| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
701 |
CVE-2019-15725 |
200 |
|
+Info |
2019-09-16 |
2019-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. |
|
702 |
CVE-2019-15724 |
74 |
|
|
2019-09-16 |
2019-09-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. |
|
703 |
CVE-2019-15723 |
732 |
|
Bypass |
2019-09-16 |
2019-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. |
|
704 |
CVE-2019-15722 |
400 |
|
|
2019-09-16 |
2019-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. |
|
705 |
CVE-2019-15721 |
732 |
|
|
2019-09-16 |
2019-09-17 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. |
|
706 |
CVE-2019-15718 |
284 |
|
|
2019-09-04 |
2019-09-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. |
|
707 |
CVE-2019-15716 |
275 |
|
|
2019-08-28 |
2019-09-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults. |
|
708 |
CVE-2019-15714 |
22 |
|
Dir. Trav. |
2019-08-28 |
2019-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. |
|
709 |
CVE-2019-15713 |
79 |
|
XSS |
2019-08-28 |
2019-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The my-calendar plugin before 3.1.10 for WordPress has XSS. |
|
710 |
CVE-2019-15702 |
399 |
|
|
2019-08-27 |
2019-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. |
|
711 |
CVE-2019-15701 |
78 |
|
Exec Code |
2019-08-27 |
2019-08-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name. |
|
712 |
CVE-2019-15700 |
79 |
|
XSS |
2019-08-27 |
2019-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. |
|
713 |
CVE-2019-15699 |
125 |
|
|
2019-09-24 |
2019-09-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. |
|
714 |
CVE-2019-15698 |
200 |
|
+Info |
2019-08-27 |
2019-08-29 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. |
|
715 |
CVE-2019-15660 |
352 |
|
CSRF |
2019-08-27 |
2019-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The wp-members plugin before 3.2.8 for WordPress has CSRF. |
|
716 |
CVE-2019-15650 |
264 |
|
|
2019-08-27 |
2019-08-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. |
|
717 |
CVE-2019-15649 |
434 |
|
|
2019-08-27 |
2019-08-30 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. |
|
718 |
CVE-2019-15648 |
284 |
|
|
2019-08-27 |
2019-08-29 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. |
|
719 |
CVE-2019-15647 |
94 |
|
Exec Code |
2019-08-27 |
2019-08-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. |
|
720 |
CVE-2019-15645 |
352 |
|
CSRF |
2019-08-27 |
2019-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. |
|
721 |
CVE-2019-15644 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. |
|
722 |
CVE-2019-15643 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. |
|
723 |
CVE-2019-15642 |
94 |
|
Exec Code |
2019-08-26 |
2019-09-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users." |
|
724 |
CVE-2019-15641 |
611 |
|
|
2019-08-26 |
2019-08-30 |
6.8 |
None |
Remote |
Low |
Single system |
Complete |
None |
None |
|
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi. |
|
725 |
CVE-2019-15640 |
20 |
|
|
2019-08-26 |
2019-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. |
|
726 |
CVE-2019-15639 |
20 |
|
|
2019-09-09 |
2019-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. |
|
727 |
CVE-2019-15637 |
611 |
|
|
2019-08-26 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. |
|
728 |
CVE-2019-15635 |
522 |
|
|
2019-09-23 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. |
|
729 |
CVE-2019-15630 |
22 |
|
Dir. Trav. |
2019-08-30 |
2019-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. |
|
730 |
CVE-2019-15553 |
200 |
|
+Info |
2019-08-26 |
2019-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory. |
|
731 |
CVE-2019-15550 |
125 |
|
|
2019-08-26 |
2019-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary. |
|
732 |
CVE-2019-15549 |
399 |
|
|
2019-08-26 |
2019-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. |
|
733 |
CVE-2019-15547 |
134 |
|
|
2019-08-26 |
2019-08-29 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. |
|
734 |
CVE-2019-15546 |
134 |
|
|
2019-08-26 |
2019-08-29 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities. |
|
735 |
CVE-2019-15545 |
20 |
|
|
2019-08-26 |
2019-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures. |
|
736 |
CVE-2019-15544 |
400 |
|
|
2019-08-26 |
2019-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. |
|
737 |
CVE-2019-15542 |
399 |
|
|
2019-08-26 |
2019-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. |
|
738 |
CVE-2019-15541 |
88 |
|
DoS |
2019-08-26 |
2019-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable. |
|
739 |
CVE-2019-15532 |
79 |
|
XSS |
2019-08-26 |
2019-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. |
|
740 |
CVE-2019-15531 |
125 |
|
|
2019-08-23 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. |
|
741 |
CVE-2019-15525 |
295 |
|
|
2019-08-23 |
2019-08-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. |
|
742 |
CVE-2019-15520 |
22 |
|
Dir. Trav. |
2019-08-23 |
2019-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. |
|
743 |
CVE-2019-15518 |
22 |
|
Dir. Trav. |
2019-08-23 |
2019-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. |
|
744 |
CVE-2019-15517 |
22 |
|
Dir. Trav. |
2019-08-23 |
2019-08-27 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. |
|
745 |
CVE-2019-15516 |
22 |
|
Dir. Trav. |
2019-08-23 |
2019-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. |
|
746 |
CVE-2019-15515 |
352 |
|
CSRF |
2019-08-26 |
2019-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Discourse 2.3.2 sends the CSRF token in the query string. |
|
747 |
CVE-2019-15514 |
200 |
|
+Info |
2019-08-23 |
2019-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. |
|
748 |
CVE-2019-15508 |
532 |
|
|
2019-08-23 |
2019-08-27 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. |
|
749 |
CVE-2019-15507 |
532 |
|
|
2019-08-23 |
2019-08-27 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. |
|
750 |
CVE-2019-15502 |
20 |
|
|
2019-08-29 |
2019-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE). |
