Security Vulnerabilities - CVEs Published In September 2020
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-09-30
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-09-30
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-09-30
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.
CVSS Score
4.8
EPSS Score
0.001
Published
2020-09-30
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-09-30
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.
CVSS Score
4.4
EPSS Score
0.001
Published
2020-09-30
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-09-30
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-30
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-09-30
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-09-30