|
212471
|
7.5 |
HIGH
Network
|
mitsubishielectric
|
melsec_iq-r00cpu_firmware
melsec_iq-r01cpu_firmware
melsec_iq-r02cpu_firmware
melsec_iq-r04cpu_firmware
melsec_iq-r08cpu_firmware
melsec_iq-r16cpu_firmware
melsec_iq-r32cpu_firmware…
|
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-13238
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212472
|
7.5 |
HIGH
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-13223
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212473
|
9.8 |
CRITICAL
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the…
|
CWE-269
Improper Privilege Management
|
CVE-2020-12757
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212474
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13271
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212475
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API
|
CWE-862
Missing Authorization
|
CVE-2020-13270
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212476
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13269
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212477
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and lat…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2020-13268
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212478
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
|
CWE-79
Cross-site Scripting
|
CVE-2020-13267
|
2024-11-21 14:00 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212479
|
9.8 |
CRITICAL
Network
|
anydesk
|
anydesk
|
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-13160
|
2024-11-21 14:00 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212480
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions
|
CWE-862
Missing Authorization
|
CVE-2020-13266
|
2024-11-21 14:00 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
