Export limit exceeded: 342293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13464 | 1 Cksic | 2 Cks32f103, Cks32f103 Firmware | 2024-11-21 | 4.2 Medium |
| The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module. | ||||
| CVE-2020-13445 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 8.8 High |
| In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. | ||||
| CVE-2020-13425 | 1 Thetrackr | 2 Trackr, Trackr Firmware | 2024-11-21 | 7.1 High |
| TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. | ||||
| CVE-2020-13422 | 1 Openiam | 1 Openiam | 2024-11-21 | 8.1 High |
| OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. | ||||
| CVE-2020-13335 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | ||||
| CVE-2020-13334 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.9 Medium |
| In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | ||||
| CVE-2020-13322 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.2 High |
| A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. | ||||
| CVE-2020-13319 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. | ||||
| CVE-2020-13313 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. | ||||
| CVE-2020-13300 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8 High |
| GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | ||||
| CVE-2020-13296 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens | ||||
| CVE-2020-13284 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token | ||||
| CVE-2020-13277 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.3 Medium |
| An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | ||||
| CVE-2020-13276 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.4 High |
| User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | ||||
| CVE-2020-13270 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | ||||
| CVE-2020-13266 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | ||||
| CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | ||||
| CVE-2020-13154 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | ||||
| CVE-2020-13144 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 8.8 High |
| Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | ||||
| CVE-2020-12876 | 2 Microsoft, Veritas | 2 Windows, Aptare | 2024-11-21 | 7.5 High |
| Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | ||||