Skip to main content
CVE-2020-10955 MEDIUM This Month

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-10952 MEDIUM This Month

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Docker Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-8551 MEDIUM PATCH This Month

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Kubernetes Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-10510 MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ehrd
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-10509 MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ehrd
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7918 MEDIUM This Month

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Totemomail
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-1771 MEDIUM This Month

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-8552 MEDIUM PATCH This Month

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Denial Of Service Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
2.4%
CVE-2020-1770 MEDIUM This Month

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Backports Sle Leap Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-1769 MEDIUM This Month

In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Backports Sle Leap
NVD
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy