|
209891
|
7.5 |
HIGH
Network
|
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced i…
|
CWE-20
Improper Input Validation
|
CVE-2020-13170
|
2024-11-21 14:00 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209892
|
5.3 |
MEDIUM
Network
|
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
|
NVD-CWE-noinfo
|
CVE-2020-12797
|
2024-11-21 14:00 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209893
|
7.5 |
HIGH
Network
|
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-12758
|
2024-11-21 14:00 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209894
|
7.2 |
HIGH
Network
|
redash
|
redash
|
Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is po…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-12725
|
2024-11-21 14:00 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209895
|
7.5 |
HIGH
Network
|
sos-berlin
|
jobscheduler
|
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-12712
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209896
|
7.0 |
HIGH
Local
|
pydio
|
cells
|
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction all…
|
CWE-269
Improper Privilege Management
|
CVE-2020-12850
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209897
|
5.9 |
MEDIUM
Network
|
ciphermail
|
webmail_messenger
gateway
|
An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtu…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-12714
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209898
|
7.2 |
HIGH
Network
|
ciphermail
|
webmail_messenger
gateway
|
An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative…
|
CWE-269
Improper Privilege Management
|
CVE-2020-12713
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209899
|
7.5 |
HIGH
Network
|
mitsubishielectric
|
melsec_iq-r00cpu_firmware
melsec_iq-r01cpu_firmware
melsec_iq-r02cpu_firmware
melsec_iq-r04cpu_firmware
melsec_iq-r08cpu_firmware
melsec_iq-r16cpu_firmware
melsec_iq-r32cpu_firmware…
|
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-13238
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209900
|
7.5 |
HIGH
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-13223
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
