| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11520 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution. | ||
| CVE-2020-11519 | Hig | 0.51 | 7.8 | 0.01 | Jun 22, 2020 | The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution. | ||
| CVE-2020-10736 | Hig | 0.52 | 8.0 | 0.01 | Jun 22, 2020 | An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the… | ||
| CVE-2019-14894 | Hig | 0.52 | 8.0 | 0.04 | Jun 22, 2020 | A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on… | ||
| CVE-2020-6644 | Hig | 0.53 | 8.1 | 0.01 | Jun 22, 2020 | An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | ||
| CVE-2020-4062 | Hig | 0.50 | 8.7 | 0.01 | Jun 22, 2020 | In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the… | ||
| CVE-2020-13887 | Hig | 0.57 | 8.8 | 0.02 | Jun 22, 2020 | documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. | ||
| CVE-2020-13279 | Hig | 0.56 | 8.6 | 0.01 | Jun 22, 2020 | Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | ||
| CVE-2020-8933 | Hig | 0.00 | 7.8 | 0.00 | Jun 22, 2020 | A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and… | ||
| CVE-2020-8907 | Hig | 0.00 | 7.8 | 0.00 | Jun 22, 2020 | A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to… | ||
| CVE-2020-8903 | Hig | 0.00 | 7.8 | 0.00 | Jun 22, 2020 | A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read… | ||
| CVE-2020-14461 | Hig | 0.60 | 8.6 | 0.10 | Jun 22, 2020 | Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | ||
| CVE-2020-14204 | Hig | 0.53 | 8.2 | 0.02 | Jun 22, 2020 | In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is… | ||
| CVE-2020-14203 | Hig | 0.57 | 8.8 | 0.00 | Jun 22, 2020 | WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with… | ||
| CVE-2020-14969 | Hig | 0.49 | 7.5 | 0.01 | Jun 22, 2020 | app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. | ||
| CVE-2020-14966 | — | Hig | 0.42 | 7.5 | 0.01 | Jun 22, 2020 | An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid.… | |
| CVE-2020-8102 | Hig | 0.57 | 8.8 | 0.01 | Jun 22, 2020 | Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior… | ||
| CVE-2020-3676 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953,… | ||
| CVE-2020-3665 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,… | ||
| CVE-2020-3642 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150,… | ||
| CVE-2020-3635 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917,… | ||
| CVE-2020-3626 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W,… | ||
| CVE-2020-3613 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150 | ||
| CVE-2019-14094 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial… | ||
| CVE-2019-14091 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55,… | ||
| CVE-2019-14076 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,… | ||
| CVE-2019-14047 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,… | ||
| CVE-2019-10597 | Hig | 0.51 | 7.8 | 0.00 | Jun 22, 2020 | kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996,… | ||
| CVE-2020-14960 | Hig | 0.47 | 7.2 | 0.02 | Jun 22, 2020 | A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, | ||
| CVE-2020-14950 | Hig | 0.57 | 8.8 | 0.03 | Jun 21, 2020 | aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | ||
| CVE-2020-14933 | Hig | 0.57 | 8.8 | 0.01 | Jun 20, 2020 | compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup… | ||
| CVE-2020-13263 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2020 | An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | ||
| CVE-2020-13276 | Hig | 0.48 | 7.4 | 0.01 | Jun 19, 2020 | User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | ||
| CVE-2020-13275 | Hig | 0.52 | 8.0 | 0.01 | Jun 19, 2020 | A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | ||
| CVE-2020-13274 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2020 | A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | ||
| CVE-2020-13273 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2020 | A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | ||
| CVE-2020-13272 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2020 | OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | ||
| CVE-2020-14930 | Hig | 0.56 | 8.1 | 0.03 | Jun 19, 2020 | An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the… | ||
| CVE-2019-20891 | — | Hig | 0.50 | 8.8 | 0.01 | Jun 19, 2020 | WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | |
| CVE-2020-10750 | — | Hig | 0.39 | 7.1 | 0.00 | Jun 19, 2020 | Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials. | |
| CVE-2017-18917 | — | Hig | 0.42 | 7.5 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. | |
| CVE-2017-18906 | — | Hig | 0.46 | 8.1 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account. | |
| CVE-2016-11069 | — | Hig | 0.42 | 7.5 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | |
| CVE-2016-11066 | — | Hig | 0.42 | 7.5 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. | |
| CVE-2015-9548 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | ||
| CVE-2020-14929 | Hig | 0.49 | 7.5 | 0.02 | Jun 19, 2020 | Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | ||
| CVE-2017-18909 | — | Hig | 0.42 | 7.5 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |
| CVE-2017-18903 | — | Hig | 0.50 | 8.8 | 0.00 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | |
| CVE-2017-18894 | — | Hig | 0.53 | 8.1 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | |
| CVE-2017-18886 | — | Hig | 0.57 | 8.8 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. |
- risk 0.51cvss 7.8epss 0.00
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.
- risk 0.51cvss 7.8epss 0.01
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution.
- risk 0.52cvss 8.0epss 0.01
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the…
- risk 0.52cvss 8.0epss 0.04
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on…
- risk 0.53cvss 8.1epss 0.01
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
- risk 0.50cvss 8.7epss 0.01
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the…
- risk 0.57cvss 8.8epss 0.02
documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.
- risk 0.56cvss 8.6epss 0.01
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system
- risk 0.00cvss 7.8epss 0.00
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and…
- risk 0.00cvss 7.8epss 0.00
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to…
- risk 0.00cvss 7.8epss 0.00
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read…
- risk 0.60cvss 8.6epss 0.10
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
- risk 0.53cvss 8.2epss 0.02
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is…
- risk 0.57cvss 8.8epss 0.00
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with…
- risk 0.49cvss 7.5epss 0.01
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid.…
- risk 0.57cvss 8.8epss 0.01
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior…
- risk 0.51cvss 7.8epss 0.00
Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953,…
- risk 0.51cvss 7.8epss 0.00
A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…
- risk 0.51cvss 7.8epss 0.00
Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150,…
- risk 0.51cvss 7.8epss 0.00
Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917,…
- risk 0.51cvss 7.8epss 0.00
Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W,…
- risk 0.51cvss 7.8epss 0.00
Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150
- risk 0.51cvss 7.8epss 0.00
Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial…
- risk 0.51cvss 7.8epss 0.00
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55,…
- risk 0.51cvss 7.8epss 0.00
Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…
- risk 0.51cvss 7.8epss 0.00
While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…
- risk 0.51cvss 7.8epss 0.00
kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996,…
- risk 0.47cvss 7.2epss 0.02
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
- risk 0.57cvss 8.8epss 0.03
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.
- risk 0.57cvss 8.8epss 0.01
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup…
- risk 0.49cvss 7.5epss 0.01
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
- risk 0.48cvss 7.4epss 0.01
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
- risk 0.52cvss 8.0epss 0.01
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
- risk 0.49cvss 7.5epss 0.01
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
- risk 0.49cvss 7.5epss 0.01
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
- risk 0.49cvss 7.5epss 0.01
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
- risk 0.56cvss 8.1epss 0.03
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the…
- risk 0.50cvss 8.8epss 0.01
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
- risk 0.39cvss 7.1epss 0.00
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
- risk 0.49cvss 7.5epss 0.02
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
- risk 0.50cvss 8.8epss 0.00
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
- risk 0.53cvss 8.1epss 0.01
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.