CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-15560 89 Sql 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.
102 CVE-2019-15559 89 Sql 2019-08-26 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
DianoxDragon Hawn before 2019-07-10 allows SQL injection.
103 CVE-2019-15558 89 Sql 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.
104 CVE-2019-15557 89 Sql 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.
105 CVE-2019-15556 89 Sql 2019-08-26 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.
106 CVE-2019-15555 89 Sql 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.
107 CVE-2019-15554 787 Mem. Corr. 2019-08-26 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.
108 CVE-2019-15553 908 2019-08-26 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.
109 CVE-2019-15552 416 Exec Code 2019-08-26 2019-09-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.
110 CVE-2019-15551 415 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.
111 CVE-2019-15550 125 2019-08-26 2019-09-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary.
112 CVE-2019-15549 400 2019-08-26 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field.
113 CVE-2019-15548 119 Overflow 2019-08-26 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled.
114 CVE-2019-15547 134 2019-08-26 2019-08-29
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.
115 CVE-2019-15546 134 2019-08-26 2019-08-29
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.
116 CVE-2019-15545 347 2019-08-26 2020-08-24
5.0
None Remote Low Not required None Partial None
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.
117 CVE-2019-15544 770 2019-08-26 2021-09-14
5.0
None Remote Low Not required None None Partial
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.
118 CVE-2019-15543 787 Mem. Corr. 2019-08-26 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases.
119 CVE-2019-15542 674 2019-08-26 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.
120 CVE-2019-15541 88 DoS 2019-08-26 2019-09-03
5.0
None Remote Low Not required None None Partial
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.
121 CVE-2019-15540 787 Overflow 2019-08-25 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
122 CVE-2019-15538 400 2019-08-25 2021-06-02
7.8
None Remote Low Not required None None Complete
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
123 CVE-2019-15537 89 Sql 2019-08-23 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
124 CVE-2019-15536 89 Sql 2019-08-23 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
125 CVE-2019-15535 89 Sql 2019-08-23 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
126 CVE-2019-15534 89 Sql 2019-08-26 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.
127 CVE-2019-15533 89 Sql 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.
128 CVE-2019-15532 79 XSS 2019-08-26 2019-08-26
4.3
None Remote Medium Not required None Partial None
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.
129 CVE-2019-15531 125 2019-08-23 2021-12-26
4.3
None Remote Medium Not required None None Partial
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
130 CVE-2019-15530 78 2019-08-23 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
131 CVE-2019-15529 78 2019-08-23 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
132 CVE-2019-15528 78 2019-08-23 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
133 CVE-2019-15527 78 2019-08-23 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
134 CVE-2019-15526 78 2019-08-23 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
135 CVE-2019-15525 295 2019-08-23 2019-08-30
6.8
None Remote Medium Not required Partial Partial Partial
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.
136 CVE-2019-15524 434 Exec Code 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.
137 CVE-2019-15521 502 2019-08-26 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
138 CVE-2019-15520 22 Dir. Trav. 2019-08-23 2019-08-27
5.0
None Remote Low Not required Partial None None
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.
139 CVE-2019-15519 22 Dir. Trav. 2019-08-23 2019-08-30
10.0
None Remote Low Not required Complete Complete Complete
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
140 CVE-2019-15518 22 Dir. Trav. 2019-08-23 2019-08-27
5.0
None Remote Low Not required Partial None None
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
141 CVE-2019-15517 22 Dir. Trav. 2019-08-23 2019-08-27
4.9
None Local Low Not required Complete None None
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.
142 CVE-2019-15516 22 Dir. Trav. 2019-08-23 2019-08-27
5.0
None Remote Low Not required Partial None None
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.
143 CVE-2019-15515 352 CSRF 2019-08-26 2019-08-29
4.3
None Remote Medium Not required Partial None None
Discourse 2.3.2 sends the CSRF token in the query string.
144 CVE-2019-15514 200 +Info 2019-08-23 2021-07-21
5.0
None Remote Low Not required Partial None None
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.
145 CVE-2019-15513 667 2019-08-23 2021-01-03
7.8
None Remote Low Not required None None Complete
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
146 CVE-2019-15508 532 2019-08-23 2021-07-21
3.5
None Remote Medium ??? Partial None None
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.
147 CVE-2019-15507 532 2019-08-23 2021-07-21
3.5
None Remote Medium ??? Partial None None
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.
148 CVE-2019-15506 200 +Info 2019-08-26 2021-07-21
7.8
None Remote Low Not required Complete None None
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected.
149 CVE-2019-15505 125 2019-08-23 2019-09-04
10.0
None Remote Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
150 CVE-2019-15504 415 2019-08-23 2019-09-04
10.0
None Remote Low Not required Complete Complete Complete
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
Total number of vulnerabilities : 2004   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.