{"vulnerability": "CVE-2019-2043", "sightings": [{"uuid": "370f08c0-1e2f-4b50-87d2-b07bc7d183d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20433", "type": "seen", "source": "https://t.me/cveNotify/456", "content": "\ud83d\udea8 CVE-2019-20433\nlibaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-27T21:37:49.000000Z"}, {"uuid": "9b6b6a08-ffda-4827-b9ab-71a4a7d47395", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20430", "type": "seen", "source": "https://t.me/cveNotify/436", "content": "\ud83d\udea8 CVE-2019-20430\nIn the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-27T08:37:48.000000Z"}, {"uuid": "68054c48-068d-4f4b-b5a4-5fc09e125f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20431", "type": "seen", "source": "https://t.me/cveNotify/437", "content": "\ud83d\udea8 CVE-2019-20431\nIn the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-27T08:37:49.000000Z"}, {"uuid": "16972808-246c-4596-a0d0-155ea8087aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20432", "type": "seen", "source": "https://t.me/cveNotify/438", "content": "\ud83d\udea8 CVE-2019-20432\nIn the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-27T08:37:50.000000Z"}, {"uuid": "d783efe7-ea4c-4fc8-a834-ada3695dfb6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20434", "type": "seen", "source": "https://t.me/cveNotify/495", "content": "\ud83d\udea8 CVE-2019-20434\nAn issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-28T08:37:39.000000Z"}, {"uuid": "28def555-d24a-47a3-82d5-2fdd40874628", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20435", "type": "seen", "source": "https://t.me/cveNotify/496", "content": "\ud83d\udea8 CVE-2019-20435\nAn issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-28T08:37:41.000000Z"}, {"uuid": "0ba9a304-8a48-457c-99f6-acf96a590884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20436", "type": "seen", "source": "https://t.me/cveNotify/497", "content": "\ud83d\udea8 CVE-2019-20436\nAn issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-28T08:37:43.000000Z"}, {"uuid": "911060e7-9c86-4684-b333-76da96174a19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20437", "type": "seen", "source": "https://t.me/cveNotify/498", "content": "\ud83d\udea8 CVE-2019-20437\nAn issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-28T08:37:44.000000Z"}, {"uuid": "6acd895c-2631-4049-a17e-cf6f4bc9914c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20438", "type": "seen", "source": "https://t.me/cveNotify/499", "content": "\ud83d\udea8 CVE-2019-20438\nAn issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-28T08:37:46.000000Z"}, {"uuid": "121f280e-90da-4e59-a860-977eadc4f441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20439", "type": "seen", "source": "https://t.me/cveNotify/500", "content": "\ud83d\udea8 CVE-2019-20439\nAn issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the \"manage the API\" page of the API Publisher.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-28T08:37:48.000000Z"}]}