CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2019-5687 276 2019-08-06 2020-08-24
3.6
None Local Low Not required Partial None Partial
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor
1002 CVE-2019-5686 20 DoS 2019-08-06 2021-07-21
4.9
None Local Low Not required None None Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.
1003 CVE-2019-5685 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.
1004 CVE-2019-5684 787 DoS Exec Code 2019-08-06 2019-08-13
10.0
None Remote Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.
1005 CVE-2019-5683 59 DoS Exec Code 2019-08-06 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
1006 CVE-2019-5682 DoS Exec Code 2019-08-06 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service.
1007 CVE-2019-5681 DoS Exec Code 2019-08-13 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.
1008 CVE-2019-5679 287 DoS Exec Code 2019-08-06 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges
1009 CVE-2019-5638 613 2019-08-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.
1010 CVE-2019-5635 319 2019-08-22 2020-10-16
5.0
None Remote Low Not required Partial None None
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.
1011 CVE-2019-5634 532 2019-08-22 2019-10-09
2.1
None Local Low Not required Partial None None
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
1012 CVE-2019-5633 922 2019-08-22 2020-10-16
2.1
None Local Low Not required Partial None None
An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions.
1013 CVE-2019-5632 922 2019-08-22 2020-10-16
2.1
None Local Low Not required Partial None None
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
1014 CVE-2019-5631 426 2019-08-19 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.
1015 CVE-2019-5612 362 2019-08-30 2020-08-24
7.8
None Remote Low Not required None None Complete
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.
1016 CVE-2019-5611 20 DoS 2019-08-30 2019-09-10
7.8
None Remote Low Not required None None Complete
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.
1017 CVE-2019-5610 125 DoS 2019-08-30 2019-09-10
5.0
None Remote Low Not required None None Partial
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service.
1018 CVE-2019-5609 787 2019-08-30 2020-08-24
6.4
None Remote Low Not required None Partial Partial
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.
1019 CVE-2019-5608 125 2019-08-30 2019-09-10
7.5
None Remote Low Not required Partial Partial Partial
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.
1020 CVE-2019-5594 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
1021 CVE-2019-5592 347 2019-08-23 2020-08-24
4.3
None Remote Medium Not required Partial None None
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.
1022 CVE-2019-5590 79 Exec Code XSS 2019-08-28 2019-09-03
4.3
None Remote Medium Not required None Partial None
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
1023 CVE-2019-5530 20 2019-08-29 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature.
1024 CVE-2019-5502 310 2019-08-05 2021-07-21
6.4
None Remote Low Not required Partial Partial None
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
1025 CVE-2019-5501 2019-08-02 2020-08-24
5.0
None Remote Low Not required Partial None None
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
1026 CVE-2019-5498 2019-08-09 2020-08-24
4.0
None Remote Low ??? Partial None None
OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.
1027 CVE-2019-5493 2019-08-02 2020-08-24
4.3
None Remote Medium Not required Partial None None
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
1028 CVE-2019-5477 78 Exec Code 2019-08-16 2020-10-16
7.5
None Remote Low Not required Partial Partial Partial
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
1029 CVE-2019-5476 89 Exec Code Sql 2019-08-07 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.
1030 CVE-2019-5408 2019-08-09 2020-08-24
6.4
None Remote Low Not required Partial Partial None
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.
1031 CVE-2019-5407 2019-08-09 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
1032 CVE-2019-5406 384 2019-08-09 2019-08-16
9.0
None Remote Low ??? Complete Complete Complete
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
1033 CVE-2019-5405 Bypass 2019-08-09 2020-08-24
5.0
None Remote Low Not required Partial None None
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
1034 CVE-2019-5404 74 2019-08-09 2019-08-16
8.7
None Remote Low ??? Complete Complete Partial
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
1035 CVE-2019-5403 79 XSS 2019-08-09 2019-08-16
3.5
None Remote Medium ??? None Partial None
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
1036 CVE-2019-5402 Bypass 2019-08-09 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
1037 CVE-2019-5401 79 XSS 2019-08-01 2019-08-08
3.5
None Remote Medium ??? None Partial None
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.
1038 CVE-2019-5400 384 2019-08-09 2019-08-16
6.5
None Remote Low ??? Partial Partial Partial
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
1039 CVE-2019-5399 2019-08-09 2020-08-24
9.7
None Remote Low Not required Partial Complete Complete
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
1040 CVE-2019-5398 79 XSS 2019-08-09 2019-08-16
3.5
None Remote Medium ??? None Partial None
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
1041 CVE-2019-5397 79 XSS Bypass 2019-08-09 2020-08-24
9.7
None Remote Low Not required Partial Complete Complete
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
1042 CVE-2019-5396 Bypass 2019-08-09 2020-08-24
9.7
None Remote Low Not required Partial Complete Complete
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
1043 CVE-2019-5395 434 2019-08-09 2019-08-16
6.5
None Remote Low ??? Partial Partial Partial
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
1044 CVE-2019-5301 +Info 2019-08-08 2020-08-24
4.3
None Remote Medium Not required Partial None None
Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information.
1045 CVE-2019-5299 347 Exec Code Bypass 2019-08-13 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code.
1046 CVE-2019-5280 295 2019-08-13 2019-08-27
5.8
None Remote Medium Not required Partial None Partial
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.
1047 CVE-2019-5239 +Info 2019-08-08 2020-08-24
4.3
None Remote Medium Not required Partial None None
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information.
1048 CVE-2019-5238 Exec Code 2019-08-08 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.
1049 CVE-2019-5237 Exec Code 2019-08-08 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.
1050 CVE-2019-5236 415 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.