|
213651
|
7.8 |
HIGH
Local
|
moxa
|
mxview
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13536
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213652
|
8.8 |
HIGH
Network
|
telerik
|
fiddler
|
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the …
|
NVD-CWE-noinfo
|
CVE-2020-13661
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213653
|
7.5 |
HIGH
Network
|
gitlab
|
runner
|
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2…
|
NVD-CWE-noinfo
|
CVE-2020-13327
|
2024-11-21 14:01 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213654
|
8.8 |
HIGH
Network
|
rconfig
|
rconfig
|
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
|
CWE-78
OS Command
|
CVE-2020-13778
|
2024-11-21 14:01 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213655
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
|
CWE-843
Type Confusion
|
CVE-2020-13341
|
2024-11-21 14:01 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213656
|
4.6 |
MEDIUM
Physics
|
oneplus
|
app_locker
|
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
|
CWE-862
Missing Authorization
|
CVE-2020-13626
|
2024-11-21 14:01 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213657
|
4.4 |
MEDIUM
Local
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authentic…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-13344
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213658
|
8.7 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
|
CWE-79
Cross-site Scripting
|
CVE-2020-13340
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213659
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13339
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213660
|
2.7 |
LOW
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-13342
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
