|
223221
|
4.8 |
MEDIUM
Adjacent
|
microfocus
|
solutions_business_manager
|
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18944
|
2024-11-21 13:33 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223222
|
8.0 |
HIGH
Adjacent
|
microfocus
|
solutions_business_manager
|
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
|
CWE-611
XXE
|
CVE-2019-18943
|
2024-11-21 13:33 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223223
|
4.8 |
MEDIUM
Adjacent
|
microfocus
|
solutions_business_manager
|
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18942
|
2024-11-21 13:33 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223224
|
7.8 |
HIGH
Local
|
autotrace_project
fedoraproject
|
autotrace
fedora
|
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.
|
CWE-415
Double Free
|
CVE-2019-19005
|
2024-11-21 13:33 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223225
|
3.3 |
LOW
Local
|
autotrace_project
fedoraproject
|
autotrace
fedora
|
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-19004
|
2024-11-21 13:33 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223226
|
9.8 |
CRITICAL
Network
|
sparkdevnetwork
|
rock_rms
|
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypass…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-18643
|
2024-11-21 13:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223227
|
9.8 |
CRITICAL
Network
|
sparkdevnetwork
|
rock_rms
|
Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any u…
|
NVD-CWE-noinfo
|
CVE-2019-18642
|
2024-11-21 13:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223228
|
6.5 |
MEDIUM
Network
|
un4seen
|
bass
|
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-18796
|
2024-11-21 13:33 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223229
|
6.5 |
MEDIUM
Network
|
un4seen
|
bass
|
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensiti…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-18795
|
2024-11-21 13:33 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223230
|
6.5 |
MEDIUM
Network
|
un4seen
|
bass
|
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive informat…
|
CWE-416
Use After Free
|
CVE-2019-18794
|
2024-11-21 13:33 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
