|
223351
|
8.8 |
HIGH
Network
|
openstack
|
keystone
|
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-19687
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223352
|
8.8 |
HIGH
Network
|
nopcommerce
|
nopcommerce
|
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.
|
CWE-352
Origin Validation Error
|
CVE-2019-19685
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223353
|
8.8 |
HIGH
Network
|
nopcommerce
|
nopcommerce
|
nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19684
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223354
|
9.1 |
CRITICAL
Network
|
nopcommerce
|
nopcommerce
|
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFileman…
|
CWE-22
Path Traversal
|
CVE-2019-19683
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223355
|
4.8 |
MEDIUM
Network
|
nopcommerce
|
nopcommerce
|
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogCo…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19682
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223356
|
5.4 |
MEDIUM
Network
|
xpand-it
|
xray_test_mangaement
|
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19679
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223357
|
5.4 |
MEDIUM
Network
|
xpand-it
|
xray_test_mangaement
|
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test is…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19678
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223358
|
5.5 |
MEDIUM
Local
|
sqlite
netapp
oracle
tenable
siemens
|
sqlite
cloud_backup
ontap_select_deploy_administration_utility
mysql_workbench
tenable.sc
sinec_infrastructure_network_services
|
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-19645
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223359
|
7.8 |
HIGH
Local
|
virustotal
fedoraproject
|
yara
fedora
|
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, re…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19648
|
2024-11-21 13:35 |
2019-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223360
|
7.8 |
HIGH
Local
|
radare
fedoraproject
|
radare2
fedora
|
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19647
|
2024-11-21 13:35 |
2019-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
