |
| CVE-2019-7363 | 2019-08-23 | Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability,... |
| CVE-2019-7364 | 2019-08-23 | DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP,... |
| CVE-2019-5592 | 2019-08-23 | Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and... |
| CVE-2019-6698 | 2019-08-23 | Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control... |
| CVE-2018-13367 | 2019-08-23 | An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin... |
| CVE-2019-6695 | 2019-08-23 | Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image... |
| CVE-2019-5594 | 2019-08-23 | An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected... |
| CVE-2019-12400 | 2019-08-23 | In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some... |
| CVE-2019-15092 | 2019-08-23 | The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created... |
| CVE-2016-6154 | 2019-08-23 | The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). |
| CVE-2019-15538 | 2019-08-25 | An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize... |
| CVE-2019-15540 | 2019-08-25 | filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local... |
| CVE-2019-15506 | 2019-08-26 | An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web... |
| CVE-2019-15478 | 2019-08-26 | Status Board 1.1.81 has reflected XSS via logic.ts. |
| CVE-2019-15532 | 2019-08-26 | CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. |
| CVE-2019-15534 | 2019-08-26 | Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. |
| CVE-2019-15541 | 2019-08-26 | rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be... |
| CVE-2019-15489 | 2019-08-26 | laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. |
| CVE-2016-10931 | 2019-08-26 | An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API... |
| CVE-2016-10932 | 2019-08-26 | An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. |
| CVE-2016-10933 | 2019-08-26 | An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. |
| CVE-2017-18587 | 2019-08-26 | An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. |
| CVE-2019-15521 | 2019-08-26 | Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. |
| CVE-2019-15556 | 2019-08-26 | Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. |
| CVE-2019-15562 | 2019-08-26 | GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not... |
| CVE-2019-15561 | 2019-08-26 | FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. |
| CVE-2018-20992 | 2019-08-26 | An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. |
| CVE-2018-20993 | 2019-08-26 | An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. |
| CVE-2018-20994 | 2019-08-26 | An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. |
| CVE-2019-15304 | 2019-08-26 | Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the... |
| CVE-2018-20990 | 2019-08-26 | An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. |
| CVE-2019-15524 | 2019-08-26 | CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/... |
| CVE-2019-14308 | 2019-08-26 | Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service.... |
| CVE-2019-15501 | 2019-08-26 | Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. |
| CVE-2019-15479 | 2019-08-26 | Status Board 1.1.81 has reflected XSS via dashboard.ts. |
| CVE-2019-14307 | 2019-08-26 | Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to... |
| CVE-2019-14305 | 2019-08-26 | Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or... |
| CVE-2019-14300 | 2019-08-26 | Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web... |
| CVE-2019-15574 | 2019-08-26 | Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. |
| CVE-2018-20991 | 2019-08-26 | An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. |
| CVE-2019-15573 | 2019-08-26 | Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. |
| CVE-2019-15572 | 2019-08-26 | Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. |
| CVE-2018-20999 | 2019-08-26 | An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. |
| CVE-2019-15571 | 2019-08-26 | The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. |
| CVE-2019-15570 | 2019-08-26 | BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. |
| CVE-2018-21000 | 2019-08-26 | An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. |
| CVE-2019-15569 | 2019-08-26 | HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. |
| CVE-2019-15550 | 2019-08-26 | An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary. |
| CVE-2019-15568 | 2019-08-26 | idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. |
| CVE-2019-15553 | 2019-08-26 | An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory. |
| CVE-2019-15567 | 2019-08-26 | OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. |
| CVE-2019-15554 | 2019-08-26 | An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity. |
| CVE-2019-15566 | 2019-08-26 | The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. |
| CVE-2019-15551 | 2019-08-26 | An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity. |
| CVE-2019-4169 | 2019-08-26 | IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM... |
| CVE-2019-4447 | 2019-08-26 | IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable.... |
| CVE-2019-4448 | 2019-08-26 | IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that... |
| CVE-2019-4513 | 2019-08-26 | IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability... |
| CVE-2019-15552 | 2019-08-26 | An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution. |
| CVE-2019-15565 | 2019-08-26 | The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. |
| CVE-2019-15564 | 2019-08-26 | The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. |
| CVE-2019-15563 | 2019-08-26 | Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. |
| CVE-2019-15560 | 2019-08-26 | The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. |
| CVE-2019-15559 | 2019-08-26 | DianoxDragon Hawn before 2019-07-10 allows SQL injection. |
| CVE-2019-15637 | 2019-08-26 | Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader,... |
| CVE-2019-15558 | 2019-08-26 | XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. |
| CVE-2019-15557 | 2019-08-26 | XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. |
| CVE-2019-15555 | 2019-08-26 | FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. |
| CVE-2019-15640 | 2019-08-26 | Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. |
| CVE-2019-15549 | 2019-08-26 | An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. |
| CVE-2019-15548 | 2019-08-26 | An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. |
| CVE-2019-15547 | 2019-08-26 | An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. |
| CVE-2019-12532 | 2019-08-26 | Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability,... |
| CVE-2019-15546 | 2019-08-26 | An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities. |
| CVE-2019-15641 | 2019-08-26 | xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi. |
| CVE-2019-15642 | 2019-08-26 | rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used... |
| CVE-2019-15545 | 2019-08-26 | An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures. |
| CVE-2019-15544 | 2019-08-26 | An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. |
| CVE-2019-15543 | 2019-08-26 | An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases. |
| CVE-2019-15542 | 2019-08-26 | An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. |
| CVE-2018-20998 | 2019-08-26 | An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption. |
| CVE-2019-13020 | 2019-08-26 | The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing... |
| CVE-2018-20997 | 2019-08-26 | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. |
| CVE-2018-20996 | 2019-08-26 | An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. |
| CVE-2018-20995 | 2019-08-26 | An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. |
| CVE-2017-18589 | 2019-08-26 | An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic. |
| CVE-2018-20989 | 2019-08-26 | An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic. |
| CVE-2017-18588 | 2019-08-26 | An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. |
| CVE-2019-15533 | 2019-08-26 | XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. |
| CVE-2019-15515 | 2019-08-26 | Discourse 2.3.2 sends the CSRF token in the query string. |
| CVE-2019-15503 | 2019-08-26 | cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter. |
| CVE-2019-7968 | 2019-08-26 | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7971 | 2019-08-26 | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7970 | 2019-08-26 | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7972 | 2019-08-26 | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |