CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2019-19704 200 +Info 2020-08-08 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
1102 CVE-2019-19643 400 DoS 2020-08-14 2021-07-21
5.0
None Remote Low Not required None None Partial
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.
1103 CVE-2019-19499 89 Sql 2020-08-28 2022-04-28
4.0
None Remote Low ??? Partial None None
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
1104 CVE-2019-19455 732 Exec Code 2020-08-03 2022-04-28
7.2
None Local Low Not required Complete Complete Complete
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5.
1105 CVE-2019-19453 79 XSS 2020-08-03 2020-09-30
4.3
None Remote Medium Not required None Partial None
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5.
1106 CVE-2019-18847 295 Exec Code 2020-08-26 2020-09-01
7.5
None Remote Low Not required Partial Partial Partial
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.
1107 CVE-2019-17339 2020-08-11 2020-08-14
5.8
None Remote Medium Not required Partial Partial None
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.
1108 CVE-2019-16374 Bypass 2020-08-13 2020-08-19
7.5
None Remote Low Not required Partial Partial Partial
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
1109 CVE-2019-14904 20 2020-08-26 2022-04-22
6.1
None Local Low Not required Complete Partial Partial
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
1110 CVE-2019-14630 200 +Info 2020-08-13 2021-07-21
2.1
None Local Low Not required Partial None None
Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access.
1111 CVE-2019-14620 DoS 2020-08-13 2020-08-19
3.3
None Local Network Low Not required None None Partial
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access.
1112 CVE-2019-11862 863 2020-08-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
1113 CVE-2019-11859 120 Exec Code Overflow 2020-08-21 2022-02-09
9.0
None Remote Low ??? Complete Complete Complete
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
1114 CVE-2019-11858 120 Overflow 2020-08-21 2022-02-09
6.5
None Remote Low ??? Partial Partial Partial
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
1115 CVE-2019-11857 20 2020-08-21 2022-02-09
4.0
None Remote Low ??? Partial None None
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
1116 CVE-2019-11856 294 2020-08-21 2022-02-09
5.5
None Remote Low ??? None Partial Partial
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
1117 CVE-2019-11855 2020-08-21 2022-02-09
7.5
None Remote Low Not required Partial Partial Partial
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
1118 CVE-2019-11853 77 2020-08-21 2022-02-09
6.5
None Remote Low ??? Partial Partial Partial
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.
1119 CVE-2019-11852 125 2020-08-21 2022-02-09
6.4
None Remote Low Not required Partial None Partial
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
1120 CVE-2019-11850 787 Exec Code Overflow 2020-08-21 2022-02-09
4.6
None Local Low Not required Partial Partial Partial
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution
1121 CVE-2019-11849 787 Exec Code Overflow 2020-08-21 2022-02-09
4.6
None Local Low Not required Partial Partial Partial
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.
1122 CVE-2019-11848 787 2020-08-21 2022-02-09
6.5
None Remote Low ??? Partial Partial Partial
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
1123 CVE-2019-11847 269 2020-08-21 2020-10-19
7.2
None Local Low Not required Complete Complete Complete
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
1124 CVE-2019-7410 79 XSS 2020-08-14 2020-08-19
4.3
None Remote Medium Not required None Partial None
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).
1125 CVE-2019-7005 2020-08-07 2021-09-13
5.0
None Remote Low Not required Partial None None
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.
1126 CVE-2019-6258 120 Overflow 2020-08-18 2020-08-25
7.5
None Remote Low Not required Partial Partial Partial
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file.
1127 CVE-2019-6112 79 XSS 2020-08-14 2020-08-19
4.3
None Remote Medium Not required None Partial None
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
1128 CVE-2019-5591 200 +Info 2020-08-14 2021-07-21
3.3
None Local Network Low Not required Partial None None
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
1129 CVE-2019-5321 863 2020-08-26 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI.
1130 CVE-2019-5320 79 XSS 2020-08-26 2020-09-02
4.3
None Remote Medium Not required None Partial None
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.
1131 CVE-2019-4713 78 Exec Code 2020-08-26 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084.
1132 CVE-2019-4701 200 +Info 2020-08-26 2021-07-21
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936.
1133 CVE-2019-4699 209 2020-08-26 2020-08-27
4.0
None Remote Low ??? Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.
1134 CVE-2019-4698 521 2020-08-26 2020-08-27
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929.
1135 CVE-2019-4697 522 2020-08-26 2020-08-27
4.0
None Remote Low ??? Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.
1136 CVE-2019-4695 922 2020-08-26 2020-08-28
2.1
None Local Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.
1137 CVE-2019-4694 798 2020-08-26 2020-08-27
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832.
1138 CVE-2019-4693 522 2020-08-26 2020-08-27
2.1
None Local Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.
1139 CVE-2019-4692 200 +Info 2020-08-26 2021-07-21
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829.
1140 CVE-2019-4691 79 XSS 2020-08-26 2020-08-27
3.5
None Remote Medium ??? None Partial None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828.
1141 CVE-2019-4689 200 +Info 2020-08-26 2021-07-21
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826.
1142 CVE-2019-4688 565 2020-08-26 2020-08-27
4.3
None Remote Medium Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825.
1143 CVE-2019-4686 200 +Info 2020-08-26 2021-07-21
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822.
1144 CVE-2019-4589 269 2020-08-03 2020-08-03
4.0
None Remote Low ??? Partial None None
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
1145 CVE-2019-4582 22 Dir. Trav. 2020-08-13 2020-08-13
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.
1146 CVE-2019-4579 Bypass 2020-08-28 2020-09-03
4.0
None Remote Low ??? None Partial None
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.
1147 CVE-2019-4533 20 DoS 2020-08-28 2020-08-31
4.0
None Remote Low ??? None None Partial
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.
1148 CVE-2019-4366 200 +Info 2020-08-03 2021-07-21
5.0
None Remote Low Not required Partial None None
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.
1149 CVE-2018-1985 120 Overflow 2020-08-24 2021-09-08
4.9
None Local Low Not required None None Complete
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207.
1150 CVE-2018-1501 306 +Info 2020-08-26 2020-08-28
5.0
None Remote Low Not required Partial None None
IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.
Total number of vulnerabilities : 1155   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.