Security Vulnerabilities - CVEs Published In November 2020
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
7.5
EPSS Score
0.745
Published
2020-11-16
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
CVSS Score
9.8
EPSS Score
0.09
Published
2020-11-16
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox
CVSS Score
7.5
EPSS Score
0.137
Published
2020-11-16
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-11-16
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
CVSS Score
3.3
EPSS Score
0.0
Published
2020-11-16
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-11-16