Security Vulnerabilities - CVEs Published In November 2020
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-17
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-17
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-17
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.
CVSS Score
9.8
EPSS Score
0.008
Published
2020-11-17
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-17
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
CVSS Score
6.5
EPSS Score
0.029
Published
2020-11-17
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-11-17
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
CVSS Score
8.8
EPSS Score
0.025
Published
2020-11-17
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVSS Score
5.7
EPSS Score
0.001
Published
2020-11-17
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-11-17