A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI...
E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. Date published : 2020-01-30 https://security.netapp.com/advisory/ntap-20200129-0001/
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. Date published : 2020-01-30 https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266 https://lists.debian.org/debian-lts-announce/2020/02/msg00008.html
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with...
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated...
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via...
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within...
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet...
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because...
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. Date published : 2020-01-30...
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. Date published : 2020-01-30 JetBrains Security Bulletin Q4 2019 Home
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. Date published : 2020-01-30 JetBrains Security Bulletin Q4 2019 Home
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. Date published : 2020-01-30 JetBrains Security Bulletin Q4 2019 Home
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. Date published : 2020-01-30 JetBrains Security Bulletin Q4 2019 Home