Security Vulnerabilities - CVEs Published In March 2020
An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-10
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-10
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-03-10
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
CVSS Score
5.8
EPSS Score
0.002
Published
2020-03-10
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
CVSS Score
3.9
EPSS Score
0.093
Published
2020-03-10
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-03-10
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-03-10
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
CVSS Score
5.5
EPSS Score
0.004
Published
2020-03-10
An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-10
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
CVSS Score
3.9
EPSS Score
0.001
Published
2020-03-10