CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2019-12624 352 CSRF 2019-08-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.
602 CVE-2019-12623 538 2019-08-21 2019-10-09
4.0
None Remote Low ??? Partial None None
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.
603 CVE-2019-12622 2019-08-21 2020-10-08
2.1
None Local Low Not required None Partial None
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
604 CVE-2019-12621 327 2019-08-21 2021-10-28
5.8
None Remote Medium Not required Partial Partial None
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
605 CVE-2019-12618 269 2019-08-12 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
606 CVE-2019-12532 2019-08-26 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.
607 CVE-2019-12479 22 Dir. Trav. 2019-08-13 2019-08-21
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs.
608 CVE-2019-12402 835 DoS 2019-08-30 2021-10-20
5.0
None Remote Low Not required None None Partial
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
609 CVE-2019-12400 20 2019-08-23 2021-10-20
1.9
None Local Medium Not required None Partial None
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
610 CVE-2019-12397 79 XSS 2019-08-08 2019-12-30
4.3
None Remote Medium Not required None Partial None
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.
611 CVE-2019-12386 79 XSS 2019-08-22 2019-11-11
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.
612 CVE-2019-12385 89 Sql 2019-08-22 2019-11-11
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.
613 CVE-2019-12265 401 +Info 2019-08-09 2020-08-24
5.0
None Remote Low Not required Partial None None
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
614 CVE-2019-12264 88 2019-08-05 2021-09-07
4.8
None Local Network Low Not required None Partial Partial
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.
615 CVE-2019-12263 362 Overflow 2019-08-09 2021-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
616 CVE-2019-12262 2019-08-14 2021-09-07
7.5
None Remote Low Not required Partial Partial Partial
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).
617 CVE-2019-12261 787 Overflow 2019-08-09 2021-09-07
7.5
None Remote Low Not required Partial Partial Partial
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
618 CVE-2019-12260 787 Overflow 2019-08-09 2021-09-07
7.5
None Remote Low Not required Partial Partial Partial
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
619 CVE-2019-12259 476 2019-08-09 2021-09-07
5.0
None Remote Low Not required None None Partial
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
620 CVE-2019-12258 384 2019-08-09 2021-09-07
5.0
None Remote Low Not required None None Partial
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
621 CVE-2019-12257 787 Overflow 2019-08-09 2020-08-24
5.8
None Local Network Low Not required Partial Partial Partial
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
622 CVE-2019-12256 787 Overflow 2019-08-09 2021-09-07
7.5
None Remote Low Not required Partial Partial Partial
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.
623 CVE-2019-12255 119 Overflow 2019-08-09 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
624 CVE-2019-12104 77 2019-08-14 2019-08-19
9.0
None Remote Low ??? Complete Complete Complete
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
625 CVE-2019-12103 78 2019-08-14 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.
626 CVE-2019-11924 770 2019-08-20 2020-08-24
7.8
None Remote Low Not required None None Complete
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
627 CVE-2019-11897 918 2019-08-21 2019-10-09
5.0
None Remote Low Not required Partial None None
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.
628 CVE-2019-11806 732 2019-08-20 2020-08-24
2.1
None Local Low Not required Partial None None
OX App Suite 7.10.1 and earlier has Insecure Permissions.
629 CVE-2019-11776 79 XSS 2019-08-09 2020-12-18
4.3
None Remote Medium Not required None Partial None
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
630 CVE-2019-11658 200 +Info 2019-08-30 2019-08-30
4.0
None Remote Low ??? Partial None None
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.
631 CVE-2019-11654 22 Dir. Trav. 2019-08-23 2021-05-12
5.0
None Remote Low Not required Partial None None
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
632 CVE-2019-11653 Bypass 2019-08-07 2020-08-24
5.5
None Remote Low ??? Partial Partial None
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.
633 CVE-2019-11652 Bypass 2019-08-14 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
634 CVE-2019-11603 22 Dir. Trav. 2019-08-21 2019-10-09
5.0
None Remote Low Not required Partial None None
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
635 CVE-2019-11602 209 +Info 2019-08-21 2020-08-24
5.0
None Remote Low Not required Partial None None
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
636 CVE-2019-11601 22 Dir. Trav. 2019-08-21 2019-10-09
6.4
None Remote Low Not required None Partial Partial
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
637 CVE-2019-11589 601 CSRF 2019-08-23 2019-08-30
5.8
None Remote Medium Not required Partial Partial None
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
638 CVE-2019-11588 352 CSRF 2019-08-23 2019-08-27
4.3
None Remote Medium Not required None None Partial
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.
639 CVE-2019-11587 352 CSRF 2019-08-23 2019-08-27
4.3
None Remote Medium Not required None Partial None
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).
640 CVE-2019-11586 352 CSRF 2019-08-23 2019-08-27
4.3
None Remote Medium Not required None Partial None
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.
641 CVE-2019-11585 601 2019-08-23 2019-08-27
5.8
None Remote Medium Not required Partial Partial None
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
642 CVE-2019-11584 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.
643 CVE-2019-11581 94 Exec Code 2019-08-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
644 CVE-2019-11551 269 2019-08-21 2020-08-24
2.1
None Local Low Not required None Partial None
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.
645 CVE-2019-11522 79 XSS 2019-08-20 2019-08-23
3.5
None Remote Medium ??? None Partial None
OX App Suite 7.10.0 to 7.10.2 allows XSS.
646 CVE-2019-11521 269 2019-08-20 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
OX App Suite 7.10.1 allows Content Spoofing.
647 CVE-2019-11500 787 Exec Code 2019-08-29 2019-09-06
7.5
None Remote Low Not required Partial Partial Partial
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
648 CVE-2019-11476 190 Exec Code Overflow 2019-08-29 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.
649 CVE-2019-11457 352 CSRF 2019-08-27 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
650 CVE-2019-11396 59 2019-08-29 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.