|
221411
|
6.1 |
MEDIUM
Network
|
auth0
|
login_by_auth0
|
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20173
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221412
|
6.1 |
MEDIUM
Network
|
auth0
|
lock
|
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20174
|
2024-11-21 13:38 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221413
|
6.5 |
MEDIUM
Network
|
gnome
opensuse
fedoraproject
debian
canonical
netapp
|
librsvg
leap
fedora
debian_linux
ubuntu_linux
active_iq_unified_manager
|
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20446
|
2024-11-21 13:38 |
2020-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221414
|
7.8 |
HIGH
Local
|
trendmicro
|
anti-threat_toolkit
|
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary …
|
CWE-427
CWE-426
CWE-732
Uncontrolled Search Path Element
Untrusted Search Path
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-20358
|
2024-11-21 13:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221415
|
9.1 |
CRITICAL
Network
|
netty
debian
fedoraproject
canonical
redhat
apache
|
netty
debian_linux
fedora
ubuntu_linux
jboss_amq_clients
jboss_enterprise_application_platform
spark
|
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-20445
|
2024-11-21 13:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221416
|
9.1 |
CRITICAL
Network
|
netty
debian
fedoraproject
canonical
redhat
|
netty
debian_linux
fedora
ubuntu_linux
jboss_amq_clients
jboss_enterprise_application_platform
|
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invali…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-20444
|
2024-11-21 13:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221417
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-859_firmware
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishand…
|
CWE-78
OS Command
|
CVE-2019-20217
|
2024-11-21 13:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221418
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-859_firmware
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is misha…
|
CWE-78
OS Command
|
CVE-2019-20216
|
2024-11-21 13:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221419
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-859_firmware
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled.…
|
CWE-78
OS Command
|
CVE-2019-20215
|
2024-11-21 13:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221420
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20439
|
2024-11-21 13:38 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
