|
223451
|
4.8 |
MEDIUM
Network
|
nopcommerce
|
nopcommerce
|
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogCo…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19682
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223452
|
5.4 |
MEDIUM
Network
|
xpand-it
|
xray_test_mangaement
|
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19679
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223453
|
5.4 |
MEDIUM
Network
|
xpand-it
|
xray_test_mangaement
|
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test is…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19678
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223454
|
5.5 |
MEDIUM
Local
|
sqlite
netapp
oracle
tenable
siemens
|
sqlite
cloud_backup
ontap_select_deploy_administration_utility
mysql_workbench
tenable.sc
sinec_infrastructure_network_services
|
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-19645
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223455
|
7.8 |
HIGH
Local
|
virustotal
fedoraproject
|
yara
fedora
|
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, re…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19648
|
2024-11-21 13:35 |
2019-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223456
|
7.8 |
HIGH
Local
|
radare
fedoraproject
|
radare2
fedora
|
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19647
|
2024-11-21 13:35 |
2019-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223457
|
8.8 |
HIGH
Network
|
supermicro
|
x8sti-f_bios
x8sti-f_firmware
|
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP a…
|
CWE-78
OS Command
|
CVE-2019-19642
|
2024-11-21 13:35 |
2019-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223458
|
7.8 |
HIGH
Local
|
htmldoc_project
debian
fedoraproject
|
htmldoc
debian_linux
fedora
|
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19630
|
2024-11-21 13:35 |
2019-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223459
|
5.3 |
MEDIUM
Network
|
ros
|
sros2
|
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys f…
|
CWE-200
Information Exposure
|
CVE-2019-19627
|
2024-11-21 13:35 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223460
|
5.3 |
MEDIUM
Network
|
ros
|
sros2
|
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky…
|
CWE-200
Information Exposure
|
CVE-2019-19625
|
2024-11-21 13:35 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
