CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2019-0335 79 XSS 2019-08-14 2019-08-26
4.3
None Remote Medium Not required None Partial None
Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack.
1302 CVE-2019-0334 79 XSS 2019-08-14 2019-08-22
4.9
None Remote Medium ??? Partial Partial None
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.
1303 CVE-2019-0333 2019-08-14 2020-08-24
4.0
None Remote Low ??? Partial None None
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.
1304 CVE-2019-0332 79 XSS 2019-08-14 2019-08-19
4.3
None Remote Medium Not required None Partial None
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.
1305 CVE-2019-0331 2019-08-14 2020-08-24
5.0
None Remote Low Not required Partial None None
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure.
1306 CVE-2019-0193 94 2019-08-01 2021-07-30
9.0
None Remote Low ??? Complete Complete Complete
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
1307 CVE-2019-0173 Bypass 2019-08-19 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
1308 CVE-2018-21007 284 2019-08-29 2019-09-07
7.5
None Remote Low Not required Partial Partial Partial
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
1309 CVE-2018-21006 352 CSRF 2019-08-27 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.
1310 CVE-2018-21005 94 2019-08-27 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.
1311 CVE-2018-21004 89 Sql 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
1312 CVE-2018-21003 89 Sql 2019-08-27 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
1313 CVE-2018-21002 352 CSRF 2019-08-27 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.
1314 CVE-2018-21001 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The anycomment plugin before 0.0.33 for WordPress has XSS.
1315 CVE-2018-21000 119 Overflow Mem. Corr. 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.
1316 CVE-2018-20999 682 2019-08-26 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.
1317 CVE-2018-20998 119 Overflow Mem. Corr. 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.
1318 CVE-2018-20997 416 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
1319 CVE-2018-20996 415 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.
1320 CVE-2018-20995 119 Overflow Mem. Corr. 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled.
1321 CVE-2018-20994 674 2019-08-26 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled.
1322 CVE-2018-20993 674 2019-08-26 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization.
1323 CVE-2018-20992 908 2019-08-26 2020-08-24
4.3
None Remote Medium Not required Partial None None
An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.
1324 CVE-2018-20991 415 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.
1325 CVE-2018-20990 59 2019-08-26 2019-08-28
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
1326 CVE-2018-20989 191 2019-08-26 2019-08-30
5.0
None Remote Low Not required None None Partial
An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic.
1327 CVE-2018-20988 94 2019-08-22 2020-08-24
5.0
None Remote Low Not required None Partial None
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.
1328 CVE-2018-20987 502 2019-08-22 2019-08-23
7.5
None Remote Low Not required Partial Partial Partial
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
1329 CVE-2018-20986 79 XSS 2019-08-22 2019-08-27
3.5
None Remote Medium ??? None Partial None
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
1330 CVE-2018-20985 20 File Inclusion 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.
1331 CVE-2018-20984 502 2019-08-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.
1332 CVE-2018-20983 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.
1333 CVE-2018-20982 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.
1334 CVE-2018-20981 20 2019-08-22 2019-08-26
6.4
None Remote Low Not required Partial Partial None
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
1335 CVE-2018-20980 20 2019-08-22 2019-08-26
5.0
None Remote Low Not required None Partial None
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
1336 CVE-2018-20979 2019-08-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
1337 CVE-2018-20978 79 XSS 2019-08-20 2019-08-21
4.3
None Remote Medium Not required None Partial None
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
1338 CVE-2018-20977 79 XSS 2019-08-21 2019-09-04
4.3
None Remote Medium Not required None Partial None
The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.
1339 CVE-2018-20976 416 2019-08-19 2019-09-06
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.
1340 CVE-2018-20975 79 XSS 2019-08-20 2019-08-26
4.3
None Remote Medium Not required None Partial None
Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.
1341 CVE-2018-20974 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The js-jobs plugin before 1.0.7 for WordPress has CSRF.
1342 CVE-2018-20973 20 File Inclusion 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
1343 CVE-2018-20972 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.
1344 CVE-2018-20971 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
1345 CVE-2018-20970 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.
1346 CVE-2018-20969 78 2019-08-16 2019-09-05
9.3
None Remote Medium Not required Complete Complete Complete
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
1347 CVE-2018-20968 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
1348 CVE-2018-20967 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
1349 CVE-2018-20966 79 XSS 2019-08-12 2019-08-15
4.3
None Remote Medium Not required None Partial None
The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.
1350 CVE-2018-20965 79 XSS 2019-08-12 2019-11-20
4.3
None Remote Medium Not required None Partial None
The ultimate-member plugin before 2.0.4 for WordPress has XSS.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.