|
211101
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-13771
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211102
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13770
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211103
|
7.8 |
HIGH
Local
|
moxa
|
mxview
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13537
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211104
|
7.8 |
HIGH
Local
|
moxa
|
mxview
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13536
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211105
|
8.8 |
HIGH
Network
|
telerik
|
fiddler
|
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the …
|
NVD-CWE-noinfo
|
CVE-2020-13661
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211106
|
7.5 |
HIGH
Network
|
gitlab
|
runner
|
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2…
|
NVD-CWE-noinfo
|
CVE-2020-13327
|
2024-11-21 14:01 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211107
|
8.8 |
HIGH
Network
|
rconfig
|
rconfig
|
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
|
CWE-78
OS Command
|
CVE-2020-13778
|
2024-11-21 14:01 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211108
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
|
CWE-843
Type Confusion
|
CVE-2020-13341
|
2024-11-21 14:01 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211109
|
4.6 |
MEDIUM
Physics
|
oneplus
|
app_locker
|
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
|
CWE-862
Missing Authorization
|
CVE-2020-13626
|
2024-11-21 14:01 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211110
|
4.4 |
MEDIUM
Local
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authentic…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-13344
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
