| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-8032 |
269 |
|
|
2020-08-14 |
2020-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. |
|
2 |
CVE-2015-8033 |
521 |
|
|
2020-08-14 |
2020-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. |
|
3 |
CVE-2015-9549 |
79 |
|
XSS |
2020-08-03 |
2020-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. |
|
4 |
CVE-2016-11085 |
352 |
|
XSS CSRF |
2020-08-16 |
2020-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. |
|
5 |
CVE-2017-18112 |
200 |
|
+Info |
2020-08-05 |
2020-08-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3. |
|
6 |
CVE-2018-1501 |
306 |
|
+Info |
2020-08-26 |
2020-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. |
|
7 |
CVE-2018-1985 |
120 |
|
Overflow |
2020-08-24 |
2021-09-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. |
|
8 |
CVE-2019-4366 |
200 |
|
+Info |
2020-08-03 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. |
|
9 |
CVE-2019-4533 |
20 |
|
DoS |
2020-08-28 |
2020-08-31 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. |
|
10 |
CVE-2019-4579 |
|
|
Bypass |
2020-08-28 |
2020-09-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. |
|
11 |
CVE-2019-4582 |
22 |
|
Dir. Trav. |
2020-08-13 |
2020-08-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288. |
|
12 |
CVE-2019-4589 |
269 |
|
|
2020-08-03 |
2020-08-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449. |
|
13 |
CVE-2019-4686 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. |
|
14 |
CVE-2019-4688 |
565 |
|
|
2020-08-26 |
2020-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. |
|
15 |
CVE-2019-4689 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826. |
|
16 |
CVE-2019-4691 |
79 |
|
XSS |
2020-08-26 |
2020-08-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. |
|
17 |
CVE-2019-4692 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. |
|
18 |
CVE-2019-4693 |
522 |
|
|
2020-08-26 |
2020-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. |
|
19 |
CVE-2019-4694 |
798 |
|
|
2020-08-26 |
2020-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. |
|
20 |
CVE-2019-4695 |
922 |
|
|
2020-08-26 |
2020-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. |
|
21 |
CVE-2019-4697 |
522 |
|
|
2020-08-26 |
2020-08-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. |
|
22 |
CVE-2019-4698 |
521 |
|
|
2020-08-26 |
2020-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. |
|
23 |
CVE-2019-4699 |
209 |
|
|
2020-08-26 |
2020-08-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. |
|
24 |
CVE-2019-4701 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. |
|
25 |
CVE-2019-4713 |
78 |
|
Exec Code |
2020-08-26 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. |
|
26 |
CVE-2019-5320 |
79 |
|
XSS |
2020-08-26 |
2020-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. |
|
27 |
CVE-2019-5321 |
863 |
|
|
2020-08-26 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI. |
|
28 |
CVE-2019-5591 |
200 |
|
+Info |
2020-08-14 |
2021-07-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. |
|
29 |
CVE-2019-6112 |
79 |
|
XSS |
2020-08-14 |
2020-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). |
|
30 |
CVE-2019-6258 |
120 |
|
Overflow |
2020-08-18 |
2020-08-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. |
|
31 |
CVE-2019-7005 |
|
|
|
2020-08-07 |
2021-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. |
|
32 |
CVE-2019-7410 |
79 |
|
XSS |
2020-08-14 |
2020-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). |
|
33 |
CVE-2019-11847 |
269 |
|
|
2020-08-21 |
2020-10-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. |
|
34 |
CVE-2019-11848 |
787 |
|
|
2020-08-21 |
2022-02-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. |
|
35 |
CVE-2019-11849 |
787 |
|
Exec Code Overflow |
2020-08-21 |
2022-02-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. |
|
36 |
CVE-2019-11850 |
787 |
|
Exec Code Overflow |
2020-08-21 |
2022-02-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution |
|
37 |
CVE-2019-11852 |
125 |
|
|
2020-08-21 |
2022-02-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. |
|
38 |
CVE-2019-11853 |
77 |
|
|
2020-08-21 |
2022-02-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. |
|
39 |
CVE-2019-11855 |
|
|
|
2020-08-21 |
2022-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. |
|
40 |
CVE-2019-11856 |
294 |
|
|
2020-08-21 |
2022-02-09 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. |
|
41 |
CVE-2019-11857 |
20 |
|
|
2020-08-21 |
2022-02-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. |
|
42 |
CVE-2019-11858 |
120 |
|
Overflow |
2020-08-21 |
2022-02-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. |
|
43 |
CVE-2019-11859 |
120 |
|
Exec Code Overflow |
2020-08-21 |
2022-02-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. |
|
44 |
CVE-2019-11862 |
863 |
|
|
2020-08-21 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. |
|
45 |
CVE-2019-14620 |
|
|
DoS |
2020-08-13 |
2020-08-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. |
|
46 |
CVE-2019-14630 |
200 |
|
+Info |
2020-08-13 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. |
|
47 |
CVE-2019-14904 |
20 |
|
|
2020-08-26 |
2022-04-22 |
6.1 |
None |
Local |
Low |
Not required |
Complete |
Partial |
Partial |
|
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. |
|
48 |
CVE-2019-16374 |
|
|
Bypass |
2020-08-13 |
2020-08-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. |
|
49 |
CVE-2019-17339 |
|
|
|
2020-08-11 |
2020-08-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below. |
|
50 |
CVE-2019-18847 |
295 |
|
Exec Code |
2020-08-26 |
2020-09-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. |
