|
209231
|
6.8 |
MEDIUM
Physics
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browse…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15774
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209232
|
4.9 |
MEDIUM
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2020-15772
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209233
|
7.5 |
HIGH
Network
|
gradle
|
enterprise_cache_node
enterprise
|
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigatio…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-15771
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209234
|
5.5 |
MEDIUM
Local
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-15770
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209235
|
6.1 |
MEDIUM
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15769
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209236
|
5.3 |
MEDIUM
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the abili…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-15767
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209237
|
7.5 |
HIGH
Network
|
gradle
|
enterprise_cache_node
enterprise
|
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to ob…
|
NVD-CWE-Other
|
CVE-2020-15768
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209238
|
7.5 |
HIGH
Network
|
wibu
|
codemeter
|
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
|
-
|
CVE-2020-16233
|
2024-11-21 14:06 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209239
|
7.5 |
HIGH
Network
|
gallagher
|
command_centre
|
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3),…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-16101
|
2024-11-21 14:06 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209240
|
7.5 |
HIGH
Network
|
gallagher
|
command_centre
|
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-16100
|
2024-11-21 14:06 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
