|
214631
|
4.8 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12276
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214632
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
|
NVD-CWE-noinfo
|
CVE-2020-12275
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214633
|
5.5 |
MEDIUM
Local
|
grafana
fedoraproject
|
grafana
fedora
|
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world reada…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-12459
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214634
|
5.5 |
MEDIUM
Local
|
grafana
redhat
fedoraproject
|
grafana
ceph_storage
enterprise_linux
fedora
|
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposur…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-12458
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214635
|
7.8 |
HIGH
Local
|
gskill
|
trident_z_lighting_control
|
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input f…
|
NVD-CWE-noinfo
|
CVE-2020-12446
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214636
|
6.2 |
MEDIUM
Network
|
gigamon
|
gigavue
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12252
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214637
|
2.2 |
LOW
Network
|
gigamon
|
gigavue
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve dir…
|
CWE-22
Path Traversal
|
CVE-2020-12251
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214638
|
8.8 |
HIGH
Network
|
beeline
|
smart_box_firmware
|
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute tra…
|
CWE-78
OS Command
|
CVE-2020-12246
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214639
|
7.5 |
HIGH
Network
|
onkyo
|
tx-nr585_firmware
|
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as d…
|
CWE-22
Path Traversal
|
CVE-2020-12447
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214640
|
9.8 |
CRITICAL
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequen…
|
CWE-22
Path Traversal
|
CVE-2020-12443
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
