Monthly Archive: November 2020

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. Date published : 2020-11-16...

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as...

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed...

In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from...

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists...

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. Date published : 2020-11-16 https://phpgurukul.com/ https://systemweakness.com/cve-2020-25952-f60fff8ffac

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). Date published : 2020-11-16 https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600 https://www.cybereagle.io/blog/cve-2020-25834/

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. Date published : 2020-11-16 https://softwaresupport.softwaregrp.com/doc/KM03763397

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. Date published : 2020-11-16 https://softwaresupport.softwaregrp.com/doc/KM03763396

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software...

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home