|
209661
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.…
|
NVD-CWE-noinfo
|
CVE-2020-13352
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209662
|
5.4 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremain…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13773
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209663
|
5.3 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no …
|
NVD-CWE-noinfo
|
CVE-2020-13772
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209664
|
8.8 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
|
CWE-89
SQL Injection
|
CVE-2020-13769
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209665
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
|
CWE-269
Improper Privilege Management
|
CVE-2020-13638
|
2024-11-21 14:01 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209666
|
9.9 |
CRITICAL
Network
|
ivanti
|
endpoint_manager
|
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13774
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209667
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-13771
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209668
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13770
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209669
|
7.8 |
HIGH
Local
|
moxa
|
mxview
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13537
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209670
|
7.8 |
HIGH
Local
|
moxa
|
mxview
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13536
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
