CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-10817 89 Sql 2019-08-01 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
2 CVE-2016-10855 20 Exec Code 2019-08-01 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
3 CVE-2018-20955 798 2019-08-08 2021-08-24
10.0
None Remote Low Not required Complete Complete Complete
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.
4 CVE-2018-20961 415 DoS 2019-08-07 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
5 CVE-2019-1181 Exec Code 2019-08-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1182, CVE-2019-1222, CVE-2019-1226.
6 CVE-2019-1182 Exec Code 2019-08-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1222, CVE-2019-1226.
7 CVE-2019-1222 Exec Code 2019-08-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226.
8 CVE-2019-1226 Exec Code 2019-08-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222.
9 CVE-2019-1580 787 Mem. Corr. 2019-08-23 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
10 CVE-2019-1913 119 Exec Code Overflow 2019-08-07 2019-10-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.
11 CVE-2019-1935 798 Exec Code 2019-08-21 2019-08-30
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
12 CVE-2019-1937 287 +Priv Bypass 2019-08-21 2019-08-30
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.
13 CVE-2019-1938 287 Bypass 2019-08-21 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.
14 CVE-2019-1971 20 Exec Code 2019-08-08 2021-10-29
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.
15 CVE-2019-1974 287 Bypass 2019-08-21 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.
16 CVE-2019-2130 843 Exec Code 2019-08-20 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132073833.
17 CVE-2019-5402 Bypass 2019-08-09 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
18 CVE-2019-5684 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.
19 CVE-2019-5685 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.
20 CVE-2019-6695 345 2019-08-23 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
21 CVE-2019-7958 732 2019-08-16 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.
22 CVE-2019-7959 20 Exec Code 2019-08-16 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.
23 CVE-2019-7964 Exec Code Bypass 2019-08-16 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.
24 CVE-2019-7968 77 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
25 CVE-2019-7969 843 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
26 CVE-2019-7970 843 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
27 CVE-2019-7971 843 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
28 CVE-2019-7972 843 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
29 CVE-2019-7973 843 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
30 CVE-2019-7974 843 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
31 CVE-2019-7975 843 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
32 CVE-2019-7990 787 Exec Code Overflow 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
33 CVE-2019-7992 787 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
34 CVE-2019-7993 787 Exec Code Overflow 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
35 CVE-2019-7997 787 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
36 CVE-2019-7998 787 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
37 CVE-2019-8001 787 Exec Code 2019-08-26 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
38 CVE-2019-8049 787 Exec Code Overflow 2019-08-20 2021-11-19
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
39 CVE-2019-8060 77 Exec Code 2019-08-20 2021-11-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .
40 CVE-2019-9930 190 Overflow 2019-08-28 2019-08-29
10.0
None Remote Low Not required Complete Complete Complete
Various Lexmark products have an Integer Overflow.
41 CVE-2019-9932 119 Overflow 2019-08-28 2019-09-03
10.0
None Remote Low Not required Complete Complete Complete
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
42 CVE-2019-9933 119 Overflow 2019-08-28 2019-09-03
10.0
None Remote Low Not required Complete Complete Complete
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
43 CVE-2019-11030 798 Exec Code 2019-08-22 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.
44 CVE-2019-11031 434 2019-08-22 2019-08-30
10.0
None Remote Low Not required Complete Complete Complete
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.
45 CVE-2019-12103 78 2019-08-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.
46 CVE-2019-12618 269 2019-08-12 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
47 CVE-2019-12643 287 Exec Code Bypass +Info 2019-08-28 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.
48 CVE-2019-13405 306 2019-08-29 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.
49 CVE-2019-14527 78 Exec Code 2019-08-14 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
50 CVE-2019-14699 78 Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
Total number of vulnerabilities : 2004   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.