|
209801
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues
|
NVD-CWE-noinfo
|
CVE-2020-13287
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209802
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
|
CWE-863
Incorrect Authorization
|
CVE-2020-13284
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209803
|
7.5 |
HIGH
Network
|
microchip
|
atsama5d21c-cu_firmware
atsama5d21c-cur_firmware
atsama5d22c-cn_firmware
atsama5d22c-cnr_firmware
atsama5d22c-cu_firmware
atsama5d22c-cur_firmware
atsama5d23c-cn_firmware
atsama5…
|
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12789
|
2024-11-21 14:00 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209804
|
7.5 |
HIGH
Network
|
microchip
|
atsama5d21c-cu_firmware
atsama5d21c-cur_firmware
atsama5d22c-cn_firmware
atsama5d22c-cnr_firmware
atsama5d22c-cu_firmware
atsama5d22c-cur_firmware
atsama5d23c-cn_firmware
atsama5…
|
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-12788
|
2024-11-21 14:00 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209805
|
7.5 |
HIGH
Network
|
microchip
|
atsama5d21c-cu_firmware
atsama5d21c-cur_firmware
atsama5d22c-cn_firmware
atsama5d22c-cnr_firmware
atsama5d22c-cu_firmware
atsama5d22c-cur_firmware
atsama5d23c-cn_firmware
atsama5…
|
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
|
NVD-CWE-noinfo
|
CVE-2020-12787
|
2024-11-21 14:00 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209806
|
8.8 |
HIGH
Network
|
loway
|
queuemetrics
|
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter.
|
CWE-89
SQL Injection
|
CVE-2020-13127
|
2024-11-21 14:00 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209807
|
7.2 |
HIGH
Network
|
openfind
|
mail2000
|
Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.
|
NVD-CWE-noinfo
|
CVE-2020-12776
|
2024-11-21 14:00 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209808
|
3.8 |
LOW
Local
|
qemu
canonical
debian
|
qemu
ubuntu_linux
debian_linux
|
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engi…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-12829
|
2024-11-21 14:00 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209809
|
8.8 |
HIGH
Network
|
seczetta
|
neprofile
|
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flo…
|
CWE-74
Injection
|
CVE-2020-12855
|
2024-11-21 14:00 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209810
|
7.5 |
HIGH
Network
|
oasis-open
|
oasis_digital_signature_services
|
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML sign…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-13101
|
2024-11-21 14:00 |
2020-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
