CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2018-20964 352 CSRF 2019-08-13 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
1352 CVE-2018-20963 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
1353 CVE-2018-20962 79 XSS 2019-08-08 2019-08-15
4.3
None Remote Medium Not required None Partial None
The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.
1354 CVE-2018-20961 415 DoS 2019-08-07 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
1355 CVE-2018-20960 2019-08-08 2020-08-24
4.8
None Local Network Low Not required None Partial Partial
Nespresso Prodigio devices lack Bluetooth connection security.
1356 CVE-2018-20959 2019-08-07 2020-08-24
4.8
None Local Network Low Not required None Partial Partial
Jura E8 devices lack Bluetooth connection security.
1357 CVE-2018-20958 200 +Info 2019-08-07 2019-08-15
3.3
None Local Network Low Not required Partial None None
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.
1358 CVE-2018-20957 284 2019-08-08 2019-08-16
5.8
None Local Network Low Not required Partial Partial Partial
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
1359 CVE-2018-20956 532 2019-08-08 2021-08-24
2.1
None Local Low Not required Partial None None
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31.
1360 CVE-2018-20955 798 2019-08-08 2021-08-24
10.0
None Remote Low Not required Complete Complete Complete
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.
1361 CVE-2018-20954 287 2019-08-08 2020-08-24
5.0
None Remote Low Not required Partial None None
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
1362 CVE-2018-20953 79 XSS 2019-08-01 2019-08-08
4.3
None Remote Medium Not required None Partial None
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
1363 CVE-2018-20952 200 +Info 2019-08-01 2019-08-08
4.0
None Remote Low ??? Partial None None
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
1364 CVE-2018-20951 79 XSS 2019-08-01 2019-08-07
4.3
None Remote Medium Not required None Partial None
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
1365 CVE-2018-20950 79 XSS 2019-08-01 2019-08-07
4.3
None Remote Medium Not required None Partial None
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
1366 CVE-2018-20949 79 XSS 2019-08-01 2019-08-07
4.3
None Remote Medium Not required None Partial None
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
1367 CVE-2018-20948 79 XSS 2019-08-01 2019-08-07
4.3
None Remote Medium Not required None Partial None
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
1368 CVE-2018-20947 668 2019-08-01 2019-08-08
2.1
None Local Low Not required None Partial None
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
1369 CVE-2018-20946 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
1370 CVE-2018-20945 285 2019-08-01 2019-08-13
7.9
None Remote Medium ??? None Complete Complete
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
1371 CVE-2018-20944 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
1372 CVE-2018-20943 200 +Info 2019-08-01 2019-08-09
1.9
None Local Medium Not required Partial None None
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
1373 CVE-2018-20942 200 +Info 2019-08-01 2019-08-09
1.9
None Local Medium Not required Partial None None
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
1374 CVE-2018-20941 200 +Info 2019-08-01 2019-08-08
4.7
None Local Medium Not required Complete None None
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
1375 CVE-2018-20940 362 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
1376 CVE-2018-20939 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
1377 CVE-2018-20938 284 2019-08-01 2019-08-09
4.0
None Remote Low ??? None Partial None
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
1378 CVE-2018-20937 287 2019-08-01 2019-08-12
4.0
None Remote Low ??? None Partial None
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
1379 CVE-2018-20936 732 2019-08-01 2020-08-24
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
1380 CVE-2018-20935 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
1381 CVE-2018-20934 358 2019-08-01 2019-08-12
6.4
None Remote Low Not required None Partial Partial
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
1382 CVE-2018-20933 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
1383 CVE-2018-20932 538 2019-08-01 2019-08-12
4.0
None Remote Low ??? Partial None None
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
1384 CVE-2018-20931 94 Exec Code 2019-08-01 2019-08-12
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
1385 CVE-2018-20930 284 Bypass 2019-08-01 2019-08-12
6.4
None Remote Low Not required Partial Partial None
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
1386 CVE-2018-20929 601 2019-08-01 2019-08-08
5.8
None Remote Medium Not required Partial Partial None
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
1387 CVE-2018-20928 79 XSS 2019-08-01 2019-08-08
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
1388 CVE-2018-20927 285 2019-08-01 2019-08-12
2.1
None Local Low Not required Partial None None
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
1389 CVE-2018-20926 434 2019-08-01 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
1390 CVE-2018-20925 434 2019-08-01 2019-08-12
4.6
None Local Low Not required Partial Partial Partial
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
1391 CVE-2018-20924 287 2019-08-01 2019-08-08
7.5
None Remote Low ??? Complete Partial None
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
1392 CVE-2018-20923 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
1393 CVE-2018-20922 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
1394 CVE-2018-20921 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
1395 CVE-2018-20920 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
1396 CVE-2018-20919 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
1397 CVE-2018-20918 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
1398 CVE-2018-20917 20 2019-08-01 2019-08-01
2.1
None Local Low Not required None None Partial
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
1399 CVE-2018-20916 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
1400 CVE-2018-20915 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.