Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 7.7 HIGH |
|
A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos
|
|||||
| CVE-2020-13321 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
|
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.
|
|||||
| CVE-2020-13320 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard.
|
|||||
| CVE-2020-13318 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 MEDIUM | 6.4 MEDIUM |
|
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
|
|||||
| CVE-2020-13316 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
|
|||||
| CVE-2020-13315 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.
|
|||||
| CVE-2020-13310 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
|
|||||
| CVE-2020-13298 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.2 HIGH |
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
|
|||||
| CVE-2020-13297 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 MEDIUM | 3.8 LOW |
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.
|
|||||
| CVE-2020-13294 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 4.2 MEDIUM |
|
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
|
|||||
| CVE-2020-13293 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 6.3 MEDIUM |
|
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
|
|||||
| CVE-2020-13291 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.
|
|||||
| CVE-2020-13287 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues
|
|||||
| CVE-2020-13275 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 8.0 HIGH |
|
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
|
|||||
| CVE-2020-13274 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
|
|||||
| CVE-2020-13273 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
|
|||||
| CVE-2020-13268 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1
|
|||||
| CVE-2020-13249 | 3 Fedoraproject, Mariadb, Opensuse | 3 Fedora, Connector\/c, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
|
|||||
| CVE-2020-13136 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer.
|
|||||
| CVE-2020-13125 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
|
|||||
| CVE-2020-13100 | 1 Arista | 1 Cloudvision Exchange | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
|
|||||
| CVE-2020-12988 | 1 Amd | 122 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 119 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted.
|
|||||
| CVE-2020-12964 | 1 Amd | 1 Radeon Software | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.
|
|||||
| CVE-2020-12962 | 2 Amd, Microsoft | 2 Radeon Software, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.
|
|||||
| CVE-2020-12961 | 1 Amd | 90 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 87 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
|
|||||
| CVE-2020-12928 | 1 Amd | 1 Ryzen Master | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.
|
|||||
| CVE-2020-12927 | 1 Amd | 1 Vbios Flash Tool Software Development Kit | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.
|
|||||
| CVE-2020-12920 | 1 Amd | 1 Radeon Software | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.
|
|||||
| CVE-2020-12902 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
|
|||||
| CVE-2020-12900 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.
|
|||||
| CVE-2020-12899 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.
|
|||||
| CVE-2020-12897 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
|
|||||
| CVE-2020-12890 | 1 Amd | 1 Amd Generic Encapsulated Software Architecture | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.
|
|||||
| CVE-2020-12889 | 1 Misp | 1 Misp-maltego | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.
|
|||||
| CVE-2020-12880 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)
|
|||||
| CVE-2020-12856 | 3 Alberta, Health, Tracetogether | 3 Abtracetogether, Covidsafe, Tracetogether | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
|
|||||
| CVE-2020-12847 | 1 Pydio | 1 Cells | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where ...
Show More |
|||||
| CVE-2020-12821 | 1 Protocol | 1 Gossipsub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
|
|||||
| CVE-2020-12797 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
|
|||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
|
|||||