|
212281
|
5.9 |
MEDIUM
Network
|
ciphermail
|
webmail_messenger
gateway
|
An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtu…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-12714
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212282
|
7.2 |
HIGH
Network
|
ciphermail
|
webmail_messenger
gateway
|
An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative…
|
CWE-269
Improper Privilege Management
|
CVE-2020-12713
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212283
|
7.5 |
HIGH
Network
|
mitsubishielectric
|
melsec_iq-r00cpu_firmware
melsec_iq-r01cpu_firmware
melsec_iq-r02cpu_firmware
melsec_iq-r04cpu_firmware
melsec_iq-r08cpu_firmware
melsec_iq-r16cpu_firmware
melsec_iq-r32cpu_firmware…
|
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-13238
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212284
|
7.5 |
HIGH
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-13223
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212285
|
9.8 |
CRITICAL
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the…
|
CWE-269
Improper Privilege Management
|
CVE-2020-12757
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212286
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13271
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212287
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API
|
CWE-862
Missing Authorization
|
CVE-2020-13270
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212288
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13269
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212289
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and lat…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2020-13268
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212290
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13267
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
