CVE List - 2019 / August
Showing 801 - 900 of 2001 CVEs for August 2019 (Page 9 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-0351 | 2019-08-14 | A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry... |
| CVE-2019-8062 | 2019-08-14 | Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7870 | 2019-08-14 | Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2015-9316 | 2019-08-14 | The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. |
| CVE-2019-7961 | 2019-08-14 | Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2017-18514 | 2019-08-14 | The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. |
| CVE-2019-15025 | 2019-08-14 | The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. |
| CVE-2016-10889 | 2019-08-14 | The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. |
| CVE-2019-15046 | 2019-08-14 | Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. |
| CVE-2015-9315 | 2019-08-14 | The newstatpress plugin before 1.0.1 for WordPress has SQL injection. |
| CVE-2019-7931 | 2019-08-14 | Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2015-9314 | 2019-08-14 | The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. |
| CVE-2015-9313 | 2019-08-14 | The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. |
| CVE-2015-9312 | 2019-08-14 | The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. |
| CVE-2015-9311 | 2019-08-14 | The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. |
| CVE-2019-0349 | 2019-08-14 | SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21,... |
| CVE-2019-15050 | 2019-08-14 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp. |
| CVE-2019-15049 | 2019-08-14 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp. |
| CVE-2019-15048 | 2019-08-14 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp. |
| CVE-2019-15047 | 2019-08-14 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp. |
| CVE-2015-9310 | 2019-08-14 | The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. |
| CVE-2016-10888 | 2019-08-14 | The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. |
| CVE-2016-10887 | 2019-08-14 | The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. |
| CVE-2018-20968 | 2019-08-14 | The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. |
| CVE-2018-20967 | 2019-08-14 | The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. |
| CVE-2015-9309 | 2019-08-14 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. |
| CVE-2015-9308 | 2019-08-14 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. |
| CVE-2015-9307 | 2019-08-14 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. |
| CVE-2016-10886 | 2019-08-14 | The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions. |
| CVE-2016-10885 | 2019-08-14 | The wp-editor plugin before 1.2.6 for WordPress has CSRF. |
| CVE-2016-10884 | 2019-08-14 | The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. |
| CVE-2013-7476 | 2019-08-14 | The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. |
| CVE-2016-10883 | 2019-08-14 | The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users. |
| CVE-2017-18513 | 2019-08-14 | The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. |
| CVE-2017-18512 | 2019-08-14 | The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. |
| CVE-2016-10882 | 2019-08-14 | The google-document-embedder plugin before 2.6.2 for WordPress has CSRF. |
| CVE-2016-10881 | 2019-08-14 | The google-document-embedder plugin before 2.6.2 for WordPress has XSS. |
| CVE-2016-10880 | 2019-08-14 | The google-document-embedder plugin before 2.6.1 for WordPress has XSS. |
| CVE-2017-18511 | 2019-08-14 | The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. |
| CVE-2017-18510 | 2019-08-14 | The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. |
| CVE-2019-14974 | 2019-08-14 | SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. |
| CVE-2019-11652 | 2019-08-14 | A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset... |
| CVE-2019-15053 | 2019-08-14 | The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. |
| CVE-2019-10199 | 2019-08-14 | It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user... |
| CVE-2019-10201 | 2019-08-14 | It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the... |
| CVE-2019-3635 | 2019-08-14 | MWG Proxy: Cross-Frame Scripting vulnerability |
| CVE-2019-3639 | 2019-08-14 | MWG UI: Cross-Frame Scripting vulnerability |
| CVE-2019-3637 | 2019-08-14 | Privilege Escalation vulnerability in FRP 5.x earlier than 5.1.0.209 |
| CVE-2019-9506 | 2019-08-14 | Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation |
| CVE-2019-12262 | 2019-08-14 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). |
| CVE-2018-19386 | 2019-08-14 | SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on... |
| CVE-2019-15052 | 2019-08-14 | The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all... |
| CVE-2019-9583 | 2019-08-14 | eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5,... |
| CVE-2019-9582 | 2019-08-14 | eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. |
| CVE-2019-14216 | 2019-08-14 | An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing... |
| CVE-2019-9584 | 2019-08-14 | eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the... |
| CVE-2019-9585 | 2019-08-14 | eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion... |
| CVE-2019-13030 | 2019-08-14 | eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain... |
| CVE-2019-12103 | 2019-08-14 | The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. |
| CVE-2019-15058 | 2019-08-14 | stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service. |
| CVE-2019-12104 | 2019-08-14 | The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. |
| CVE-2019-14526 | 2019-08-14 | An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be... |
| CVE-2019-14527 | 2019-08-14 | An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication. |
| CVE-2019-0714 | 2019-08-14 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2019-0715 | 2019-08-14 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2019-0716 | 2019-08-14 | Windows Denial of Service Vulnerability |
| CVE-2019-0717 | 2019-08-14 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2019-0718 | 2019-08-14 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2019-0720 | 2019-08-14 | Hyper-V Remote Code Execution Vulnerability |
| CVE-2019-0723 | 2019-08-14 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2019-0736 | 2019-08-14 | Windows DHCP Client Remote Code Execution Vulnerability |
| CVE-2019-0965 | 2019-08-14 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2019-1030 | 2019-08-14 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability |
| CVE-2019-1057 | 2019-08-14 | MS XML Remote Code Execution Vulnerability |
| CVE-2019-1078 | 2019-08-14 | Microsoft Graphics Component Information Disclosure Vulnerability |
| CVE-2019-1131 | 2019-08-14 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1133 | 2019-08-14 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1139 | 2019-08-14 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1140 | 2019-08-14 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1141 | 2019-08-14 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1143 | 2019-08-14 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2019-1144 | 2019-08-14 | Microsoft Graphics Remote Code Execution Vulnerability |
| CVE-2019-1145 | 2019-08-14 | Microsoft Graphics Remote Code Execution Vulnerability |
| CVE-2019-1146 | 2019-08-14 | Jet Database Engine Remote Code Execution Vulnerability |
| CVE-2019-1147 | 2019-08-14 | Jet Database Engine Remote Code Execution Vulnerability |
| CVE-2019-1148 | 2019-08-14 | Microsoft Graphics Component Information Disclosure Vulnerability |
| CVE-2019-1149 | 2019-08-14 | Microsoft Graphics Remote Code Execution Vulnerability |
| CVE-2019-1150 | 2019-08-14 | Microsoft Graphics Remote Code Execution Vulnerability |
| CVE-2019-1151 | 2019-08-14 | Microsoft Graphics Remote Code Execution Vulnerability |
| CVE-2019-1152 | 2019-08-14 | Microsoft Graphics Remote Code Execution Vulnerability |
| CVE-2019-1153 | 2019-08-14 | Microsoft Graphics Component Information Disclosure Vulnerability |
| CVE-2019-1154 | 2019-08-14 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2019-1155 | 2019-08-14 | Jet Database Engine Remote Code Execution Vulnerability |
| CVE-2019-1156 | 2019-08-14 | Jet Database Engine Remote Code Execution Vulnerability |
| CVE-2019-1157 | 2019-08-14 | Jet Database Engine Remote Code Execution Vulnerability |
| CVE-2019-1158 | 2019-08-14 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2019-1159 | 2019-08-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2019-1161 | 2019-08-14 | Microsoft Defender Elevation of Privilege Vulnerability |
| CVE-2019-1162 | 2019-08-14 | Windows ALPC Elevation of Privilege Vulnerability |
| CVE-2019-1163 | 2019-08-14 | Windows File Signature Security Feature Bypass Vulnerability |