|
210421
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.…
|
CWE-352
Origin Validation Error
|
CVE-2020-13350
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210422
|
5.5 |
MEDIUM
Local
|
gitlab
|
gitlab
|
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13…
|
NVD-CWE-noinfo
|
CVE-2020-13358
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210423
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied value…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-13354
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210424
|
3.2 |
LOW
Local
|
gitlab
|
gitaly
|
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13353
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210425
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.…
|
NVD-CWE-noinfo
|
CVE-2020-13352
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210426
|
5.4 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremain…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13773
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210427
|
5.3 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no …
|
NVD-CWE-noinfo
|
CVE-2020-13772
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210428
|
8.8 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
|
CWE-89
SQL Injection
|
CVE-2020-13769
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210429
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
|
CWE-269
Improper Privilege Management
|
CVE-2020-13638
|
2024-11-21 14:01 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210430
|
9.9 |
CRITICAL
Network
|
ivanti
|
endpoint_manager
|
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13774
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
