|
222341
|
9.1 |
CRITICAL
Network
|
openstack
|
os-vif
|
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-15753
|
2024-11-21 13:29 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222342
|
7.8 |
HIGH
Local
|
cloudberrylab
|
backup
|
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that e…
|
CWE-269
Improper Privilege Management
|
CVE-2019-15720
|
2024-11-21 13:29 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222343
|
5.5 |
MEDIUM
Local
|
wtfutil
|
wtf
|
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsaf…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-15716
|
2024-11-21 13:29 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222344
|
5.3 |
MEDIUM
Network
|
entropic_project
|
entropic
|
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.
|
CWE-22
Path Traversal
|
CVE-2019-15714
|
2024-11-21 13:29 |
2019-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222345
|
6.1 |
MEDIUM
Network
|
my_calendar_project
|
my_calendar
|
The my-calendar plugin before 3.1.10 for WordPress has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15713
|
2024-11-21 13:29 |
2019-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222346
|
7.5 |
HIGH
Network
|
riot-os
|
riot
|
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-15702
|
2024-11-21 13:29 |
2019-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222347
|
8.8 |
HIGH
Network
|
bloodhound_project
|
bloodhound
|
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search …
|
CWE-78
OS Command
|
CVE-2019-15701
|
2024-11-21 13:29 |
2019-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222348
|
6.1 |
MEDIUM
Network
|
frappe
|
frappe
|
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15700
|
2024-11-21 13:29 |
2019-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222349
|
4.3 |
MEDIUM
Network
|
octopus
|
octopus_server
|
In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.
|
NVD-CWE-noinfo
|
CVE-2019-15698
|
2024-11-21 13:29 |
2019-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222350
|
8.8 |
HIGH
Network
|
butlerblog
|
wp-members
|
The wp-members plugin before 3.2.8 for WordPress has CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-15660
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
