CVE List - 2019 / August
Showing 401 - 500 of 2001 CVEs for August 2019 (Page 5 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-14669 | 2019-08-05 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit... |
| CVE-2019-14668 | 2019-08-05 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of... |
| CVE-2019-14667 | 2019-08-05 | Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The... |
| CVE-2019-14664 | 2019-08-05 | In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using... |
| CVE-2019-14475 | 2019-08-05 | eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting... |
| CVE-2019-14690 | 2019-08-06 | AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. |
| CVE-2019-14691 | 2019-08-06 | AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. |
| CVE-2019-14692 | 2019-08-06 | AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. |
| CVE-2016-10776 | 2019-08-06 | cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). |
| CVE-2016-10778 | 2019-08-06 | cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). |
| CVE-2016-10777 | 2019-08-06 | cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). |
| CVE-2016-10779 | 2019-08-06 | cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). |
| CVE-2016-10780 | 2019-08-06 | cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). |
| CVE-2016-10781 | 2019-08-06 | cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). |
| CVE-2016-10782 | 2019-08-06 | cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). |
| CVE-2016-10783 | 2019-08-06 | cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). |
| CVE-2016-10784 | 2019-08-06 | cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). |
| CVE-2016-10785 | 2019-08-06 | cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185). |
| CVE-2016-10786 | 2019-08-06 | cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). |
| CVE-2016-10787 | 2019-08-06 | The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). |
| CVE-2016-10788 | 2019-08-06 | cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). |
| CVE-2016-10789 | 2019-08-06 | cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). |
| CVE-2016-10790 | 2019-08-06 | cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). |
| CVE-2016-10791 | 2019-08-06 | cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). |
| CVE-2016-10792 | 2019-08-06 | cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). |
| CVE-2016-10793 | 2019-08-06 | cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). |
| CVE-2016-10794 | 2019-08-06 | cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). |
| CVE-2016-10795 | 2019-08-06 | cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). |
| CVE-2016-10796 | 2019-08-06 | cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). |
| CVE-2016-10797 | 2019-08-06 | cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). |
| CVE-2019-14695 | 2019-08-06 | A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands... |
| CVE-2019-14346 | 2019-08-06 | Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. |
| CVE-2019-14697 | 2019-08-06 | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not... |
| CVE-2019-14696 | 2019-08-06 | Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter. |
| CVE-2019-12950 | 2019-08-06 | An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload. |
| CVE-2019-14347 | 2019-08-06 | Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. |
| CVE-2019-13143 | 2019-08-06 | An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can... |
| CVE-2019-14473 | 2019-08-06 | eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account,... |
| CVE-2019-2386 | 2019-08-06 | Authorization session conflation |
| CVE-2019-5994 | 2019-08-06 | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware... |
| CVE-2019-5995 | 2019-08-06 | Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and... |
| CVE-2019-5998 | 2019-08-06 | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware... |
| CVE-2019-5999 | 2019-08-06 | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware... |
| CVE-2019-6000 | 2019-08-06 | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware... |
| CVE-2019-6001 | 2019-08-06 | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware... |
| CVE-2019-13104 | 2019-08-06 | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. |
| CVE-2019-13105 | 2019-08-06 | Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. |
| CVE-2019-13106 | 2019-08-06 | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. |
| CVE-2019-5683 | 2019-08-06 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a... |
| CVE-2019-5684 | 2019-08-06 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture... |
| CVE-2019-5685 | 2019-08-06 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local... |
| CVE-2019-5686 | 2019-08-06 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure... |
| CVE-2019-5687 | 2019-08-06 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object... |
| CVE-2019-5679 | 2019-08-06 | NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial... |
| CVE-2019-5681 | 2019-08-06 | NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead... |
| CVE-2019-5682 | 2019-08-06 | NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch... |
| CVE-2019-14709 | 2019-08-06 | A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain... |
| CVE-2019-14708 | 2019-08-06 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody... |
| CVE-2019-14707 | 2019-08-06 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in... |
| CVE-2019-14706 | 2019-08-06 | A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename... |
| CVE-2019-14705 | 2019-08-06 | An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin. |
| CVE-2019-14704 | 2019-08-06 | An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. |
| CVE-2019-14703 | 2019-08-06 | A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. |
| CVE-2019-14702 | 2019-08-06 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create... |
| CVE-2019-14701 | 2019-08-06 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but... |
| CVE-2019-14700 | 2019-08-06 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the... |
| CVE-2019-14699 | 2019-08-06 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This... |
| CVE-2019-14698 | 2019-08-06 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads... |
| CVE-2019-14731 | 2019-08-06 | An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box. |
| CVE-2019-14734 | 2019-08-07 | AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. |
| CVE-2019-14733 | 2019-08-07 | AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. |
| CVE-2019-14732 | 2019-08-07 | AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. |
| CVE-2019-1912 | 2019-08-07 | Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability |
| CVE-2019-1914 | 2019-08-07 | Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability |
| CVE-2019-1913 | 2019-08-07 | Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities |
| CVE-2016-10798 | 2019-08-07 | cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134). |
| CVE-2016-10799 | 2019-08-07 | cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). |
| CVE-2016-10800 | 2019-08-07 | cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). |
| CVE-2016-10801 | 2019-08-07 | cPanel before 58.0.4 has improper session handling for shared users (SEC-139). |
| CVE-2016-10802 | 2019-08-07 | cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). |
| CVE-2016-10803 | 2019-08-07 | cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). |
| CVE-2016-10804 | 2019-08-07 | The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). |
| CVE-2016-10805 | 2019-08-07 | cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). |
| CVE-2016-10806 | 2019-08-07 | cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110). |
| CVE-2016-10807 | 2019-08-07 | cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). |
| CVE-2016-10808 | 2019-08-07 | In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). |
| CVE-2016-10809 | 2019-08-07 | In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). |
| CVE-2016-10810 | 2019-08-07 | In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). |
| CVE-2016-10811 | 2019-08-07 | In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). |
| CVE-2016-10812 | 2019-08-07 | In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). |
| CVE-2016-10861 | 2019-08-07 | Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. |
| CVE-2017-18483 | 2019-08-07 | ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. |
| CVE-2018-20958 | 2019-08-07 | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted... |
| CVE-2018-20959 | 2019-08-07 | Jura E8 devices lack Bluetooth connection security. |
| CVE-2019-14743 | 2019-08-07 | In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. |
| CVE-2018-14383 | 2019-08-07 | The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7 |
| CVE-2019-10367 | 2019-08-07 | Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the... |
| CVE-2019-10368 | 2019-08-07 | A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials... |
| CVE-2019-10369 | 2019-08-07 | A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs... |
| CVE-2019-10370 | 2019-08-07 | Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. |