|
209681
|
6.5 |
MEDIUM
Adjacent
|
philips
|
clinical_collaboration_platform
|
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influe…
|
-
|
CVE-2020-16200
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209682
|
6.3 |
MEDIUM
Adjacent
|
philips
|
clinical_collaboration_platform
|
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
|
-
|
CVE-2020-16198
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209683
|
8.6 |
HIGH
Network
|
1crm
|
1crm
|
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-15958
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209684
|
6.5 |
MEDIUM
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duratio…
|
CWE-346
Origin Validation Error
|
CVE-2020-15773
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209685
|
8.8 |
HIGH
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15776
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209686
|
7.5 |
HIGH
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page i…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-15775
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209687
|
6.8 |
MEDIUM
Physics
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browse…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15774
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209688
|
4.9 |
MEDIUM
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2020-15772
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209689
|
7.5 |
HIGH
Network
|
gradle
|
enterprise_cache_node
enterprise
|
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigatio…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-15771
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209690
|
5.5 |
MEDIUM
Local
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-15770
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
