Monthly Archive: December 2020

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the...

Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go’s standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the...

** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle...

Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17. Date published : 2020-12-17 https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html

Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. Date published : 2020-12-17 https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html

Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17. Date published : 2020-12-17 https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html

Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. Date published : 2020-12-17 https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. Date published : 2020-12-17 https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a...

Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. Date published : 2020-12-17 https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336/

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient...

A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program...

If Apache TomEE 8.0.0-M1 – 8.0.3, 7.1.0 – 7.1.3, 7.0.0-M1 – 7.0.8, 1.0.0 – 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened...

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can...