|
209961
|
5.3 |
MEDIUM
Network
|
ethereum
|
go_ethereum
|
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where…
|
CWE-682
Incorrect Calculation
|
CVE-2020-26265
|
2024-11-21 14:19 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209962
|
6.5 |
MEDIUM
Network
|
ethereum
|
go_ethereum
|
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetPr…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-26264
|
2024-11-21 14:19 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209963
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project se…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-26411
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209964
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.
|
CWE-200
Information Exposure
|
CVE-2020-26417
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209965
|
4.4 |
MEDIUM
Local
|
gitlab
|
gitlab
|
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-26416
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209966
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=1…
|
CWE-200
CWE-862
Information Exposure
Missing Authorization
|
CVE-2020-26415
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209967
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
|
CWE-200
Information Exposure
|
CVE-2020-26413
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209968
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
|
NVD-CWE-noinfo
|
CVE-2020-26412
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209969
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's p…
|
CWE-862
Missing Authorization
|
CVE-2020-26408
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209970
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2020-26409
|
2024-11-21 14:19 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
