‼ CVE-2020-26409 ‼
📖 Read
via "National Vulnerability Database".
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7539 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28214 ‼
📖 Read
via "National Vulnerability Database".
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26415 ‼
📖 Read
via "National Vulnerability Database".
Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13357 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35127 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27786 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35126 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy."📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27828 ‼
📖 Read
via "National Vulnerability Database".
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24447 ‼
📖 Read
via "National Vulnerability Database".
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7536 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7542 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13530 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7543 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7541 ‼
📖 Read
via "National Vulnerability Database".
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26416 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25838 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7537 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28220 ‼
📖 Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7535 ‼
📖 Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26409 ‼
📖 Read
via "National Vulnerability Database".
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.📖 Read
via "National Vulnerability Database".