| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1101 |
CVE-2019-19704 |
200 |
|
+Info |
2020-08-08 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. |
|
1102 |
CVE-2019-19643 |
400 |
|
DoS |
2020-08-14 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. |
|
1103 |
CVE-2019-19499 |
89 |
|
Sql |
2020-08-28 |
2022-04-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. |
|
1104 |
CVE-2019-19455 |
732 |
|
Exec Code |
2020-08-03 |
2022-04-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5. |
|
1105 |
CVE-2019-19453 |
79 |
|
XSS |
2020-08-03 |
2020-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5. |
|
1106 |
CVE-2019-18847 |
295 |
|
Exec Code |
2020-08-26 |
2020-09-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. |
|
1107 |
CVE-2019-17339 |
|
|
|
2020-08-11 |
2020-08-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below. |
|
1108 |
CVE-2019-16374 |
|
|
Bypass |
2020-08-13 |
2020-08-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. |
|
1109 |
CVE-2019-14904 |
20 |
|
|
2020-08-26 |
2022-04-22 |
6.1 |
None |
Local |
Low |
Not required |
Complete |
Partial |
Partial |
|
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. |
|
1110 |
CVE-2019-14630 |
200 |
|
+Info |
2020-08-13 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. |
|
1111 |
CVE-2019-14620 |
|
|
DoS |
2020-08-13 |
2020-08-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. |
|
1112 |
CVE-2019-11862 |
863 |
|
|
2020-08-21 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. |
|
1113 |
CVE-2019-11859 |
120 |
|
Exec Code Overflow |
2020-08-21 |
2022-02-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. |
|
1114 |
CVE-2019-11858 |
120 |
|
Overflow |
2020-08-21 |
2022-02-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. |
|
1115 |
CVE-2019-11857 |
20 |
|
|
2020-08-21 |
2022-02-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. |
|
1116 |
CVE-2019-11856 |
294 |
|
|
2020-08-21 |
2022-02-09 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. |
|
1117 |
CVE-2019-11855 |
|
|
|
2020-08-21 |
2022-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. |
|
1118 |
CVE-2019-11853 |
77 |
|
|
2020-08-21 |
2022-02-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. |
|
1119 |
CVE-2019-11852 |
125 |
|
|
2020-08-21 |
2022-02-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. |
|
1120 |
CVE-2019-11850 |
787 |
|
Exec Code Overflow |
2020-08-21 |
2022-02-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution |
|
1121 |
CVE-2019-11849 |
787 |
|
Exec Code Overflow |
2020-08-21 |
2022-02-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. |
|
1122 |
CVE-2019-11848 |
787 |
|
|
2020-08-21 |
2022-02-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. |
|
1123 |
CVE-2019-11847 |
269 |
|
|
2020-08-21 |
2020-10-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. |
|
1124 |
CVE-2019-7410 |
79 |
|
XSS |
2020-08-14 |
2020-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). |
|
1125 |
CVE-2019-7005 |
|
|
|
2020-08-07 |
2021-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. |
|
1126 |
CVE-2019-6258 |
120 |
|
Overflow |
2020-08-18 |
2020-08-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. |
|
1127 |
CVE-2019-6112 |
79 |
|
XSS |
2020-08-14 |
2020-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). |
|
1128 |
CVE-2019-5591 |
200 |
|
+Info |
2020-08-14 |
2021-07-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. |
|
1129 |
CVE-2019-5321 |
863 |
|
|
2020-08-26 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI. |
|
1130 |
CVE-2019-5320 |
79 |
|
XSS |
2020-08-26 |
2020-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. |
|
1131 |
CVE-2019-4713 |
78 |
|
Exec Code |
2020-08-26 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. |
|
1132 |
CVE-2019-4701 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. |
|
1133 |
CVE-2019-4699 |
209 |
|
|
2020-08-26 |
2020-08-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. |
|
1134 |
CVE-2019-4698 |
521 |
|
|
2020-08-26 |
2020-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. |
|
1135 |
CVE-2019-4697 |
522 |
|
|
2020-08-26 |
2020-08-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. |
|
1136 |
CVE-2019-4695 |
922 |
|
|
2020-08-26 |
2020-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. |
|
1137 |
CVE-2019-4694 |
798 |
|
|
2020-08-26 |
2020-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. |
|
1138 |
CVE-2019-4693 |
522 |
|
|
2020-08-26 |
2020-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. |
|
1139 |
CVE-2019-4692 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. |
|
1140 |
CVE-2019-4691 |
79 |
|
XSS |
2020-08-26 |
2020-08-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. |
|
1141 |
CVE-2019-4689 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826. |
|
1142 |
CVE-2019-4688 |
565 |
|
|
2020-08-26 |
2020-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. |
|
1143 |
CVE-2019-4686 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. |
|
1144 |
CVE-2019-4589 |
269 |
|
|
2020-08-03 |
2020-08-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449. |
|
1145 |
CVE-2019-4582 |
22 |
|
Dir. Trav. |
2020-08-13 |
2020-08-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288. |
|
1146 |
CVE-2019-4579 |
|
|
Bypass |
2020-08-28 |
2020-09-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. |
|
1147 |
CVE-2019-4533 |
20 |
|
DoS |
2020-08-28 |
2020-08-31 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. |
|
1148 |
CVE-2019-4366 |
200 |
|
+Info |
2020-08-03 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. |
|
1149 |
CVE-2018-1985 |
120 |
|
Overflow |
2020-08-24 |
2021-09-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. |
|
1150 |
CVE-2018-1501 |
306 |
|
+Info |
2020-08-26 |
2020-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. |
