Security Vulnerabilities - CVEs Published In November 2020
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
CVSS Score
5.4
EPSS Score
0.566
Published
2020-11-16
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
CVSS Score
5.4
EPSS Score
0.177
Published
2020-11-16
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-11-16
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-11-16
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
CVSS Score
8.8
EPSS Score
0.058
Published
2020-11-16
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.
CVSS Score
5.3
EPSS Score
0.02
Published
2020-11-16
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-11-16
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
CVSS Score
9.8
EPSS Score
0.023
Published
2020-11-16
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-11-16