|
222161
|
9.1 |
CRITICAL
Network
|
netty
debian
fedoraproject
canonical
redhat
|
netty
debian_linux
fedora
ubuntu_linux
jboss_amq_clients
jboss_enterprise_application_platform
|
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invali…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-20444
|
2024-11-21 13:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222162
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-859_firmware
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishand…
|
CWE-78
OS Command
|
CVE-2019-20217
|
2024-11-21 13:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222163
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-859_firmware
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is misha…
|
CWE-78
OS Command
|
CVE-2019-20216
|
2024-11-21 13:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222164
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-859_firmware
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled.…
|
CWE-78
OS Command
|
CVE-2019-20215
|
2024-11-21 13:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222165
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20439
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222166
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20438
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222167
|
6.1 |
MEDIUM
Network
|
wso2
|
api_manager
identity_server
|
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20437
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222168
|
6.1 |
MEDIUM
Network
|
wso2
|
api_manager
identity_server
|
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a u…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20436
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222169
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a har…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20435
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222170
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20434
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
