CVE-2020-10940

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

Source: CVE-2020-10940

CVE-2020-10939

Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.

Source: CVE-2020-10939

CVE-2020-6095

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Source: CVE-2020-6095

CVE-2020-10953

In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

Source: CVE-2020-10953

CVE-2020-10954

GitLab through 12.9 is affected by a potential DoS in repository archive download.

Source: CVE-2020-10954

CVE-2020-10956

GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

Source: CVE-2020-10956

CVE-2020-10955

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

Source: CVE-2020-10955

CVE-2020-10817

The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.

Source: CVE-2020-10817

CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

Source: CVE-2020-10952

CVE-2020-5862

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.

Source: CVE-2020-5862