|
219731
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a har…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20435
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219732
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20434
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219733
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
identity_server
enterprise_integrator
|
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20443
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219734
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
identity_server
enterprise_integrator
|
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20442
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219735
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20441
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219736
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20440
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219737
|
9.1 |
CRITICAL
Network
|
gnu
|
aspell
|
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20433
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219738
|
7.5 |
HIGH
Network
|
lustre
|
lustre
|
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack doe…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20432
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219739
|
7.5 |
HIGH
Network
|
lustre
|
lustre
|
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client.…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20431
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219740
|
7.5 |
HIGH
Network
|
lustre
|
lustre
|
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
|
CWE-20
CWE-670
Improper Input Validation
Always-Incorrect Control Flow Implementation
|
CVE-2019-20430
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
