|
211871
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
|
NVD-CWE-noinfo
|
CVE-2020-26412
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211872
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's p…
|
CWE-862
Missing Authorization
|
CVE-2020-26408
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211873
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2020-26409
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211874
|
3.3 |
LOW
Local
|
google
|
tensorflow
|
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a q…
|
CWE-20
Improper Input Validation
|
CVE-2020-26270
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211875
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-26269
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211876
|
7.8 |
HIGH
Local
|
google
|
tensorflow
|
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation o…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-26267
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211877
|
5.3 |
MEDIUM
Local
|
google
|
tensorflow
|
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-26266
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211878
|
9.8 |
CRITICAL
Network
|
askey
|
ap5100w_firmware
|
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to t…
|
CWE-521
Weak Password Requirements
|
CVE-2020-26201
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211879
|
4.4 |
MEDIUM
Local
|
google
|
tensorflow
|
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor i…
|
NVD-CWE-Other
|
CVE-2020-26268
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211880
|
8.8 |
HIGH
Network
|
fastadmin
|
fastadmin
|
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
|
CWE-74
Injection
|
CVE-2020-25967
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
