CVE List - 2019 / August
Showing 701 - 800 of 2001 CVEs for August 2019 (Page 8 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-14967 | 2019-08-12 | An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. |
| CVE-2019-14966 | 2019-08-12 | An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection. |
| CVE-2019-14965 | 2019-08-12 | An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists. |
| CVE-2019-14968 | 2019-08-12 | An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. |
| CVE-2019-14969 | 2019-08-12 | Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the... |
| CVE-2019-13417 | 2019-08-12 | Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when... |
| CVE-2019-14976 | 2019-08-12 | iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. |
| CVE-2019-13418 | 2019-08-12 | Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. |
| CVE-2019-14980 | 2019-08-12 | In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service... |
| CVE-2019-14981 | 2019-08-12 | In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending... |
| CVE-2019-14982 | 2019-08-12 | In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash. |
| CVE-2019-14359 | 2019-08-12 | On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels,... |
| CVE-2019-9514 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service |
| CVE-2019-14987 | 2019-08-13 | Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. |
| CVE-2017-18509 | 2019-08-13 | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an... |
| CVE-2019-14530 | 2019-08-13 | An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage.... |
| CVE-2019-14516 | 2019-08-13 | The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. |
| CVE-2019-13420 | 2019-08-13 | Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. |
| CVE-2019-13419 | 2019-08-13 | Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. |
| CVE-2019-8448 | 2019-08-13 | The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. |
| CVE-2017-18507 | 2019-08-13 | The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. |
| CVE-2017-18498 | 2019-08-13 | The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. |
| CVE-2015-9302 | 2019-08-13 | The simple-fields plugin before 1.4.11 for WordPress has XSS. |
| CVE-2016-10871 | 2019-08-13 | The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page. |
| CVE-2015-9301 | 2019-08-13 | The liveforms plugin before 3.2.0 for WordPress has SQL injection. |
| CVE-2017-18497 | 2019-08-13 | The liveforms plugin before 3.4.0 for WordPress has XSS. |
| CVE-2012-6713 | 2019-08-13 | The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. |
| CVE-2017-18496 | 2019-08-13 | The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. |
| CVE-2017-18495 | 2019-08-13 | The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS. |
| CVE-2016-10870 | 2019-08-13 | The google-language-translator plugin before 5.0.06 for WordPress has XSS. |
| CVE-2015-9300 | 2019-08-13 | The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. |
| CVE-2015-9299 | 2019-08-13 | The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. |
| CVE-2015-9298 | 2019-08-13 | The events-manager plugin before 5.6 for WordPress has code injection. |
| CVE-2015-9297 | 2019-08-13 | The events-manager plugin before 5.6 for WordPress has XSS. |
| CVE-2015-9296 | 2019-08-13 | The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. |
| CVE-2017-18494 | 2019-08-13 | The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. |
| CVE-2017-18493 | 2019-08-13 | The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. |
| CVE-2018-20964 | 2019-08-13 | The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. |
| CVE-2018-20963 | 2019-08-13 | The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. |
| CVE-2017-18492 | 2019-08-13 | The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. |
| CVE-2013-7475 | 2019-08-13 | The contact-form-plugin plugin before 3.52 for WordPress has XSS. |
| CVE-2015-9295 | 2019-08-13 | The contact-form-plugin plugin before 3.96 for WordPress has XSS. |
| CVE-2016-10869 | 2019-08-13 | The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. |
| CVE-2017-18491 | 2019-08-13 | The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. |
| CVE-2017-18490 | 2019-08-13 | The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. |
| CVE-2017-18489 | 2019-08-13 | The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS. |
| CVE-2015-9294 | 2019-08-13 | The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. |
| CVE-2015-9293 | 2019-08-13 | The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. |
| CVE-2016-10868 | 2019-08-13 | The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. |
| CVE-2019-14993 | 2019-08-13 | Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. |
| CVE-2016-10867 | 2019-08-13 | The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. |
| CVE-2016-10866 | 2019-08-13 | The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. |
| CVE-2017-18488 | 2019-08-13 | The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. |
| CVE-2017-18487 | 2019-08-13 | The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. |
| CVE-2019-10927 | 2019-08-13 | A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access... |
| CVE-2019-10928 | 2019-08-13 | A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device... |
| CVE-2019-10929 | 2019-08-13 | A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU... |
| CVE-2019-10942 | 2019-08-13 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0),... |
| CVE-2019-10943 | 2019-08-13 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller... |
| CVE-2019-13416 | 2019-08-13 | Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote... |
| CVE-2019-13415 | 2019-08-13 | Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see. |
| CVE-2019-12806 | 2019-08-13 | UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote... |
| CVE-2019-14984 | 2019-08-13 | eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script... |
| CVE-2019-14985 | 2019-08-13 | eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC... |
| CVE-2019-14986 | 2019-08-13 | eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and... |
| CVE-2019-12807 | 2019-08-13 | Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to... |
| CVE-2019-12808 | 2019-08-13 | ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to... |
| CVE-2019-5223 | 2019-08-13 | PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code... |
| CVE-2019-5299 | 2019-08-13 | Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature... |
| CVE-2019-5280 | 2019-08-13 | The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers... |
| CVE-2019-12479 | 2019-08-13 | An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If... |
| CVE-2019-9511 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service |
| CVE-2019-9512 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service |
| CVE-2019-9513 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service |
| CVE-2019-9515 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service |
| CVE-2019-9516 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service |
| CVE-2019-9517 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service |
| CVE-2019-9518 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service |
| CVE-2019-14809 | 2019-08-13 | net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with... |
| CVE-2019-11207 | 2019-08-13 | TIBCO LogLogic Log Management Intelligence Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities |
| CVE-2019-15028 | 2019-08-14 | In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. |
| CVE-2014-10375 | 2019-08-14 | handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. |
| CVE-2019-14973 | 2019-08-14 | _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for... |
| CVE-2019-15027 | 2019-08-14 | The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename... |
| CVE-2019-14975 | 2019-08-14 | Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. |
| CVE-2017-18515 | 2019-08-14 | The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. |
| CVE-2019-0331 | 2019-08-14 | Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure. |
| CVE-2019-0332 | 2019-08-14 | SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search... |
| CVE-2019-0335 | 2019-08-14 | Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user... |
| CVE-2019-0337 | 2019-08-14 | Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in... |
| CVE-2019-0333 | 2019-08-14 | In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data... |
| CVE-2019-0334 | 2019-08-14 | When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially... |
| CVE-2019-0338 | 2019-08-14 | During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted... |
| CVE-2019-0341 | 2019-08-14 | The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he... |
| CVE-2019-0340 | 2019-08-14 | The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file... |
| CVE-2019-0343 | 2019-08-14 | SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to... |
| CVE-2019-0344 | 2019-08-14 | Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine... |
| CVE-2019-0345 | 2019-08-14 | A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML... |
| CVE-2019-0346 | 2019-08-14 | Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI... |
| CVE-2019-0348 | 2019-08-14 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. |