|
209671
|
8.8 |
HIGH
Network
|
telerik
|
fiddler
|
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the …
|
NVD-CWE-noinfo
|
CVE-2020-13661
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209672
|
7.5 |
HIGH
Network
|
gitlab
|
runner
|
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2…
|
NVD-CWE-noinfo
|
CVE-2020-13327
|
2024-11-21 14:01 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209673
|
8.8 |
HIGH
Network
|
rconfig
|
rconfig
|
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
|
CWE-78
OS Command
|
CVE-2020-13778
|
2024-11-21 14:01 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209674
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
|
CWE-843
Type Confusion
|
CVE-2020-13341
|
2024-11-21 14:01 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209675
|
4.6 |
MEDIUM
Physics
|
oneplus
|
app_locker
|
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
|
CWE-862
Missing Authorization
|
CVE-2020-13626
|
2024-11-21 14:01 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209676
|
4.4 |
MEDIUM
Local
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authentic…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-13344
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209677
|
8.7 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
|
CWE-79
Cross-site Scripting
|
CVE-2020-13340
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209678
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13339
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209679
|
2.7 |
LOW
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-13342
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209680
|
9.1 |
CRITICAL
Network
|
gitlab
|
gitlab
|
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows t…
|
CWE-22
Path Traversal
|
CVE-2020-13347
|
2024-11-21 14:01 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
