CVE List - 2019 / August
Showing 1801 - 1900 of 2001 CVEs for August 2019 (Page 19 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-15294 | 2019-08-28 | An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the... |
| CVE-2015-9353 | 2019-08-28 | The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. |
| CVE-2015-9354 | 2019-08-28 | The gigpress plugin before 2.3.11 for WordPress has XSS. |
| CVE-2012-6717 | 2019-08-28 | The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. |
| CVE-2011-5329 | 2019-08-28 | The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. |
| CVE-2012-6718 | 2019-08-28 | The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. |
| CVE-2012-6719 | 2019-08-28 | The sharebar plugin before 1.2.2 for WordPress has SQL injection. |
| CVE-2015-9355 | 2019-08-28 | The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. |
| CVE-2017-18593 | 2019-08-28 | The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. |
| CVE-2015-9356 | 2019-08-28 | The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. |
| CVE-2015-9357 | 2019-08-28 | The akismet plugin before 3.1.5 for WordPress has XSS. |
| CVE-2015-9358 | 2019-08-28 | The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2019-15714 | 2019-08-28 | cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. |
| CVE-2019-15713 | 2019-08-28 | The my-calendar plugin before 3.1.10 for WordPress has XSS. |
| CVE-2015-9360 | 2019-08-28 | The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9361 | 2019-08-28 | The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9362 | 2019-08-28 | The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9363 | 2019-08-28 | iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9364 | 2019-08-28 | 2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9365 | 2019-08-28 | Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9366 | 2019-08-28 | Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9367 | 2019-08-28 | Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9368 | 2019-08-28 | Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9369 | 2019-08-28 | Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9370 | 2019-08-28 | Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9371 | 2019-08-28 | Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9372 | 2019-08-28 | Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9373 | 2019-08-28 | PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9374 | 2019-08-28 | Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9375 | 2019-08-28 | Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9376 | 2019-08-28 | iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9377 | 2019-08-28 | iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9378 | 2019-08-28 | iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2015-9379 | 2019-08-28 | iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2019-15716 | 2019-08-28 | WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or... |
| CVE-2015-9359 | 2019-08-28 | The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
| CVE-2019-10383 | 2019-08-28 | A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and... |
| CVE-2019-10384 | 2019-08-28 | Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could... |
| CVE-2019-10390 | 2019-08-28 | A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary... |
| CVE-2019-10391 | 2019-08-28 | Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. |
| CVE-2019-13189 | 2019-08-28 | In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. |
| CVE-2019-13348 | 2019-08-28 | In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. |
| CVE-2019-9934 | 2019-08-28 | Various Lexmark products have Incorrect Access Control (issue 1 of 2). |
| CVE-2019-9935 | 2019-08-28 | Various Lexmark products have Incorrect Access Control (issue 2 of 2). |
| CVE-2019-10058 | 2019-08-28 | Various Lexmark products have Incorrect Access Control. |
| CVE-2019-15720 | 2019-08-28 | CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup... |
| CVE-2019-15230 | 2019-08-28 | LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing... |
| CVE-2019-15496 | 2019-08-28 | MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a... |
| CVE-2019-5590 | 2019-08-28 | The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting)... |
| CVE-2019-12643 | 2019-08-28 | Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability |
| CVE-2019-1963 | 2019-08-28 | Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability |
| CVE-2019-1962 | 2019-08-28 | Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability |
| CVE-2019-1965 | 2019-08-28 | Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability |
| CVE-2019-1964 | 2019-08-28 | Cisco NX-OS Software IPv6 Denial of Service Vulnerability |
| CVE-2019-14694 | 2019-08-28 | A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for... |
| CVE-2019-10051 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. |
| CVE-2019-10052 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this... |
| CVE-2019-10054 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the... |
| CVE-2019-10055 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. |
| CVE-2019-10056 | 2019-08-28 | An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed... |
| CVE-2019-15752 | 2019-08-28 | Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an... |
| CVE-2019-15753 | 2019-08-28 | In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes... |
| CVE-2019-10059 | 2019-08-28 | The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. |
| CVE-2019-10057 | 2019-08-28 | Various Lexmark products have CSRF. |
| CVE-2019-9930 | 2019-08-28 | Various Lexmark products have an Integer Overflow. |
| CVE-2019-9932 | 2019-08-28 | Various Lexmark products have a Buffer Overflow (issue 2 of 3). |
| CVE-2019-9933 | 2019-08-28 | Various Lexmark products have a Buffer Overflow (issue 3 of 3). |
| CVE-2019-9931 | 2019-08-28 | Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. |
| CVE-2019-10724 | 2019-08-28 | There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are... |
| CVE-2017-18594 | 2019-08-28 | nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to... |
| CVE-2019-12402 | 2019-08-29 | The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to... |
| CVE-2019-13408 | 2019-08-29 | Advan VD-1 allows users to download arbitrary files |
| CVE-2019-11061 | 2019-08-29 | HG100 has a broken access control vulnerability in its Web API Server |
| CVE-2019-11063 | 2019-08-29 | SmartHome application has a broken access control vulnerability in its Web API Server |
| CVE-2019-11064 | 2019-08-29 | A vulnerability of remote credential disclosure was discovered in Advan VD-1 |
| CVE-2019-13405 | 2019-08-29 | Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication |
| CVE-2019-13406 | 2019-08-29 | Advan VD-1 has a vulnerability that allows remote arbitrary APK installation |
| CVE-2019-13407 | 2019-08-29 | Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi |
| CVE-2019-11060 | 2019-08-29 | HG100 contains an Uncontrolled Resource Consumption vulnerability |
| CVE-2019-11245 | 2019-08-29 | kubelet-started container uid changes to root after first restart or if image is already pulled to the node |
| CVE-2019-11246 | 2019-08-29 | kubectl cp allows symlink directory traversal |
| CVE-2019-11247 | 2019-08-29 | Kubernetes kube-apiserver allows access to custom resources via wrong scope |
| CVE-2019-11248 | 2019-08-29 | Kubernetes kubelet exposes /debug/pprof info on healthz port |
| CVE-2019-11249 | 2019-08-29 | kubectl cp allows symlink directory traversal |
| CVE-2019-15757 | 2019-08-29 | libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. |
| CVE-2019-11250 | 2019-08-29 | Kubernetes client-go logs authorization headers at debug verbosity levels |
| CVE-2017-14202 | 2019-08-29 | The shell implementation does not protect against buffer overruns resulting in unpredictable behavior. |
| CVE-2017-14201 | 2019-08-29 | The shell DNS command can cause unpredictable results due to misuse of stack variables. |
| CVE-2019-5530 | 2019-08-29 | Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. |
| CVE-2019-15759 | 2019-08-29 | An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading... |
| CVE-2019-15758 | 2019-08-29 | An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated... |
| CVE-2019-15767 | 2019-08-29 | In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. |
| CVE-2019-15782 | 2019-08-29 | WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. |
| CVE-2019-15783 | 2019-08-29 | Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. |
| CVE-2019-15787 | 2019-08-29 | libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. |
| CVE-2018-21007 | 2019-08-29 | The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. |
| CVE-2019-15769 | 2019-08-29 | The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. |
| CVE-2019-15770 | 2019-08-29 | The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. |
| CVE-2019-15772 | 2019-08-29 | The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| CVE-2019-15773 | 2019-08-29 | The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |