|
209901
|
9.8 |
CRITICAL
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the…
|
CWE-269
Improper Privilege Management
|
CVE-2020-12757
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209902
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13271
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209903
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API
|
CWE-862
Missing Authorization
|
CVE-2020-13270
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209904
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13269
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209905
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and lat…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2020-13268
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209906
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13267
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209907
|
9.8 |
CRITICAL
Network
|
anydesk
|
anydesk
|
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-13160
|
2024-11-21 14:00 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209908
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions
|
CWE-862
Missing Authorization
|
CVE-2020-13266
|
2024-11-21 14:00 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209909
|
9.8 |
CRITICAL
Network
|
codedropz
|
drag_and_drop_multiple_file_upload_-_contact_form_7
|
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12800
|
2024-11-21 14:00 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209910
|
6.5 |
MEDIUM
Network
|
libreoffice
opensuse
fedoraproject
|
libreoffice
leap
fedora
|
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable f…
|
CWE-20
Improper Input Validation
|
CVE-2020-12803
|
2024-11-21 14:00 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
