CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2019-15503 78 Exec Code 2019-08-26 2019-08-30
10.0
None Remote Low Not required Complete Complete Complete
cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter.
152 CVE-2019-15502 2019-08-29 2020-08-24
5.0
None Remote Low Not required None None Partial
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE).
153 CVE-2019-15501 79 XSS 2019-08-26 2019-08-28
4.3
None Remote Medium Not required None Partial None
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
154 CVE-2019-15499 79 XSS 2019-08-23 2019-10-09
4.3
None Remote Medium Not required None Partial None
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
155 CVE-2019-15498 88 Exec Code 2019-08-23 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
156 CVE-2019-15497 798 2019-08-26 2019-09-04
10.0
None Remote Low Not required Complete Complete Complete
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.
157 CVE-2019-15496 352 CSRF 2019-08-28 2019-08-30
6.8
None Remote Medium Not required Partial Partial Partial
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
158 CVE-2019-15494 918 2019-08-23 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
159 CVE-2019-15493 2019-08-23 2020-08-24
6.4
None Remote Low Not required None Partial Partial
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
160 CVE-2019-15492 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
161 CVE-2019-15491 352 CSRF 2019-08-23 2019-08-26
6.8
None Remote Medium Not required Partial Partial Partial
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.
162 CVE-2019-15490 94 2019-08-23 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.
163 CVE-2019-15489 79 XSS 2019-08-26 2019-08-26
4.3
None Remote Medium Not required None Partial None
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.
164 CVE-2019-15488 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
165 CVE-2019-15487 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
DfE School Experience before v16333-GA has XSS via a teacher training URL.
166 CVE-2019-15486 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.
167 CVE-2019-15485 79 XSS 2019-08-23 2021-01-04
4.3
None Remote Medium Not required None Partial None
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
168 CVE-2019-15484 79 XSS 2019-08-23 2021-01-04
4.3
None Remote Medium Not required None Partial None
Bolt before 3.6.10 has XSS via an image's alt or title field.
169 CVE-2019-15483 79 XSS 2019-08-23 2021-01-04
4.3
None Remote Medium Not required None Partial None
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.
170 CVE-2019-15482 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
selectize-plugin-a11y before 1.1.0 has XSS via the msg field.
171 CVE-2019-15481 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
Kimai v2 before 1.1 has XSS via a timesheet description.
172 CVE-2019-15480 79 XSS 2019-08-23 2019-08-26
3.5
None Remote Medium ??? None Partial None
Domoticz 4.10717 has XSS via item.Name.
173 CVE-2019-15479 79 XSS 2019-08-26 2019-08-28
4.3
None Remote Medium Not required None Partial None
Status Board 1.1.81 has reflected XSS via dashboard.ts.
174 CVE-2019-15478 79 XSS 2019-08-26 2019-08-26
4.3
None Remote Medium Not required None Partial None
Status Board 1.1.81 has reflected XSS via logic.ts.
175 CVE-2019-15477 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
Jooby before 1.6.4 has XSS via the default error handler.
176 CVE-2019-15476 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
Former before 4.2.1 has XSS via a checkbox value.
177 CVE-2019-15331 79 XSS 2019-08-22 2020-08-24
4.3
None Remote Medium Not required None Partial None
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.
178 CVE-2019-15330 200 +Info 2019-08-22 2021-07-21
5.0
None Remote Low Not required Partial None None
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.
179 CVE-2019-15329 352 CSRF 2019-08-22 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
180 CVE-2019-15328 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
181 CVE-2019-15327 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
182 CVE-2019-15326 22 Dir. Trav. 2019-08-22 2019-08-23
5.0
None Remote Low Not required None Partial None
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
183 CVE-2019-15325 2019-08-22 2020-08-24
5.0
None Remote Low Not required None Partial None
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
184 CVE-2019-15324 20 Exec Code 2019-08-22 2019-08-26
6.5
None Remote Low ??? Partial Partial Partial
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
185 CVE-2019-15323 22 Dir. Trav. 2019-08-22 2019-09-06
5.0
None Remote Low Not required Partial None None
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
186 CVE-2019-15322 File Inclusion 2019-08-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.
187 CVE-2019-15321 502 2019-08-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
188 CVE-2019-15320 502 2019-08-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
189 CVE-2019-15319 502 2019-08-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
190 CVE-2019-15318 94 2019-08-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
191 CVE-2019-15317 79 XSS 2019-08-22 2019-08-26
3.5
None Remote Medium ??? None Partial None
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
192 CVE-2019-15316 367 2019-08-21 2020-08-24
6.9
None Local Medium Not required Complete Complete Complete
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.
193 CVE-2019-15315 732 2019-08-21 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch.
194 CVE-2019-15314 79 Exec Code XSS 2019-08-22 2019-08-28
3.5
None Remote Medium ??? None Partial None
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
195 CVE-2019-15304 1188 DoS 2019-08-26 2020-09-24
6.4
None Remote Low Not required Partial None Partial
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding.
196 CVE-2019-15296 119 Overflow 2019-08-21 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).
197 CVE-2019-15295 426 2019-08-21 2019-08-28
9.3
None Remote Medium Not required Complete Complete Complete
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.
198 CVE-2019-15294 532 2019-08-28 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
199 CVE-2019-15293 2019-08-21 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060.
200 CVE-2019-15292 416 2019-08-21 2019-09-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.