CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2018-18371 327 +Info 2019-08-30 2021-06-24
4.0
None Remote Low ??? Partial None None
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
1452 CVE-2018-18370 79 XSS 2019-08-30 2021-07-08
4.3
None Remote Medium Not required None Partial None
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
1453 CVE-2018-18056 200 Exec Code +Info 2019-08-20 2019-09-12
2.1
None Local Low Not required Partial None None
An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of "instruction oracle."
1454 CVE-2018-17791 669 2019-08-21 2020-08-24
5.0
None Remote Low Not required None None Partial
Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, resulting in unavailability of the service to legitimate users. This occurs because non-editable parameters can be modified by manually editing a disabled form field within the developer options.
1455 CVE-2018-17790 79 XSS 2019-08-15 2019-09-26
4.3
None Remote Medium Not required None Partial None
Prospecta Master Data Online (MDO) 2.0 has Stored XSS.
1456 CVE-2018-15513 284 2019-08-30 2019-09-03
5.0
None Remote Low Not required Partial None None
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.
1457 CVE-2018-15512 79 XSS 2019-08-30 2019-09-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.
1458 CVE-2018-15511 79 XSS 2019-08-30 2019-09-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.
1459 CVE-2018-15510 79 XSS 2019-08-30 2019-09-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.
1460 CVE-2018-14672 22 Dir. Trav. 2019-08-15 2019-08-27
5.0
None Remote Low Not required Partial None None
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
1461 CVE-2018-14671 20 Exec Code 2019-08-15 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
1462 CVE-2018-14670 285 2019-08-15 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
1463 CVE-2018-14669 200 +Info 2019-08-15 2019-08-28
5.0
None Remote Low Not required Partial None None
ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
1464 CVE-2018-14668 352 2019-08-15 2019-08-29
6.8
None Remote Medium Not required Partial Partial Partial
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
1465 CVE-2018-14383 611 2019-08-07 2019-08-14
5.0
None Remote Low Not required Partial None None
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7
1466 CVE-2018-14062 310 DoS 2019-08-15 2019-08-28
9.4
None Remote Low Not required None Complete Complete
The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.
1467 CVE-2018-14008 287 2019-08-15 2019-08-28
3.3
None Local Network Low Not required None None Partial
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
1468 CVE-2018-13367 200 +Info 2019-08-23 2020-06-03
5.0
None Remote Low Not required Partial None None
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
1469 CVE-2018-12357 732 2019-08-15 2020-08-24
4.0
None Remote Low ??? Partial None None
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
1470 CVE-2018-12101 79 XSS 2019-08-15 2019-08-26
3.5
None Remote Medium ??? None Partial None
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.
1471 CVE-2018-10899 352 Exec Code CSRF 2019-08-01 2021-08-04
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
1472 CVE-2018-1987 287 2019-08-02 2020-08-24
1.9
None Local Medium Not required Partial None None
IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.
1473 CVE-2018-1796 +Priv 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
1474 CVE-2018-1636 787 Exec Code Overflow 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
1475 CVE-2018-1635 787 Exec Code Overflow 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
1476 CVE-2018-1634 59 +Priv 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
1477 CVE-2018-1633 59 +Priv 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
1478 CVE-2018-1632 59 +Priv 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
1479 CVE-2018-1631 59 +Priv 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.
1480 CVE-2018-1630 59 +Priv 2019-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.
1481 CVE-2017-18594 415 DoS 2019-08-29 2019-09-26
5.0
None Remote Low Not required None None Partial
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
1482 CVE-2017-18593 79 XSS 2019-08-28 2019-08-30
4.3
None Remote Medium Not required None Partial None
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.
1483 CVE-2017-18592 434 2019-08-27 2019-08-29
5.0
None Remote Low Not required None Partial None
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.
1484 CVE-2017-18591 79 XSS 2019-08-27 2019-08-29
4.3
None Remote Medium Not required None Partial None
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
1485 CVE-2017-18590 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.
1486 CVE-2017-18589 20 2019-08-26 2019-08-30
5.0
None Remote Low Not required None None Partial
An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic.
1487 CVE-2017-18588 295 2019-08-26 2019-08-30
5.0
None Remote Low Not required None Partial None
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.
1488 CVE-2017-18587 93 2019-08-26 2019-09-03
5.0
None Remote Low Not required None Partial None
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.
1489 CVE-2017-18586 22 Dir. Trav. 2019-08-22 2019-08-29
6.4
None Remote Low Not required Partial Partial None
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.
1490 CVE-2017-18585 22 Dir. Trav. 2019-08-22 2019-08-23
5.5
None Remote Low ??? Partial Partial None
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.
1491 CVE-2017-18584 264 2019-08-22 2019-08-26
5.0
None Remote Low Not required None Partial None
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.
1492 CVE-2017-18583 74 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.
1493 CVE-2017-18582 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.
1494 CVE-2017-18581 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.
1495 CVE-2017-18580 20 Exec Code 2019-08-22 2019-08-23
7.5
None Remote Low Not required Partial Partial Partial
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
1496 CVE-2017-18579 79 XSS 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The corner-ad plugin before 1.0.8 for WordPress has XSS.
1497 CVE-2017-18578 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.
1498 CVE-2017-18577 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.
1499 CVE-2017-18576 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.
1500 CVE-2017-18575 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.