|
225731
|
6.5 |
MEDIUM
Network
|
libwav_project
|
libwav
|
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19698
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225732
|
9.8 |
CRITICAL
Network
|
sqlite
siemens
tenable
oracle
netapp
|
sqlite
sinec_infrastructure_network_services
tenable.sc
mysql_workbench
cloud_backup
ontap_select_deploy_administration_utility
|
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2019-19646
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225733
|
7.5 |
HIGH
Network
|
sqlite
oracle
siemens
apache
netapp
|
sqlite
mysql_workbench
sinec_infrastructure_network_services
guacamole
cloud_backup
ontap_select_deploy_administration_utility
|
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
|
NVD-CWE-noinfo
|
CVE-2019-19603
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225734
|
8.8 |
HIGH
Network
|
openstack
|
keystone
|
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-19687
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225735
|
8.8 |
HIGH
Network
|
nopcommerce
|
nopcommerce
|
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.
|
CWE-352
Origin Validation Error
|
CVE-2019-19685
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225736
|
8.8 |
HIGH
Network
|
nopcommerce
|
nopcommerce
|
nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19684
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225737
|
9.1 |
CRITICAL
Network
|
nopcommerce
|
nopcommerce
|
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFileman…
|
CWE-22
Path Traversal
|
CVE-2019-19683
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225738
|
4.8 |
MEDIUM
Network
|
nopcommerce
|
nopcommerce
|
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogCo…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19682
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225739
|
5.4 |
MEDIUM
Network
|
xpand-it
|
xray_test_mangaement
|
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19679
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225740
|
5.4 |
MEDIUM
Network
|
xpand-it
|
xray_test_mangaement
|
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test is…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19678
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
