|
220651
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.
|
NVD-CWE-noinfo
|
CVE-2020-10080
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220652
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10079
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220653
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10078
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220654
|
6.1 |
MEDIUM
Network
|
sygnoos
|
popup-builder
|
An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Aj…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10196
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220655
|
6.3 |
MEDIUM
Network
|
sygnoos
|
popup-builder
|
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.ph…
|
CWE-200
Information Exposure
|
CVE-2020-10195
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220656
|
8.0 |
HIGH
Network
|
microsoft
|
dynamics_nav
dynamics_365_business_central
|
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
|
NVD-CWE-noinfo
|
CVE-2020-0905
|
2024-11-21 13:54 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220657
|
9.8 |
CRITICAL
Network
|
microsoft
|
service_fabric
|
An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'.
|
NVD-CWE-noinfo
|
CVE-2020-0902
|
2024-11-21 13:54 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220658
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10
windows_server_2016
|
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CV…
|
NVD-CWE-noinfo
|
CVE-2020-0898
|
2024-11-21 13:54 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220659
|
7.8 |
HIGH
Local
|
microsoft
|
windows_server_2012
windows_10
windows_8.1
windows_server_2016
windows_rt_8.1
windows_server_2019
|
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CV…
|
NVD-CWE-noinfo
|
CVE-2020-0897
|
2024-11-21 13:54 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220660
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10
windows_server_2016
windows_server_2019
|
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-…
|
NVD-CWE-noinfo
|
CVE-2020-0896
|
2024-11-21 13:54 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
