Security Vulnerabilities - CVEs Published In September 2020
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-09-14
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
CVSS Score
8.8
EPSS Score
0.07
Published
2020-09-14
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-09-14
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-09-14
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
CVSS Score
6.4
EPSS Score
0.001
Published
2020-09-14
Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
CVSS Score
7.6
EPSS Score
0.001
Published
2020-09-14
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-09-14
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
CVSS Score
7.5
EPSS Score
0.007
Published
2020-09-14
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
CVSS Score
9.8
EPSS Score
0.006
Published
2020-09-14
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-09-14