| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-6695 |
|
|
2019-08-23 |
N/A |
| Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods. |
| CVE-2019-5594 |
|
|
2019-08-23 |
N/A |
| An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. |
| CVE-2019-1552 |
1 Openssl |
1 Openssl |
2019-08-23 |
1.9 |
| OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix /... |
| CVE-2019-15092 |
|
|
2019-08-23 |
N/A |
| The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the... |
| CVE-2019-14524 |
1 Schismtracker |
1 Schism Tracker |
2019-08-23 |
6.8 |
| An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. |
| CVE-2019-14523 |
1 Schismtracker |
1 Schism Tracker |
2019-08-23 |
6.8 |
| An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. |
| CVE-2019-12400 |
|
|
2019-08-23 |
N/A |
| In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation... |
| CVE-2018-13367 |
|
|
2019-08-23 |
N/A |
| An information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. |
| CVE-2019-15119 |
1 Nps Project |
1 Nps |
2019-08-23 |
5.8 |
| lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. |
| CVE-2019-11522 |
1 Open-xchange |
1 Open-xchange Appsuite |
2019-08-23 |
3.5 |
| OX App Suite 7.10.0 to 7.10.2 allows XSS. |
| CVE-2019-15109 |
|
|
2019-08-23 |
4.3 |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. |
| CVE-2019-15291 |
1 Linux |
1 Linux Kernel |
2019-08-23 |
4.9 |
| An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. |
| CVE-2019-15290 |
1 Linux |
1 Linux Kernel |
2019-08-23 |
4.9 |
| An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver. |
| CVE-2019-7364 |
|
|
2019-08-23 |
N/A |
| DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version... |
| CVE-2019-7363 |
|
|
2019-08-23 |
N/A |
| Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution. |
| CVE-2019-7362 |
|
|
2019-08-23 |
N/A |
| DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution. |
| CVE-2019-6698 |
|
|
2019-08-23 |
N/A |
| Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided... |
| CVE-2019-5592 |
|
|
2019-08-23 |
N/A |
| Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep... |
| CVE-2017-18577 |
1 Ibericode |
1 Mailchimp |
2019-08-23 |
4.3 |
| The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg. |
| CVE-2017-18576 |
|
|
2019-08-23 |
4.3 |
| The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. |
