Monthly Archive: October 2020

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. Date published : 2020-10-29 https://www.broadleafcommerce.com/docs/core/5.1/release-notes/5.1.15-ga

A null pointer dereference flaw was found in samba’s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial...

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build...

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build...

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build...

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. Date published : 2020-10-28 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Date published : 2020-10-28 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Date published : 2020-10-28 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Date published : 2020-10-28 http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages....

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the...

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Date published : 2020-10-28 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Date published : 2020-10-28 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Date published : 2020-10-28 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601