|
210581
|
8.1 |
HIGH
Network
|
fraction
|
oasis
|
Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious we…
|
CWE-352
Origin Validation Error
|
CVE-2020-11003
|
2024-11-21 13:56 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210582
|
4.7 |
MEDIUM
Local
|
arm
fedoraproject
debian
|
mbed_tls
fedora
debian_linux
|
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) rec…
|
CWE-327
CWE-203
Use of a Broken or Risky Cryptographic Algorithm
Information Exposure Through Discrepancy
|
CVE-2020-10932
|
2024-11-21 13:56 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210583
|
5.5 |
MEDIUM
Local
|
windowshello_project
|
windowshello
|
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11005
|
2024-11-21 13:56 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210584
|
6.8 |
MEDIUM
Network
|
torchbox
|
wagtail
|
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision
comparison view within the Wagtail admin interface. A user with a limited-permission…
|
-
|
CVE-2020-11001
|
2024-11-21 13:56 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210585
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
|
NVD-CWE-noinfo
|
CVE-2020-10981
|
2024-11-21 13:56 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210586
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-10980
|
2024-11-21 13:56 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210587
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
|
NVD-CWE-noinfo
|
CVE-2020-10979
|
2024-11-21 13:56 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210588
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
|
NVD-CWE-noinfo
|
CVE-2020-10978
|
2024-11-21 13:56 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210589
|
8.8 |
HIGH
Network
|
dropwizard
|
dropwizard_validation
|
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to …
|
CWE-74
Injection
|
CVE-2020-11002
|
2024-11-21 13:56 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210590
|
5.5 |
MEDIUM
Local
|
gitlab
|
gitlab
|
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
|
CWE-22
Path Traversal
|
CVE-2020-10977
|
2024-11-21 13:56 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
