Security Vulnerabilities - CVEs Published In October 2020
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".
CVSS Score
9.1
EPSS Score
0.001
Published
2020-10-02
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.
CVSS Score
7.2
EPSS Score
0.001
Published
2020-10-02
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-10-02
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting.
CVSS Score
9.3
EPSS Score
0.003
Published
2020-10-02
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.
CVSS Score
9.3
EPSS Score
0.003
Published
2020-10-02
A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.
CVSS Score
8.1
EPSS Score
0.044
Published
2020-10-02
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.
CVSS Score
7.2
EPSS Score
0.128
Published
2020-10-02
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-10-02
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-10-02
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.
CVSS Score
4.4
EPSS Score
0.001
Published
2020-10-02